
Research
/Security News
60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign
A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.
= rails-caddy
A developer's QA "caddy" that aids in QA'ing, debugging, and otherwise navigating your application during development and/or QA.
== Rails Compatibility
Tests cover rails 2.1.2, 2.2.2, and 2.3.2 specifically. Previous releases on each minor version have not been explicitly tested, but I suspect they should all function equally well.
== Usage
RULE #1: DO NOT DEPLOY THIS TO PRODUCTION. I WILL HAVE NO EMPATHY WHATSOEVER IF YOU DO NOT HEED MY WARNING. THIS IS A VERY DANGEROUS GEM THAT WILL DEFINITELY SCREW YOU OVER IF YOU DEPLOY IT TO PRODUCTION.
This process is not currently scripted, but following these steps will get you off and running.
edit application.rb
if Object.const_defined?(:RailsCaddy) helper RailsCaddyHelper around_filter :handle_sanitize_email around_filter :handle_timecop_offset, :except => [:timecop_update, :timecop_reset] end
edit config/environments/development.rb -- DO NOT MAKE THIS AVAILABLE TO PRODUCTION!!!
config.gem "rails-caddy"
config.after_initialize do require 'rails-caddy' require_dependency 'application_controller' # 'application' if pre rails 2.3 RailsCaddy.init!
ActionMailer::Base.sanitized_recipients = "nobody@smartlogicsolutions.com"
end
add just before you close your body tag in your layout (it's actually unimportant where you place it, as long as it's in the body):
<%= rails_caddy if Object.const_defined?(:RailsCaddy) %>
add to the top of config/routes.rb
RailsCaddy.define_routes!(map) if Object.const_defined?(:RailsCaddy)
== Dependencies
rails-caddy is dependent on the {sanitize_email gem}[http://github.com/jtrupiano/sanitize_email/tree/master]. Unfortunately, for the time being you'll need to build and install that locally. Why? Because the dependency is on +sanitize_email+ and NOT jtrupiano-sanitize_email, the latter of which can be installed remotely. Hopefully this will change soon (that's your cue to fork and fix).
== Building/Testing
In order to run the tests, you'll want to build the gem. Why? Because rake test:rails_compatibility tests all supported versions of rails (see Rails Compatibility, above). It does this by creating mini-Rails apps for each version and config-gem'ing rails-caddy (config.gem 'rails-caddy'). If you don't build the gem and try to run the tests, you'll get an error telling you to run rake gems:install
.
The easiest way to build the gem is to install {technicalpickle's}[http://technicalpickles.com/] {jeweler gem}[http://github.com/technicalpickles/jeweler/tree/master]: sudo gem install jeweler.
After jeweler is installed, you can build and install with some handy rake tasks:
rake build
rake install
n.b. rake install uses +sudo+
(Problems? See Dependencies, above.)
Now you can run your tests:
rake test:all # Run all test suites.
rake test:rails_compatibility # Test all supported versions of rails.
== Copyright
Copyright (c) 2009 John Trupiano. See LICENSE for details.
FAQs
Unknown package
We found that rails-caddy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.
Security News
The CNA Scorecard ranks CVE issuers by data completeness, revealing major gaps in patch info and software identifiers across thousands of vulnerabilities.
Research
/Security News
Two npm packages masquerading as WhatsApp developer libraries include a kill switch that deletes all files if the phone number isn’t whitelisted.