Skip to content

Instantly share code, notes, and snippets.

@pvalena

pvalena/TEST ruby PR#90 Bundler 2.2.20 - geminabox.log Secret

Last active July 7, 2021 16:12
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save pvalena/cca305f10c8ccbf4fd5050711a1abdbf to your computer and use it in GitHub Desktop.
Save pvalena/cca305f10c8ccbf4fd5050711a1abdbf to your computer and use it in GitHub Desktop.
Download ZIP
Raw
TEST ruby PR#90 Bundler 2.2.20 - geminabox.log
+ ./runtest.sh all
geminabox
removed 'gems/a_okay-malicious/a_okay-0.1.0.gem'
removed 'gems/a_okay/a_okay-0.0.1.gem'
removed 'gems/bar-malicious/bar-0.1.0.gem'
removed 'gems/bar/bar-0.0.1.gem'
removed 'gems/foo/foo-0.0.1.gem'
removed 'server-private.log'
removed 'server-public.log'
* Building gems/foo/foo-0.0.1.gem ...
Successfully built RubyGem
Name: foo
Version: 0.0.1
File: foo-0.0.1.gem
* Building gems/bar/bar-0.0.1.gem ...
WARNING: open-ended dependency on a_okay (>= 0.0.1) is not recommended
if a_okay is semantically versioned, use:
add_runtime_dependency 'a_okay', '~> 0.0', '>= 0.0.1'
WARNING: See https://guides.rubygems.org/specification-reference/ for help
Successfully built RubyGem
Name: bar
Version: 0.0.1
File: bar-0.0.1.gem
* Building gems/a_okay/a_okay-0.0.1.gem ...
Successfully built RubyGem
Name: a_okay
Version: 0.0.1
File: a_okay-0.0.1.gem
* Building gems/a_okay-malicious/a_okay-0.1.0.gem ...
Successfully built RubyGem
Name: a_okay
Version: 0.1.0
File: a_okay-0.1.0.gem
* Building gems/bar-malicious/bar-0.1.0.gem ...
WARNING: open-ended dependency on a_okay (>= 0.0.1) is not recommended
if a_okay is semantically versioned, use:
add_runtime_dependency 'a_okay', '~> 0.0', '>= 0.0.1'
WARNING: See https://guides.rubygems.org/specification-reference/ for help
Successfully built RubyGem
Name: bar
Version: 0.1.0
File: bar-0.1.0.gem
* Installing gems to repositories...
Successfully installed foo-0.0.1
Parsing documentation for foo-0.0.1
Installing ri documentation for foo-0.0.1
Done installing documentation for foo after 0 seconds
1 gem installed
Successfully installed a_okay-0.1.0
Parsing documentation for a_okay-0.1.0
Installing ri documentation for a_okay-0.1.0
Done installing documentation for a_okay after 0 seconds
1 gem installed
Successfully installed bar-0.1.0
Parsing documentation for bar-0.1.0
Installing ri documentation for bar-0.1.0
Done installing documentation for bar after 0 seconds
1 gem installed
Successfully installed a_okay-0.0.1
Parsing documentation for a_okay-0.0.1
Installing ri documentation for a_okay-0.0.1
Done installing documentation for a_okay after 0 seconds
1 gem installed
Successfully installed bar-0.0.1
Parsing documentation for bar-0.0.1
Installing ri documentation for bar-0.0.1
Done installing documentation for bar after 0 seconds
1 gem installed
Fetching ruby2_keywords-0.0.4.gem
Fetching rack-2.2.3.gem
Fetching mustermann-1.1.1.gem
Fetching tilt-2.0.10.gem
Fetching sinatra-2.1.0.gem
Fetching builder-3.2.4.gem
Fetching rack-protection-2.1.0.gem
Fetching httpclient-2.8.3.gem
Fetching nesty-1.0.2.gem
Fetching faraday-em_http-1.0.0.gem
Fetching faraday-em_synchrony-1.0.0.gem
Fetching faraday-excon-1.1.0.gem
Fetching faraday-httpclient-1.0.1.gem
Fetching faraday-net_http-1.0.1.gem
Fetching faraday-net_http_persistent-1.1.0.gem
Fetching faraday-patron-1.0.0.gem
Fetching geminabox-1.4.1.gem
Fetching multipart-post-2.1.1.gem
Fetching faraday-1.5.0.gem
Fetching reentrant_flock-0.1.1.gem
Successfully installed rack-2.2.3
Successfully installed tilt-2.0.10
Successfully installed rack-protection-2.1.0
Successfully installed ruby2_keywords-0.0.4
Successfully installed mustermann-1.1.1
Successfully installed sinatra-2.1.0
Successfully installed builder-3.2.4
Successfully installed httpclient-2.8.3
Successfully installed nesty-1.0.2
Successfully installed faraday-em_http-1.0.0
Successfully installed faraday-em_synchrony-1.0.0
Successfully installed faraday-excon-1.1.0
Successfully installed faraday-httpclient-1.0.1
Successfully installed faraday-net_http-1.0.1
Successfully installed faraday-net_http_persistent-1.1.0
Successfully installed faraday-patron-1.0.0
Successfully installed multipart-post-2.1.1
Successfully installed faraday-1.5.0
Successfully installed reentrant_flock-0.1.1
Successfully installed geminabox-1.4.1
Parsing documentation for rack-2.2.3
Installing ri documentation for rack-2.2.3
Parsing documentation for tilt-2.0.10
Installing ri documentation for tilt-2.0.10
Parsing documentation for rack-protection-2.1.0
Installing ri documentation for rack-protection-2.1.0
Parsing documentation for ruby2_keywords-0.0.4
Installing ri documentation for ruby2_keywords-0.0.4
Parsing documentation for mustermann-1.1.1
Installing ri documentation for mustermann-1.1.1
Parsing documentation for sinatra-2.1.0
Installing ri documentation for sinatra-2.1.0
Parsing documentation for builder-3.2.4
Installing ri documentation for builder-3.2.4
Parsing documentation for httpclient-2.8.3
Installing ri documentation for httpclient-2.8.3
Parsing documentation for nesty-1.0.2
Installing ri documentation for nesty-1.0.2
Parsing documentation for faraday-em_http-1.0.0
Installing ri documentation for faraday-em_http-1.0.0
Parsing documentation for faraday-em_synchrony-1.0.0
Installing ri documentation for faraday-em_synchrony-1.0.0
Parsing documentation for faraday-excon-1.1.0
Installing ri documentation for faraday-excon-1.1.0
Parsing documentation for faraday-httpclient-1.0.1
Installing ri documentation for faraday-httpclient-1.0.1
Parsing documentation for faraday-net_http-1.0.1
Installing ri documentation for faraday-net_http-1.0.1
Parsing documentation for faraday-net_http_persistent-1.1.0
Installing ri documentation for faraday-net_http_persistent-1.1.0
Parsing documentation for faraday-patron-1.0.0
Installing ri documentation for faraday-patron-1.0.0
Parsing documentation for multipart-post-2.1.1
Installing ri documentation for multipart-post-2.1.1
Parsing documentation for faraday-1.5.0
Installing ri documentation for faraday-1.5.0
Parsing documentation for reentrant_flock-0.1.1
Installing ri documentation for reentrant_flock-0.1.1
Parsing documentation for geminabox-1.4.1
Installing ri documentation for geminabox-1.4.1
Done installing documentation for rack, tilt, rack-protection, ruby2_keywords, mustermann, sinatra, builder, httpclient, nesty, faraday-em_http, faraday-em_synchrony, faraday-excon, faraday-httpclient, faraday-net_http, faraday-net_http_persistent, faraday-patron, multipart-post, faraday, reentrant_flock, geminabox after 262 seconds
20 gems installed
~/cve-2020-36327/repos/public ~/cve-2020-36327
Pushing a_okay-0.1.0.gem to http://127.0.0.1:8801/...
Generating Marshal quick index gemspecs for 1 gems
.
Complete
Generated Marshal quick index gemspecs: 0.001s
Generating specs index
Generated specs index: 0.000s
Generating latest specs index
Generated latest specs index: 0.000s
Generating prerelease specs index
Generated prerelease specs index: 0.000s
Compressing indices
Compressed indices: 0.000s
Gem a_okay-0.1.0.gem received and indexed.
Pushing bar-0.1.0.gem to http://127.0.0.1:8801/...
Generating Marshal quick index gemspecs for 1 gems
.
Complete
Generated Marshal quick index gemspecs: 0.000s
Updated indexes: 0.000s
Compressing indices
Compressed indices: 0.000s
Gem bar-0.1.0.gem received and indexed.
Pushing foo-0.0.1.gem to http://127.0.0.1:8801/...
Generating Marshal quick index gemspecs for 2 gems
..
Complete
Generated Marshal quick index gemspecs: 0.001s
Updated indexes: 0.001s
Compressing indices
Compressed indices: 0.000s
Gem foo-0.0.1.gem received and indexed.
~/cve-2020-36327
~/cve-2020-36327/repos/private ~/cve-2020-36327
Pushing a_okay-0.0.1.gem to http://127.0.0.1:8802/...
Generating Marshal quick index gemspecs for 1 gems
.
Complete
Generated Marshal quick index gemspecs: 0.000s
Generating specs index
Generated specs index: 0.000s
Generating latest specs index
Generated latest specs index: 0.000s
Generating prerelease specs index
Generated prerelease specs index: 0.000s
Compressing indices
Compressed indices: 0.000s
Gem a_okay-0.0.1.gem received and indexed.
Pushing bar-0.0.1.gem to http://127.0.0.1:8802/...
Generating Marshal quick index gemspecs for 1 gems
.
Complete
Generated Marshal quick index gemspecs: 0.001s
Updated indexes: 0.000s
Compressing indices
Compressed indices: 0.000s
Gem bar-0.0.1.gem received and indexed.
~/cve-2020-36327
PID TTY STAT TIME COMMAND
389 pts/0 Sl+ 0:00 /usr/bin/ruby-mri /builddir/bin/rackup -o 127.0.0.1 -p 8801
396 pts/0 Sl+ 0:00 /usr/bin/ruby-mri /builddir/bin/rackup -o 127.0.0.1 -p 8802
* Reproducer: reproducer1.Gemfile
Fetching gem metadata from http://127.0.0.1:8802/...
Fetching gem metadata from http://127.0.0.1:8801/..
Resolving dependencies...
Using bundler 2.2.20
Fetching a_okay 0.0.1
Fetching foo 0.0.1
Installing a_okay 0.0.1
Installing foo 0.0.1
Fetching bar 0.0.1
Installing bar 0.0.1
Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./tmp`
Installed version of bar:
* bar (0.0.1)
Installed version of a_okay:
* a_okay (0.0.1)
PASS - safe a_okay version installed
* Reproducer: reproducer2.Gemfile
Fetching gem metadata from http://127.0.0.1:8802/...
Fetching gem metadata from http://127.0.0.1:8801/..
Resolving dependencies...
Using bundler 2.2.20
Fetching a_okay 0.0.1
Fetching foo 0.0.1
Installing a_okay 0.0.1
Installing foo 0.0.1
Fetching bar 0.0.1
Installing bar 0.0.1
Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./tmp`
Installed version of bar:
* bar (0.0.1)
Installed version of a_okay:
* a_okay (0.0.1)
PASS - safe a_okay version installed
* Reproducer: reproducer3.Gemfile
Fetching gem metadata from http://127.0.0.1:8802/...
Fetching gem metadata from http://127.0.0.1:8801/..
Resolving dependencies...
Fetching a_okay 0.0.1
Using bundler 2.2.20
Fetching foo 0.0.1
Installing a_okay 0.0.1
Installing foo 0.0.1
Fetching bar 0.0.1
Installing bar 0.0.1
Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./tmp`
Installed version of bar:
* bar (0.0.1)
Installed version of a_okay:
* a_okay (0.0.1)
PASS - safe a_okay version installed
* Reproducer: reproducer4.Gemfile
Fetching gem metadata from http://127.0.0.1:8802/...
Fetching gem metadata from http://127.0.0.1:8801/..
Resolving dependencies...
Using bundler 2.2.20
Fetching a_okay 0.0.1
Fetching foo 0.0.1
Installing foo 0.0.1
Installing a_okay 0.0.1
Fetching bar 0.0.1
Installing bar 0.0.1
Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./tmp`
Installed version of bar:
* bar (0.0.1)
Installed version of a_okay:
* a_okay (0.0.1)
PASS - safe a_okay version installed
* Reproducer: reproducer5.Gemfile
Fetching gem metadata from http://127.0.0.1:8802/...
Resolving dependencies...
Using bundler 2.2.20
Fetching a_okay 0.0.1
Installing a_okay 0.0.1
Fetching bar 0.0.1
Installing bar 0.0.1
Bundle complete! 1 Gemfile dependency, 3 gems now installed.
Bundled gems are installed into `./tmp`
Installed version of bar:
* bar (0.0.1)
Installed version of a_okay:
* a_okay (0.0.1)
PASS - safe a_okay version installed
* Workaround: workaround1.Gemfile
Fetching gem metadata from http://127.0.0.1:8802/..
Fetching gem metadata from http://127.0.0.1:8801/..
Resolving dependencies...
Using bundler 2.2.20
Fetching a_okay 0.0.1
Fetching foo 0.0.1
Installing a_okay 0.0.1
Installing foo 0.0.1
Fetching bar 0.0.1
Installing bar 0.0.1
Bundle complete! 3 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./tmp`
Installed version of bar:
* bar (0.0.1)
Installed version of a_okay:
* a_okay (0.0.1)
PASS - safe a_okay version installed
* Workaround: workaround2.Gemfile
Fetching gem metadata from http://127.0.0.1:8802/..
Fetching gem metadata from http://127.0.0.1:8801/..
Resolving dependencies...
Using bundler 2.2.20
Fetching a_okay 0.0.1
Fetching foo 0.0.1
Installing a_okay 0.0.1
Installing foo 0.0.1
Fetching bar 0.0.1
Installing bar 0.0.1
Bundle complete! 3 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./tmp`
Installed version of bar:
* bar (0.0.1)
Installed version of a_okay:
* a_okay (0.0.1)
PASS - safe a_okay version installed
* Workaround: workaround3.Gemfile
Fetching gem metadata from http://127.0.0.1:8802/..
Resolving dependencies...
Using bundler 2.2.20
Fetching a_okay 0.0.1
Installing a_okay 0.0.1
Fetching bar 0.0.1
Installing bar 0.0.1
Bundle complete! 2 Gemfile dependencies, 3 gems now installed.
Bundled gems are installed into `./tmp`
Installed version of bar:
* bar (0.0.1)
Installed version of a_okay:
* a_okay (0.0.1)
PASS - safe a_okay version installed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment