jira_scan 0.0.4 → 0.0.5

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    YjNmYTk1OWYwM2VjNzJlZjVmZGFlZGIyNzdlYmUyOGE3Mzg0NTIxNg==
+    YzE1OTJiNTg5NzIxMzdhYjgwZGU1NzQzZDY2ZTJhOWYzNjA1NTgzZA==
   data.tar.gz: !binary |-
-    NDA1MWUyMjE2ODIwODBhMThjYjU2ZWNlY2VhMjcxY2E0YWIyODYyZQ==
+    YzBkOGJlMzkwNzlkMjU5OWJhN2RmYTIwNzA2YTNlMzQ4OTI3NGE2Ng==
 SHA512:
   metadata.gz: !binary |-
-    MjliM2EyYWE0MzFjNDllMWMyOTljMDYyOGRkYTU3ZDc2NTk2MDc0ZTg0ODJi
-    Zjg3MTAwOGU5MjkzNmEzNmZkNGZkYWY4YTNhMDE3Mzg0YzEzNjVkOGUzMjMy
-    YTI1MGQ0NDg1NzA4Y2YzNjE3ODM0MWQ2NTJiOTk1NDUzZDI1ZmU=
+    OTA2NjY0NjdiYzY0YjQzNGE0OTgzZDNkYjM4MzA0OGFhY2VkNGIzNmYzN2Y1
+    YjNmZGE2MjRhNzZhZDUzMTZmMjA3YjkwMDEyZThiYWRlYzRhOTA5MGEyMTRj
+    Y2ZkN2U0NWM0YjFlNDRhMDI5NzJmNTJiNGVhNGU3MGMxZDA4Yzc=
   data.tar.gz: !binary |-
-    NDM2MTdiY2ViMzVlYmEwZTg5MTY4NGI0NWY0M2IwZmFjMGFjYmM5MzRhZmFi
-    NmYxYTkzYWE4ODAzNDYwNzNjZTNmNGE1OGM1OGJjMzAyZDYwYWRkMzg0NWRl
-    NzVmNTQ2NmY3NTNhZWQ3ODA0MWZhNDVjN2M0YzQ2OTQ5Y2M1MDg=
+    MTQxMzE2ODI2MzAxZDA5MjA3N2QxNzkyNGNjMWI1NGE0ZWQ5Y2EwN2I2NzUy
+    ZmIxYzZmZTgyYmQ4MTcxYjNmZDY1YTQ2ZjA0ZDNmYjkwMzU0ZTRlM2FjNWJk
+    ODRjMTM0ZmVhMzg2Yjk4MDJkOTRiMzBhYmYwYmU0OGEyYjNkZWQ=

data/bin/jira-scan

@@ -17,7 +17,7 @@ def banner
   _   | | | '__/ _` |\\___ \\ / __/ _` | '_ \\ 
  | |__| | | | | (_| |____) | (_| (_| | | | |
   \\____/|_|_|  \\__,_|_____/ \\___\\__,_|_| |_|
-                               version 0.0.4"
+                               version 0.0.5"
   puts
   puts '-' * 60
 end
@@ -108,6 +108,14 @@ def scan(url, check: true, insecure: false, verbose: false)
   version = JiraScan::getVersionFromLogin(url) unless version
   puts "+ Version: #{version}" if version
 
+  # Retrieve Jira software information
+  info = JiraScan::getServerInfo(url)
+  unless info.empty?
+    puts "+ Server info:"
+    table = Terminal::Table.new :rows => info
+    puts table
+  end
+
   # Dev mode enabled
   dev_mode = JiraScan::devMode(url)
   puts '+ Dev mode is enabled' if dev_mode
@@ -161,6 +169,46 @@ def scan(url, check: true, insecure: false, verbose: false)
     puts table
   end
 
+  # Retrieve list of installed gadgets
+  gadgets = JiraScan::getGadgets(url)
+  unless gadgets.empty?
+    puts "+ Found gadgets (#{gadgets.length}):"
+    table = Terminal::Table.new :headings => ['Title', 'Author Name', 'Author Email', 'Description'], :rows => gadgets
+    puts table
+  end
+
+  # Retrieve list of resolutions
+  resolutions = JiraScan::getResolutions(url)
+  unless resolutions.empty?
+    puts "+ Found resolutions (#{resolutions.length}):"
+    table = Terminal::Table.new :headings => ['ID', 'Name', 'Description'], :rows => resolutions
+    puts table
+  end
+
+  # Retrieve list of projects
+  projects = JiraScan::getProjects(url)
+  unless projects.empty?
+    puts "+ Found projects (#{projects.length}):"
+    table = Terminal::Table.new :headings => ['ID', 'Key', 'Name'], :rows => projects
+    puts table
+  end
+
+  # Retrieve list of project categories
+  project_categories = JiraScan::getProjectCategories(url)
+  unless project_categories.empty?
+    puts "+ Found project categories (#{project_categories.length}):"
+    table = Terminal::Table.new :headings => ['ID', 'Name', 'Description'], :rows => project_categories
+    puts table
+  end
+
+  # Retrieve list of linked applications
+  apps = JiraScan::getLinkedApps(url)
+  unless apps.empty?
+    puts "+ Found linked applications (#{apps.length}):"
+    table = Terminal::Table.new :headings => ['Link', 'Label', 'Application Type'], :rows => apps
+    puts table
+  end
+
   # Retrieve list of field names
   field_names = JiraScan::getFieldNamesQueryComponentDefault(url)
   unless field_names.empty?

