jira_scan 0.0.4 → 0.0.6

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    YjNmYTk1OWYwM2VjNzJlZjVmZGFlZGIyNzdlYmUyOGE3Mzg0NTIxNg==
-  data.tar.gz: !binary |-
-    NDA1MWUyMjE2ODIwODBhMThjYjU2ZWNlY2VhMjcxY2E0YWIyODYyZQ==
+SHA256:
+  metadata.gz: 694f95d2a4df4f67588a35cce083c44568ab6fd6411cad9be7b778f86fdc74f7
+  data.tar.gz: a52b797b7810b69b20921a6ae539aebc070df18968ed41fb002319fce71db47b
 SHA512:
-  metadata.gz: !binary |-
-    MjliM2EyYWE0MzFjNDllMWMyOTljMDYyOGRkYTU3ZDc2NTk2MDc0ZTg0ODJi
-    Zjg3MTAwOGU5MjkzNmEzNmZkNGZkYWY4YTNhMDE3Mzg0YzEzNjVkOGUzMjMy
-    YTI1MGQ0NDg1NzA4Y2YzNjE3ODM0MWQ2NTJiOTk1NDUzZDI1ZmU=
-  data.tar.gz: !binary |-
-    NDM2MTdiY2ViMzVlYmEwZTg5MTY4NGI0NWY0M2IwZmFjMGFjYmM5MzRhZmFi
-    NmYxYTkzYWE4ODAzNDYwNzNjZTNmNGE1OGM1OGJjMzAyZDYwYWRkMzg0NWRl
-    NzVmNTQ2NmY3NTNhZWQ3ODA0MWZhNDVjN2M0YzQ2OTQ5Y2M1MDg=
+  metadata.gz: c9f02c01c0b3aff58e99d484a09eef8c30c594706d08bbb0d3197411dc038ff07dfcd6bf0ae3074eec3d7e8ac40d375a51e2ab6f8b20c5bde986e3e63fffe5cf
+  data.tar.gz: 39cdb3fa320f6e3dca07bf9bb3b5926eb9a1c2adfbc5ca735a05fbcd89632443d9939c51b49f8657a6f5e37f1e9cfa2b1e4d78901cd10e22b6eec461448398df

data/bin/jira-scan

@@ -17,7 +17,7 @@ def banner
   _   | | | '__/ _` |\\___ \\ / __/ _` | '_ \\ 
  | |__| | | | | (_| |____) | (_| (_| | | | |
   \\____/|_|_|  \\__,_|_____/ \\___\\__,_|_| |_|
-                               version 0.0.4"
+                               version #{JiraScan::VERSION}"
   puts
   puts '-' * 60
 end
@@ -108,17 +108,25 @@ def scan(url, check: true, insecure: false, verbose: false)
   version = JiraScan::getVersionFromLogin(url) unless version
   puts "+ Version: #{version}" if version
 
+  # Retrieve Jira software information
+  info = JiraScan::getServerInfo(url)
+  unless info.empty?
+    puts "+ Server info:"
+    table = Terminal::Table.new :rows => info
+    puts table
+  end
+
   # Dev mode enabled
-  dev_mode = JiraScan::devMode(url)
-  puts '+ Dev mode is enabled' if dev_mode
+  puts '+ Dev mode is enabled' if JiraScan::devMode(url)
 
   # User registration enabled
-  register = JiraScan::userRegistration(url)
-  puts '+ User registration is enabled' if register
+  puts '+ User registration is enabled' if JiraScan::userRegistration(url)
+
+  # Service Desk user registration enabled
+  puts '+ Service Desk user registration is enabled' if JiraScan::userServiceDeskRegistration(url)
 
   # Check if User Picker Browser is accessible
-  user_picker = JiraScan::userPickerBrowser(url)
-  if user_picker
+  if JiraScan::userPickerBrowser(url)
     puts '+ User Picker Browser is available'
     # Retrieve list of first 1,000 users 
     users = JiraScan::getUsersFromUserPickerBrowser(url)
@@ -130,20 +138,16 @@ def scan(url, check: true, insecure: false, verbose: false)
   end
 
   # Check if REST User Picker is accessible
-  rest_user_picker = JiraScan::restUserPicker(url)
-  puts "+ REST UserPicker is available" if rest_user_picker
+  puts "+ REST UserPicker is available" if JiraScan::restUserPicker(url)
 
