Hiroshi Nakamura nahi
nahi
/ private.rb
Created
September 26, 2015 03:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Foo | |
| ... | |
| private | |
| ... | |
| end |
nahi
/ jsonclient.rb
Created
October 17, 2014 11:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'httpclient' | |
| require 'json' | |
| module HTTP | |
| class Message | |
| # Returns JSON object of message body | |
| alias original_content content | |
| def content | |
| if JSONClient::CONTENT_TYPE_JSON_REGEX =~ content_type | |
| JSON.parse(original_content) |
nahi
/ gist:d5373bb96c5e21c83950
Last active
August 29, 2015 14:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'httpclient' | |
| # Obtain Personal access token from https://github.com/settings/applications | |
| personal_access_token = '' | |
| h = HTTPClient.new | |
| h.set_auth(nil, personal_access_token, 'x-oauth-basic') | |
| puts h.get_content('https://api.github.com/user/repos?type=private') |
nahi
/ gist:f27f4c3823845ef66e8b
Last active
August 29, 2015 14:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| % mkdir build | |
| % cd build | |
| ~/git/ruby/build | |
| % ../configure --without-tk --disable-install-doc | |
| Downloading config.guess... | |
| Downloading config.sub... | |
| checking build system type... x86_64-unknown-linux-gnu | |
| checking host system type... x86_64-unknown-linux-gnu | |
| checking target system type... x86_64-unknown-linux-gnu | |
| checking for gcc... gcc |
nahi
/ 0001-Fix-SSL-client-connection-crash-for-SAN-marked-criti.patch
Created
July 5, 2013 14:34
Fix SSL client connection crash for SAN marked critical The patch for CVE-2013-4073 (https://gist.github.com/nahi/5880963) caused SSL crash when a SSL server returns the certificate that has critical SAN value. X509 extension could include 2 or 3 elements in it; [id, criticality, octet_string] if critical,
[id, octet_string] if not. Making sure …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 61c3537bd9f8e37b01a8e45644c489fd8696c94b Mon Sep 17 00:00:00 2001 | |
| From: Hiroshi Nakamura <[email protected]> | |
| Date: Fri, 5 Jul 2013 23:22:29 +0900 | |
| Subject: [PATCH] Fix SSL client connection crash for SAN marked critical | |
| The patch for CVE-2013-4073 caused SSL crash when a SSL server returns | |
| the certificate that has critical SAN value. X509 extension could | |
| include 2 or 3 elements in it; | |
| [id, criticality, octet_string] if critical, |
nahi
/ null_bytes_in_san_cert.pem
Created
June 28, 2013 00:21
% ruby -ropenssl -e 'p OpenSSL::X509::Certificate.new(File.read("foo.pem")).extensions.first.to_der'
"0$\x06\x03U\x1D\x11\x04\x1D0\e\x82\x19www.example.com\x00.evil.com"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -----BEGIN CERTIFICATE----- | |
| MIIBmjCCAUSgAwIBAgICBNIwDQYJKoZIhvcNAQEFBQAwQDEUMBIGCgmSJomT8ixk | |
| ARkWBHNvbWUxFDASBgoJkiaJk/IsZAEZFgRzaXRlMRIwEAYDVQQDDAlTb21lIFNp | |
| dGUwHhcNMTMwNTI0MDA1MzUwWhcNMTMwNTI0MDA1MzUwWjBAMRQwEgYKCZImiZPy | |
| LGQBGRYEc29tZTEUMBIGCgmSJomT8ixkARkWBHNpdGUxEjAQBgNVBAMMCVNvbWUg | |
| U2l0ZTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCnY4jdC2xJja4+LIBk49M+n4h/ | |
| eJqZ4w1x2WGZIABIhA9rO9yZBGqyUgEHwGk4dzPv5vp1ANYDYLLTD9pltzKlAgMB | |
| AAGjKDAmMCQGA1UdEQQdMBuCGXd3dy5leGFtcGxlLmNvbQAuZXZpbC5jb20wDQYJ | |
| KoZIhvcNAQEFBQADQQCBLd3QLJv96/5kjrSnL0n6VRhyHrFudPCNsfG1/BUOCaCk | |
| kDlGeAyQDBqPk+SSOSlh1WlBZyiX+nmAgXdhuyge |
nahi
/ 0001-Hostname-check-bypassing-vulnerability-in-SSL-client.patch
Last active
December 19, 2015 02:09
Hostname check bypassing vulnerability in SSL client (CVE-2013-4073) patches.
0001-Hostname-check-bypassing-vulnerability-in-SSL-client.patch is for 2.0.
0001-Hostname-check-bypassing-vulnerability-in-SSL-client.ruby_1_9_3.patch is for 1.9.3. *UPDATE* The patches could cause SSL crash bug. Please apply https://gist.github.com/nahi/5934959, too.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From ddaf5b57bdc051ccc1161ec5273a59d30fc2fb72 Mon Sep 17 00:00:00 2001 | |
| From: Hiroshi Nakamura <[email protected]> | |
| Date: Wed, 5 Jun 2013 23:14:16 +0900 | |
| Subject: [PATCH] Hostname check bypassing vulnerability in SSL client | |
| (CVE-2013-4073) | |
| Ruby's SSL client implements hostname identity check but the OpenSSL | |
| function it depends cannot properly handle hostnames in subjectAltName | |
| that contain null bytes. The fix parses DER encoded bytes of | |
| subjectAltName to extract GeneralName of dNSName and check it against |
nahi
/ gist:4449729
Last active
December 10, 2015 14:49
You can create auto-encoding-detection version with your favorite logic. i.e. super(rhs.force_encoding(mydetect(rhs)))
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'refinement' | |
| module StringForceEncodingConcat | |
| refine String do | |
| def +(rhs) | |
| begin | |
| super | |
| rescue Encoding::CompatibilityError | |
| super(rhs.force_encoding(self.encoding)) | |
| end |
nahi
/ protected.rb
Created
October 15, 2012 22:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Node | |
| def eval(other) | |
| other.protected_method(self) | |
| end | |
| protected | |
| def protected_method(other) | |
| other | |
| end |
nahi
/ signed_request.json
Created
October 9, 2012 02:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "context": { | |
| "user": { | |
| "fullName": "Nakamura Hiroshi", | |
| "userId": "005x0000000KzS8AAK", | |
| "userName": "XXXX", | |
| "email": "XXXX", | |
| "profilePhotoUrl": "/profilephoto/005/F", | |
| ... | |
| }, |
NewerOlder