Skip to content

Instantly share code, notes, and snippets.

View malavbhavsar's full-sized avatar

Malav Bhavsar malavbhavsar

24 followers · 53 following
View GitHub Profile
@JosephPecoraro
JosephPecoraro / shell-execution.rb
Last active September 10, 2023 10:12
Shell Execution in Ruby
# Ways to execute a shell script in Ruby
# Example Script - Joseph Pecoraro
cmd = "echo 'hi'" # Sample string that can be used
# 1. Kernel#` - commonly called backticks - `cmd`
# This is like many other languages, including bash, PHP, and Perl
# Synchronous (blocking)
# Returns the output of the shell command
# Docs: http://ruby-doc.org/core/classes/Kernel.html#M001111
@fnichol
fnichol / README.md
Created March 12, 2011 20:52
Download a cacert.pem for RailsInstaller

Why?

There is a long standing issue in Ruby where the net/http library by default does not check the validity of an SSL certificate during a TLS handshake. Rather than deal with the underlying problem (a missing certificate authority, a self-signed certificate, etc.) one tends to see bad hacks everywhere. This can lead to problems down the road.

From what I can see the OpenSSL library that Rails Installer delivers has no certificate authorities defined. So, let's go fetch some from the curl website. And since this is for ruby, why don't we download and install the file with a ruby script?

Installation

The Ruby Way! (Fun)

@drogus
drogus / Gemfile
Created April 2, 2012 23:18
Webmachine + ActionView
source "http://rubygems.org"
gem "webmachine"
gem "actionpack"
gem "thin"
gem "datamapper"
gem "dm-migrations"
gem "dm-sqlite-adapter"
gem "debugger"
@clayzermk1
clayzermk1 / README.md
Created August 10, 2012 19:54
jQuery / Twitter Bootstrap List Tree Plugin

jQuery / Twitter Bootstrap List Tree Plugin

Demo: http://jsfiddle.net/clayzermk1/QD8Hs/

Overview

I needed a simple plugin to build a two-tier collapsible list with checkboxes. I wanted it to fit well with Twitter's Bootstrap. I couldn't find one that was simple enough. I hope you enjoy =) Feel free to send feedback.

@postmodern
postmodern / rails_rce.rb
Last active July 17, 2023 11:54
Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
#!/usr/bin/env ruby
#
# Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
#
# ## Advisory
#
# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
#
# ## Caveats
#
@markpundsack
markpundsack / heroku-CVE-2013-0156.rb
Last active November 27, 2023 15:44 — forked from elliottkember/heroku-CVE-2013-0156.rb
Forked from https://gist.github.com/4489689 by elliottkember. CVE-2013-0156 is a nasty vulnerability in many versions of Rails. This script checks all your Heroku apps for this vulnerability in one quick (slow) move. More info: https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
## The quick-and-nasty CVE-2013-0156 Heroku inspector!
## Originally brought to you by @elliottkember with changes by @markpundsack @ Heroku
## Download and run using:
## ruby heroku-CVE-2013-0156.rb
`heroku list`.split("\n").each do |app|
app = app.strip
# Some "heroku apps" lines have === formatting for grouping. They're not apps.
next if app[0..2] == "==="