   # Check if REST Group User Picker is accessible
-  rest_group_user_picker = JiraScan::restGroupUserPicker(url)
-  puts "+ REST GroupUserPicker is available" if rest_group_user_picker
+  puts "+ REST GroupUserPicker is available" if JiraScan::restGroupUserPicker(url)
 
   # Check if ViewUserHover.jspa is accessible
-  view_user_hover = JiraScan::viewUserHover(url)
-  puts "+ ViewUserHover.jspa is available" if view_user_hover
+  puts "+ ViewUserHover.jspa is available" if JiraScan::viewUserHover(url)
 
   # Check if META-INF contents are accessible
-  meta_inf = JiraScan::metaInf(url)
-  puts '+ META-INF directory contents are accessible' if meta_inf
+  puts '+ META-INF directory contents are accessible' if JiraScan::metaInf(url)
 
   # Retrieve list of dashboards
   dashboards = JiraScan::getDashboards(url)
@@ -161,6 +165,46 @@ def scan(url, check: true, insecure: false, verbose: false)
     puts table
   end
 
+  # Retrieve list of installed gadgets
+  gadgets = JiraScan::getGadgets(url)
+  unless gadgets.empty?
+    puts "+ Found gadgets (#{gadgets.length}):"
+    table = Terminal::Table.new :headings => ['Title', 'Author Name', 'Author Email', 'Description'], :rows => gadgets
+    puts table
+  end
+
+  # Retrieve list of resolutions
+  resolutions = JiraScan::getResolutions(url)
+  unless resolutions.empty?
+    puts "+ Found resolutions (#{resolutions.length}):"
+    table = Terminal::Table.new :headings => ['ID', 'Name', 'Description'], :rows => resolutions
+    puts table
+  end
+
+  # Retrieve list of projects
+  projects = JiraScan::getProjects(url)
+  unless projects.empty?
+    puts "+ Found projects (#{projects.length}):"
+    table = Terminal::Table.new :headings => ['ID', 'Key', 'Name'], :rows => projects
+    puts table
+  end
+
+  # Retrieve list of project categories
+  project_categories = JiraScan::getProjectCategories(url)
+  unless project_categories.empty?
+    puts "+ Found project categories (#{project_categories.length}):"
+    table = Terminal::Table.new :headings => ['ID', 'Name', 'Description'], :rows => project_categories
+    puts table
+  end
+
+  # Retrieve list of linked applications
+  apps = JiraScan::getLinkedApps(url)
+  unless apps.empty?
+    puts "+ Found linked applications (#{apps.length}):"
+    table = Terminal::Table.new :headings => ['Link', 'Label', 'Application Type'], :rows => apps
+    puts table
+  end
+
   # Retrieve list of field names
   field_names = JiraScan::getFieldNamesQueryComponentDefault(url)
   unless field_names.empty?

data/lib/jira_scan.rb

@@ -9,9 +9,10 @@ require 'json'
 require 'logger'
 require 'net/http'
 require 'openssl'
+require 'stringio'
 
 class JiraScan
-  VERSION = '0.0.4'.freeze
+  VERSION = '0.0.6'.freeze
 
   def self.logger
     @logger
@@ -115,6 +116,26 @@ class JiraScan
     "#{version}-##{build}"
   end
 
+  #
+  # Retrieve Jira software information
+  #
+  # @param [String] URL
+  #
+  # @return [Array] Jira software information
+  #
+  def self.getServerInfo(url)
+    url += '/' unless url.to_s.end_with? '/'
+    res = sendHttpRequest("#{url}rest/api/latest/serverInfo")
+
+    return [] unless res
+    return [] unless res.code.to_i == 200
+    return [] unless res.body.to_s.start_with?('{"baseUrl"')
+
+    JSON.parse(res.body.to_s, symbolize_names: true)
+  rescue
+    []
+  end
+
   #
   # Check if dev mode is enabled
   #
@@ -134,6 +155,7 @@ class JiraScan
 
   #
   # Check if account registration is enabled
+  # https://docs.atlassian.com/jira/jsd-docs-045/Configuring+public+signup
   #
   # @param [String] URL
   #
@@ -149,6 +171,25 @@ class JiraScan
     res.body.to_s.include?('<h1>Sign up</h1>')
   end
 
+  #
+  # Check if Jira Service Desk (part of Jira Service Management) account registration is enabled
+  # https://docs.atlassian.com/jira/jsd-docs-045/Configuring+public+signup
+  # https://support.atlassian.com/jira-service-management-cloud/docs/customer-permissions-for-your-service-project-and-jira-site/
+  #
+  # @param [String] URL
+  #
+  # @return [Boolean]
+  #
+  def self.userServiceDeskRegistration(url)
+    url += '/' unless url.to_s.end_with? '/'
+    res = sendHttpRequest("#{url}servicedesk/customer/user/signup")
+
+    return false unless res
+    return false unless res.code.to_i == 200
+
+    res.body.to_s.include?('serviceDeskVersion') || res.body.to_s.include?('com.atlassian.servicedesk')
+  end
+
   #
   # Check if unauthenticated access to UserPickerBrowser.jspa is allowed
   #
@@ -198,6 +239,7 @@ class JiraScan
 
   #
   # Check if unauthenticated access to REST UserPicker is allowed (CVE-2019-3403)
+  # https://jira.atlassian.com/browse/JRASERVER-69242
   #
   # @param [String] URL
   #
@@ -205,7 +247,7 @@ class JiraScan
   #
   def self.restUserPicker(url)
     url += '/' unless url.to_s.end_with? '/'
-    res = sendHttpRequest("#{url}rest/api/latest/user/picker")
+    res = sendHttpRequest("#{url}rest/api/2/user/picker")
 
     return false unless res
     return false unless res.code.to_i == 400
@@ -215,6 +257,7 @@ class JiraScan
 
   #
   # Check if unauthenticated access to REST GroupUserPicker is allowed (CVE-2019-8449)
+  # https://jira.atlassian.com/browse/JRASERVER-69796
   #
   # @param [String] URL
   #
@@ -222,7 +265,7 @@ class JiraScan
   #
   def self.restGroupUserPicker(url)
     url += '/' unless url.to_s.end_with? '/'
-    res = sendHttpRequest("#{url}rest/api/latest/groupuserpicker")
+    res = sendHttpRequest("#{url}rest/api/2/groupuserpicker")
 
     return false unless res
     return false unless res.code.to_i == 400
@@ -230,8 +273,33 @@ class JiraScan
     res.body.to_s.include?('The username query parameter was not provided')
   end
 
+  #
+  # Retrieve list of installed gadgets
+  # https://jira.atlassian.com/browse/JRASERVER-72613
+  #
+  # @param [String] URL
+  #
+  # @return [Array] list of installed gadgets
+  #
+  def self.getGadgets(url)
+    url += '/' unless url.to_s.end_with? '/'
+    res = sendHttpRequest("#{url}rest/config/1.0/directory.json")
+
+    return [] unless res
+    return [] unless res.code.to_i == 200
+    return [] unless res.body.to_s.start_with?('{"categories"')
+
+    gadgets = JSON.parse(res.body.to_s)['gadgets']
+    return [] if gadgets.empty?
+
+    JSON.parse(gadgets.to_json, symbolize_names: true).map { |g| [g[:title], g[:authorName], g[:authorEmail], g[:description]] }
+  rescue
+    []
+  end
+
   #
   # Check if unauthenticated access to ViewUserHover.jspa is allowed (CVE-2020-14181)
+  # https://jira.atlassian.com/browse/JRASERVER-71560
   #
   # @param [String] URL
   #
@@ -249,6 +317,7 @@ class JiraScan
 
   #
   # Check if META-INF contents are accessible (CVE-2019-8442)
+  # https://jira.atlassian.com/browse/JRASERVER-69241
   #
   # @param [String] URL
   #
@@ -266,6 +335,7 @@ class JiraScan
 
   #
   # Retrieve list of popular filters
+  # https://jira.atlassian.com/browse/JRASERVER-23255
   #
   # @param [String] URL
   #
@@ -302,14 +372,113 @@ class JiraScan
     return [] unless res
     return [] unless res.code.to_i == 200
     return [] unless res.body.to_s.start_with?('{"startAt"')
+    return [] unless res.body.to_s.include?('id')
+    return [] unless res.body.to_s.include?('name')
 
     JSON.parse(res.body.to_s, symbolize_names: true)[:dashboards].map { |d| [d[:id], d[:name]] }
   rescue
     []
   end
 
+  #
+  # Retrieve list of resolutions
+  #
+  # @param [String] URL
+  #
+  # @return [Array] list of resolutions
+  #
+  def self.getResolutions(url)
+    url += '/' unless url.to_s.end_with? '/'
+    res = sendHttpRequest("#{url}rest/api/2/resolution")
+
+    return [] unless res
+    return [] unless res.code.to_i == 200
+    return [] unless res.body.to_s.start_with?('[{"self"')
+    return [] unless res.body.to_s.include?('id')
+    return [] unless res.body.to_s.include?('name')
+    return [] unless res.body.to_s.include?('description')
+
+    JSON.parse(res.body.to_s, symbolize_names: true).map { |r| [r[:id], r[:name], r[:description]] }
+  rescue
+    []
+  end
+
+  #
+  # Retrieve list of projects
+  #
+  # @param [String] URL
+  #
+  # @return [Array] list of projects
+  #
+  def self.getProjects(url)
+    url += '/' unless url.to_s.end_with? '/'
+    max = 1_000
+    res = sendHttpRequest("#{url}rest/api/2/project?maxResults=#{max}")
+
+    return [] unless res
+    return [] unless res.code.to_i == 200
+    return [] unless res.body.to_s.start_with?('[{"expand"')
+    return [] unless res.body.to_s.include?('id')
+    return [] unless res.body.to_s.include?('key')
+    return [] unless res.body.to_s.include?('name')
+
+    JSON.parse(res.body.to_s, symbolize_names: true).map { |r| [r[:id], r[:key], r[:name]] }
+  rescue
+    []
+  end
+
+  #
+  # Retrieve list of project categories
+  #
+  # @param [String] URL
+  #
+  # @return [Array] list of project categories
+  #
+  def self.getProjectCategories(url)
+    url += '/' unless url.to_s.end_with? '/'
+    res = sendHttpRequest("#{url}rest/api/2/projectCategory")
+
+    return [] unless res
+    return [] unless res.code.to_i == 200
+    return [] unless res.body.to_s.start_with?('[{"self"')
+    return [] unless res.body.to_s.include?('id')
+    return [] unless res.body.to_s.include?('name')
+    return [] unless res.body.to_s.include?('description')
+
+    JSON.parse(res.body.to_s, symbolize_names: true).map { |r| [r[:id], r[:name], r[:description]] }
+  rescue
+    []
+  end
+
+  #
+  # Retrieve list of linked applications
+  # https://jira.atlassian.com/browse/JRASERVER-64963
+  # https://jira.atlassian.com/browse/JRACLOUD-64963
+  #
+  # @param [String] URL
+  #
+  # @return [Array] list of linked applications
+  #
+  def self.getLinkedApps(url)
+    url += '/' unless url.to_s.end_with? '/'
+    res = sendHttpRequest("#{url}rest/menu/latest/admin")
+
+    return [] unless res
+    return [] unless res.code.to_i == 200
+    return [] unless res.body.to_s.start_with?('[{"key"')
+    return [] unless res.body.to_s.include?('link')
+    return [] unless res.body.to_s.include?('label')
+    return [] unless res.body.to_s.include?('applicationType')
+
+    JSON.parse(res.body.to_s, symbolize_names: true).map { |r| [r[:link], r[:label], r[:applicationType]] }
+  rescue
+    []
+  end
+
   #
   # Retrieve list of field names from QueryComponent!Default.jspa (CVE-2020-14179)
+  # https://jira.atlassian.com/browse/JRASERVER-71536
+  # https://jira.atlassian.com/browse/JRACLOUD-75661
   #
   # @param [String] URL
   #
@@ -342,7 +511,8 @@ class JiraScan
   end
 
   #
-  # Retrieve list of field names from QueryComponent!Jql.jspa (EDB-49924)
+  # Retrieve list of field names from QueryComponent!Jql.jspa (CVE-2020-14179)
+  # https://jira.atlassian.com/browse/JRASERVER-71536
   #
   # @param [String] URL
   #

metadata

@@ -1,43 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: jira_scan
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.6
 platform: ruby
 authors:
 - Brendan Coles
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-07-12 00:00:00.000000000 Z
+date: 2023-01-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: terminal-table
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: logger
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.4'
 description: A simple remote scanner for Atlassian Jira
 email: bcoles@gmail.com
 executables:
@@ -51,25 +51,23 @@ homepage: https://github.com/bcoles/jira_scan
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: 2.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.2.2
-signing_key: 
+rubygems_version: 3.3.15
+signing_key:
 specification_version: 4
 summary: Jira scanner
 test_files: []
-has_rdoc: