RubyGems.org gem replacement vulnerability and mitigation - RubyGems Blog
Summary RubyGems.org contained a bug that could allow an attacker to replace some .gem files on our servers with a different file that they supplied. We deployed a partial fix on April 2nd and a complete fix on April 4th, 2016. We also verified every .gem uploaded after Feb 8th, 2015, and found that none of them had been replaced. Gems whose name contains a dash (e.g. ‘blank-blank’) uploaded befor
Rubicure - プリã‚ュアを愛ã™ã‚‹æ–¹å‘ã‘ã®Rubyライブラリ MOONGIFT
ç§ã«ã‚‚娘ãŒã„ã¦ã€å¹¼ç¨šåœ’ãらã„ã®é ƒã«ã¯ãƒ—リã‚ュアã«å¤¢ä¸ã«ãªã£ã¦ã„ãŸæ™‚代ãŒã‚ã‚Šã¾ã—ãŸã€‚ãŸã¶ã‚“å°ã•ã„女ã®åã¯ã¿ã‚“ãªä¸€åº¦ã¯ãƒãƒžã‚‹æ™‚期ãŒã‚ã‚‹ã®ã§ã¯ãªã„ã‹ã¨æ€ã„ã¾ã™ã€‚ ãれを一緒ã«è¦‹ã¦ã„ãŸï¼ˆã¾ãŸã¯å˜ç‹¬ã§ã‚‚å¯ï¼‰ãƒ—ãƒã‚°ãƒ©ãƒžãƒ¼ã¯ãŠçˆ¶ã•ã‚“ãŒè…•ã«ã‚‚ã®ã‚’言ã‚ã›ã‚‹ã¨Rubicureã¨ã„ã†ã®ãŒå‡ºæ¥ä¸ŠãŒã‚‹è¨³ã§ã™ã€‚ Rubicureã¯Rubyã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¯2.0以é™ãŒè¦æ±‚ã•ã‚Œã¾ã™ã€‚インストールã¯RubyGemsã§ã§ãã¾ã™ã®ã§ã•ã£ãã試ã—ã¦ã¿ã¾ã—ょã†ã€‚ $ gem install rubicure 完了ã—ãŸã‚‰ãŠã‚‚ã‚€ã‚ã«irbを実行ã—ã¾ã™ã€‚ require "rubicure" ãã—ã¦å®Ÿè¡Œã—ã¾ã™ã€‚ Precure.title #=> "ãµãŸã‚Šã¯ãƒ—リã‚ュア" ã†ãƒ¼ã‚“熱ã„。 実行çµæžœã€‚ãƒãƒƒã‚·ãƒ¥ã§å—ã‘å–ã‚Œã¾ã™ã€‚ Precure.max_heart.title #=> "ãµãŸã‚Šã¯ãƒ—リã‚ュア Max Heart" ã†ãƒ¼ã‚“実ã«ç†±ã„。作者
bundlerを使ã£ã¦rubygem「Tupperã€ã‚’作る
仕事ã§formã«ã‚ˆã‚‹ãƒ•ã‚¡ã‚¤ãƒ«ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ€ã‚’作ã£ã¦ã„ãŸã€‚ã“ã‚Œã¯ãƒ˜ãƒ«ãƒ‘ーライブラリã¨ã—ã¦åˆ‡ã‚Šå‡ºã™ã¨ä»–ã®ã¨ã“ã‚ã§ã‚‚使ã„回ã›ã‚‹ãªãƒ¼ã¨ã‹æ€ã£ã¦ã„ãŸã‚‰ã€ã€Œç¤¾å†…ライブラリを OSS 化ã™ã¹ãã ã€ã¨ã„ã†è¨˜äº‹ã®ã“ã¨ã‚’æ€ã„出ã—ãŸã€‚ 一方ã€QA@ITã§ã€Œä»Šæ™‚rubygems作るんãªã‚‰Bundlerã よãーã€ã¨ã„ã†ã”指摘をãŸãã•ã‚“ã„ãŸã ã„ãŸã“ã¨ã‚‚æ€ã„出ã—ãŸã€‚ ã¨ã„ã†ã“ã¨ã§ã€ä»•äº‹ã®ãŸã‚ã«æ›¸ã„ãŸã‘ã‚Œã©ã‚‚ビジãƒã‚¹ãƒã‚¸ãƒƒã‚¯ã¯å«ã‚“ã§ã„ãªã„ライブラリを「Tupperã€ã¨ã—ã¦åˆ‡ã‚Šå‡ºã—ã€Bundlerを使ã£ã¦rubygemsã¨ã—ã¦å…¬é–‹ã™ã‚‹ã¨ã“ã‚ã¾ã§ã®ä½œæ¥è¨˜éŒ²ã‚’æ™’ã—ã¦ã¿ã‚‹ã€‚ % bundle gem tupper create tupper/Gemfile create tupper/Rakefile create tupper/LICENSE create tupper/README.md create tupper/.giti
T-POINTã‚’å–å¾—ã™ã‚‹ã‚¹ã‚¯ãƒªãƒ—トをGistã‹ã‚‰ç§»å‹•, Bundlerを使ã£ãŸGem作æˆãƒ¡ãƒ¢ (自分用) - ãŸã ã®ã«ã£ã(2012-02-18)
â– T-POINTã‚’å–å¾—ã™ã‚‹ã‚¹ã‚¯ãƒªãƒ—トをGistã‹ã‚‰ç§»å‹• ã‹ã‚Œã“ã‚Œ2å¹´ã‚‚å‰ã«æ›¸ã„ãŸT-POINTã‚’å–å¾—ã™ã‚‹ã‚¹ã‚¯ãƒªãƒ—トã€ã•ãらã®ãƒ¬ãƒ³ã‚¿ãƒ«ã‚µãƒ¼ãƒä¸Šã®cronã§æ¯Žæœå‹•ã‹ã—ã¦ã„ã¦ã€èª¿åã®ã„ã„ã¨ãã¯ã¡ã‚ƒã‚“ã¨Kayac経由ã§æ¯ŽæœGmailã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒé£›ã‚“ãã¦ã‚‹ã‚“ã ã‘ã©ã€ãªã‘ã‚Œã°ãªã„ã§å›°ã‚‰ãªã„ã“ã¨ã‚‚ã‚ã‚Šã€ä½•ã‹ãƒˆãƒ©ãƒ–ルãŒã‚ã£ã¦å±Šã‹ãªããªã£ã¦ã‚‚æ°—ã¥ã‹ãªã„ã‚“ã ãªã€ã“ã‚ŒãŒã€‚今日もã€poppenã•ã‚“ãŒãƒ‘ッãƒã‚’é€ã£ã¦ãã‚Œã¦ã¯ã˜ã‚ã¦ã€Œãã†ã„ãˆã°æœ€è¿‘見ãªã‹ã£ãŸãªãã€ã¨æ°—ãŒã¤ãã—ã¾ã¤ã€‚ ã§ã€ã¡ã‚ƒã‚“ã¨ç¶™ç¶šçš„ã«ä½¿ã£ã¦ãã‚Œã¦ãƒ¡ãƒ³ãƒ†ã‚‚ã§ãる人ãŒã„ã‚‹ãªã‚‰ã„ã£ã—ょã«ã‚„ã‚Šã‚„ã™ãã™ã‚Œã°ã‚ˆã‹ã‚ã†ã€‚スクレイピングã®ã‚¹ã‚¯ãƒªãƒ—トã¯ç¶™ç¶šçš„ã«ãƒ¡ãƒ³ãƒ†ã§ããªã„ã¨ã™ãã«é™³è…化ã™ã‚‹ã‹ã‚‰ãªã€‚ã¨ã„ã†ã“ã¨ã§ã€ä»–ã®ãƒã‚¤ãƒ³ãƒˆã‚µãƒ¼ãƒ“スã®ãƒ‡ãƒ¼ã‚¿ã‚‚åˆã‚ã›ã¦ã‚¹ã‚¯ãƒ¬ã‚¤ãƒ”ングã§ãるよã†ã«å…ƒã®Gistã‹ã‚‰points-scraperリãƒã‚¸ãƒˆãƒªã«ç§»å‹•ã€ã¤ã„ã§ã«Gem化ã—ãŸ: %
1
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
{{#tags}}- {{label}}
{{/tags}}