-
-
Save markpundsack/4506402 to your computer and use it in GitHub Desktop.
## The quick-and-nasty CVE-2013-0156 Heroku inspector! | |
## Originally brought to you by @elliottkember with changes by @markpundsack @ Heroku | |
## Download and run using: | |
## ruby heroku-CVE-2013-0156.rb | |
`heroku list`.split("\n").each do |app| | |
app = app.strip | |
# Some "heroku apps" lines have === formatting for grouping. They're not apps. | |
next if app[0..2] == "===" | |
# Some are appended by owner emails | |
app = app.split(" ")[0].to_s.strip | |
# Blank lines can be ommitted. | |
next if app == "" | |
rails_path = `heroku run bundle show rails --app #{app}`.split("\n")[-1] | |
rails_version_number = rails_path.split("rails-")[1] | |
rails_version_number = rails_version_number.strip unless rails_version_number.nil? | |
unless ["3.2.11", "3.1.10", "3.0.19", "2.3.15"].include?(rails_version_number) or rails_version_number.nil? | |
puts "Uh oh! #{app} has #{rails_version_number}." | |
else | |
puts "..." | |
end | |
end |
ty for making it easier
Lovely!
Thanks 🆒
+1 thanks
If you are lazy, ahem, then try from your command-line to run
curl https://gist.github.com/raw/4506402/aa4af289faf37f3403933f3ff24b203c0eb04838/heroku-CVE-2013-0156.rb | ruby
Nice tip @wwvuillemot!
I also turned this into a proper Heroku repo: https://github.com/heroku/heroku-CVE-2013-0156
👍 god's work, etc
+1, @wwvuillemot!
Thanks!
Well done, thanks.
thanks!
👍
+1, @wwvuillemot!
+1 thanks
+1 for the 'laziness', @wwvuillemot
Windows version forked to https://gist.github.com/4512454
P.S. includes curl equivalent inspired by @wwvuillemot
Thanks @aghilmort!
Thank you!
+1 Thanks!
It would be nice if it also told you what version to use instead
otherwise +1
+1 Dig it!
Thank you!
+1, @wwvuillemot!
Great stuff! I was hoping to find a similar script for the recent Psych YAML issue on Heroku, but I couldn't. So, I created a simple YAML vulnerability checker: https://gist.github.com/smholloway/11001788. If there's a better version, please let me know.
❤️