data/lib/jira_scan.rb

@@ -11,7 +11,7 @@ require 'net/http'
 require 'openssl'
 
 class JiraScan
-  VERSION = '0.0.4'.freeze
+  VERSION = '0.0.5'.freeze
 
   def self.logger
     @logger
@@ -115,6 +115,26 @@ class JiraScan
     "#{version}-##{build}"
   end
 
+  #
+  # Retrieve Jira software information
+  #
+  # @param [String] URL
+  #
+  # @return [Array] Jira software information
+  #
+  def self.getServerInfo(url)
+    url += '/' unless url.to_s.end_with? '/'
+    res = sendHttpRequest("#{url}rest/api/latest/serverInfo")
+
+    return [] unless res
+    return [] unless res.code.to_i == 200
+    return [] unless res.body.to_s.start_with?('{"baseUrl"')
+
+    JSON.parse(res.body.to_s, symbolize_names: true)
+  rescue
+    []
+  end
+
   #
   # Check if dev mode is enabled
   #
@@ -198,6 +218,7 @@ class JiraScan
 
   #
   # Check if unauthenticated access to REST UserPicker is allowed (CVE-2019-3403)
+  # https://jira.atlassian.com/browse/JRASERVER-69242
   #
   # @param [String] URL
   #
@@ -205,7 +226,7 @@ class JiraScan
   #
   def self.restUserPicker(url)
     url += '/' unless url.to_s.end_with? '/'
-    res = sendHttpRequest("#{url}rest/api/latest/user/picker")
+    res = sendHttpRequest("#{url}rest/api/2/user/picker")
 
     return false unless res
     return false unless res.code.to_i == 400
@@ -215,6 +236,7 @@ class JiraScan
 
   #
   # Check if unauthenticated access to REST GroupUserPicker is allowed (CVE-2019-8449)
+  # https://jira.atlassian.com/browse/JRASERVER-69796
   #
   # @param [String] URL
   #
@@ -222,7 +244,7 @@ class JiraScan
   #
   def self.restGroupUserPicker(url)
     url += '/' unless url.to_s.end_with? '/'
-    res = sendHttpRequest("#{url}rest/api/latest/groupuserpicker")
+    res = sendHttpRequest("#{url}rest/api/2/groupuserpicker")
 
     return false unless res
     return false unless res.code.to_i == 400
@@ -230,8 +252,33 @@ class JiraScan
     res.body.to_s.include?('The username query parameter was not provided')
   end
 
+  #
+  # Retrieve list of installed gadgets
+  # https://jira.atlassian.com/browse/JRASERVER-72613
+  #
+  # @param [String] URL
+  #
+  # @return [Array] list of installed gadgets
+  #
+  def self.getGadgets(url)
+    url += '/' unless url.to_s.end_with? '/'
+    res = sendHttpRequest("#{url}rest/config/1.0/directory.json")
+
+    return [] unless res
+    return [] unless res.code.to_i == 200
+    return [] unless res.body.to_s.start_with?('{"categories"')
+
+    gadgets = JSON.parse(res.body.to_s)['gadgets']
+    return [] if gadgets.empty?
+
+    JSON.parse(gadgets.to_json, symbolize_names: true).map { |g| [g[:title], g[:authorName], g[:authorEmail], g[:description]] }
+  rescue
+    []
+  end
+
   #
   # Check if unauthenticated access to ViewUserHover.jspa is allowed (CVE-2020-14181)
+  # https://jira.atlassian.com/browse/JRASERVER-71560
   #
   # @param [String] URL
   #
@@ -249,6 +296,7 @@ class JiraScan
 
   #
   # Check if META-INF contents are accessible (CVE-2019-8442)
+  # https://jira.atlassian.com/browse/JRASERVER-69241
   #
   # @param [String] URL
   #
@@ -266,6 +314,7 @@ class JiraScan
 
   #
   # Retrieve list of popular filters
+  # https://jira.atlassian.com/browse/JRASERVER-23255
   #
   # @param [String] URL
   #
@@ -302,14 +351,113 @@ class JiraScan
     return [] unless res
     return [] unless res.code.to_i == 200
     return [] unless res.body.to_s.start_with?('{"startAt"')
+    return [] unless res.body.to_s.include?('id')
+    return [] unless res.body.to_s.include?('name')
 
     JSON.parse(res.body.to_s, symbolize_names: true)[:dashboards].map { |d| [d[:id], d[:name]] }
   rescue
     []
   end
 
+  #
+  # Retrieve list of resolutions
+  #
+  # @param [String] URL
+  #
+  # @return [Array] list of resolutions
+  #
+  def self.getResolutions(url)
+    url += '/' unless url.to_s.end_with? '/'
+    res = sendHttpRequest("#{url}rest/api/2/resolution")
+
+    return [] unless res
+    return [] unless res.code.to_i == 200
+    return [] unless res.body.to_s.start_with?('[{"self"')
+    return [] unless res.body.to_s.include?('id')
+    return [] unless res.body.to_s.include?('name')
+    return [] unless res.body.to_s.include?('description')
+
+    JSON.parse(res.body.to_s, symbolize_names: true).map { |r| [r[:id], r[:name], r[:description]] }
+  rescue
+    []
+  end
+
+  #
+  # Retrieve list of projects
+  #
+  # @param [String] URL
+  #
+  # @return [Array] list of projects
+  #
+  def self.getProjects(url)
+    url += '/' unless url.to_s.end_with? '/'
+    max = 1_000
+    res = sendHttpRequest("#{url}rest/api/2/project?maxResults=#{max}")
+
+    return [] unless res
+    return [] unless res.code.to_i == 200
+    return [] unless res.body.to_s.start_with?('[{"expand"')
+    return [] unless res.body.to_s.include?('id')
+    return [] unless res.body.to_s.include?('key')
+    return [] unless res.body.to_s.include?('name')
+
+    JSON.parse(res.body.to_s, symbolize_names: true).map { |r| [r[:id], r[:key], r[:name]] }
+  rescue
+    []
+  end
+
+  #
+  # Retrieve list of project categories
+  #
+  # @param [String] URL
+  #
+  # @return [Array] list of project categories
+  #
+  def self.getProjectCategories(url)
+    url += '/' unless url.to_s.end_with? '/'
+    res = sendHttpRequest("#{url}rest/api/2/projectCategory")
+
+    return [] unless res
+    return [] unless res.code.to_i == 200
+    return [] unless res.body.to_s.start_with?('[{"self"')
+    return [] unless res.body.to_s.include?('id')
+    return [] unless res.body.to_s.include?('name')
+    return [] unless res.body.to_s.include?('description')
+
+    JSON.parse(res.body.to_s, symbolize_names: true).map { |r| [r[:id], r[:name], r[:description]] }
+  rescue
+    []
+  end
+
+  #
+  # Retrieve list of linked applications
+  # https://jira.atlassian.com/browse/JRASERVER-64963
+  # https://jira.atlassian.com/browse/JRACLOUD-64963
+  #
+  # @param [String] URL
+  #
+  # @return [Array] list of linked applications
+  #
+  def self.getLinkedApps(url)
+    url += '/' unless url.to_s.end_with? '/'
+    res = sendHttpRequest("#{url}rest/menu/latest/admin")
+
+    return [] unless res
+    return [] unless res.code.to_i == 200
+    return [] unless res.body.to_s.start_with?('[{"key"')
+    return [] unless res.body.to_s.include?('link')
+    return [] unless res.body.to_s.include?('label')
+    return [] unless res.body.to_s.include?('applicationType')
+
+    JSON.parse(res.body.to_s, symbolize_names: true).map { |r| [r[:link], r[:label], r[:applicationType]] }
+  rescue
+    []
+  end
+
   #
   # Retrieve list of field names from QueryComponent!Default.jspa (CVE-2020-14179)
+  # https://jira.atlassian.com/browse/JRASERVER-71536
+  # https://jira.atlassian.com/browse/JRACLOUD-75661
   #
   # @param [String] URL
   #
@@ -342,7 +490,8 @@ class JiraScan
   end
 
   #
-  # Retrieve list of field names from QueryComponent!Jql.jspa (EDB-49924)
+  # Retrieve list of field names from QueryComponent!Jql.jspa (CVE-2020-14179)
+  # https://jira.atlassian.com/browse/JRASERVER-71536
   #
   # @param [String] URL
   #

metadata

@@ -1,43 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: jira_scan
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
 platform: ruby
 authors:
 - Brendan Coles
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-07-12 00:00:00.000000000 Z
+date: 2021-08-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: terminal-table
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: logger
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.4'
 description: A simple remote scanner for Atlassian Jira
 email: bcoles@gmail.com
 executables: