jira_scan 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -13
- data/bin/jira-scan +11 -15
- data/lib/jira_scan.rb +22 -1
- metadata +12 -14
checksums.yaml
CHANGED
|
@@ -1,15 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
|
|
5
|
-
data.tar.gz: !binary |-
|
|
6
|
-
YzBkOGJlMzkwNzlkMjU5OWJhN2RmYTIwNzA2YTNlMzQ4OTI3NGE2Ng==
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 694f95d2a4df4f67588a35cce083c44568ab6fd6411cad9be7b778f86fdc74f7
|
|
4
|
+
data.tar.gz: a52b797b7810b69b20921a6ae539aebc070df18968ed41fb002319fce71db47b
|
|
7
5
|
SHA512:
|
|
8
|
-
metadata.gz:
|
|
9
|
-
|
|
10
|
-
YjNmZGE2MjRhNzZhZDUzMTZmMjA3YjkwMDEyZThiYWRlYzRhOTA5MGEyMTRj
|
|
11
|
-
Y2ZkN2U0NWM0YjFlNDRhMDI5NzJmNTJiNGVhNGU3MGMxZDA4Yzc=
|
|
12
|
-
data.tar.gz: !binary |-
|
|
13
|
-
MTQxMzE2ODI2MzAxZDA5MjA3N2QxNzkyNGNjMWI1NGE0ZWQ5Y2EwN2I2NzUy
|
|
14
|
-
ZmIxYzZmZTgyYmQ4MTcxYjNmZDY1YTQ2ZjA0ZDNmYjkwMzU0ZTRlM2FjNWJk
|
|
15
|
-
ODRjMTM0ZmVhMzg2Yjk4MDJkOTRiMzBhYmYwYmU0OGEyYjNkZWQ=
|
|
6
|
+
metadata.gz: c9f02c01c0b3aff58e99d484a09eef8c30c594706d08bbb0d3197411dc038ff07dfcd6bf0ae3074eec3d7e8ac40d375a51e2ab6f8b20c5bde986e3e63fffe5cf
|
|
7
|
+
data.tar.gz: 39cdb3fa320f6e3dca07bf9bb3b5926eb9a1c2adfbc5ca735a05fbcd89632443d9939c51b49f8657a6f5e37f1e9cfa2b1e4d78901cd10e22b6eec461448398df
|
data/bin/jira-scan
CHANGED
|
@@ -17,7 +17,7 @@ def banner
|
|
|
17
17
|
_ | | | '__/ _` |\\___ \\ / __/ _` | '_ \\
|
|
18
18
|
| |__| | | | | (_| |____) | (_| (_| | | | |
|
|
19
19
|
\\____/|_|_| \\__,_|_____/ \\___\\__,_|_| |_|
|
|
20
|
-
version
|
|
20
|
+
version #{JiraScan::VERSION}"
|
|
21
21
|
puts
|
|
22
22
|
puts '-' * 60
|
|
23
23
|
end
|
|
@@ -117,16 +117,16 @@ def scan(url, check: true, insecure: false, verbose: false)
|
|
|
117
117
|
end
|
|
118
118
|
|
|
119
119
|
# Dev mode enabled
|
|
120
|
-
|
|
121
|
-
puts '+ Dev mode is enabled' if dev_mode
|
|
120
|
+
puts '+ Dev mode is enabled' if JiraScan::devMode(url)
|
|
122
121
|
|
|
123
122
|
# User registration enabled
|
|
124
|
-
|
|
125
|
-
|
|
123
|
+
puts '+ User registration is enabled' if JiraScan::userRegistration(url)
|
|
124
|
+
|
|
125
|
+
# Service Desk user registration enabled
|
|
126
|
+
puts '+ Service Desk user registration is enabled' if JiraScan::userServiceDeskRegistration(url)
|
|
126
127
|
|
|
127
128
|
# Check if User Picker Browser is accessible
|
|
128
|
-
|
|
129
|
-
if user_picker
|
|
129
|
+
if JiraScan::userPickerBrowser(url)
|
|
130
130
|
puts '+ User Picker Browser is available'
|
|
131
131
|
# Retrieve list of first 1,000 users
|
|
132
132
|
users = JiraScan::getUsersFromUserPickerBrowser(url)
|
|
@@ -138,20 +138,16 @@ def scan(url, check: true, insecure: false, verbose: false)
|
|
|
138
138
|
end
|
|
139
139
|
|
|
140
140
|
# Check if REST User Picker is accessible
|
|
141
|
-
|
|
142
|
-
puts "+ REST UserPicker is available" if rest_user_picker
|
|
141
|
+
puts "+ REST UserPicker is available" if JiraScan::restUserPicker(url)
|
|
143
142
|
|
|
144
143
|
# Check if REST Group User Picker is accessible
|
|
145
|
-
|
|
146
|
-
puts "+ REST GroupUserPicker is available" if rest_group_user_picker
|
|
144
|
+
puts "+ REST GroupUserPicker is available" if JiraScan::restGroupUserPicker(url)
|
|
147
145
|
|
|
148
146
|
# Check if ViewUserHover.jspa is accessible
|
|
149
|
-
|
|
150
|
-
puts "+ ViewUserHover.jspa is available" if view_user_hover
|
|
147
|
+
puts "+ ViewUserHover.jspa is available" if JiraScan::viewUserHover(url)
|
|
151
148
|
|
|
152
149
|
# Check if META-INF contents are accessible
|
|
153
|
-
|
|
154
|
-
puts '+ META-INF directory contents are accessible' if meta_inf
|
|
150
|
+
puts '+ META-INF directory contents are accessible' if JiraScan::metaInf(url)
|
|
155
151
|
|
|
156
152
|
# Retrieve list of dashboards
|
|
157
153
|
dashboards = JiraScan::getDashboards(url)
|
data/lib/jira_scan.rb
CHANGED
|
@@ -9,9 +9,10 @@ require 'json'
|
|
|
9
9
|
require 'logger'
|
|
10
10
|
require 'net/http'
|
|
11
11
|
require 'openssl'
|
|
12
|
+
require 'stringio'
|
|
12
13
|
|
|
13
14
|
class JiraScan
|
|
14
|
-
VERSION = '0.0.
|
|
15
|
+
VERSION = '0.0.6'.freeze
|
|
15
16
|
|
|
16
17
|
def self.logger
|
|
17
18
|
@logger
|
|
@@ -154,6 +155,7 @@ class JiraScan
|
|
|
154
155
|
|
|
155
156
|
#
|
|
156
157
|
# Check if account registration is enabled
|
|
158
|
+
# https://docs.atlassian.com/jira/jsd-docs-045/Configuring+public+signup
|
|
157
159
|
#
|
|
158
160
|
# @param [String] URL
|
|
159
161
|
#
|
|
@@ -169,6 +171,25 @@ class JiraScan
|
|
|
169
171
|
res.body.to_s.include?('<h1>Sign up</h1>')
|
|
170
172
|
end
|
|
171
173
|
|
|
174
|
+
#
|
|
175
|
+
# Check if Jira Service Desk (part of Jira Service Management) account registration is enabled
|
|
176
|
+
# https://docs.atlassian.com/jira/jsd-docs-045/Configuring+public+signup
|
|
177
|
+
# https://support.atlassian.com/jira-service-management-cloud/docs/customer-permissions-for-your-service-project-and-jira-site/
|
|
178
|
+
#
|
|
179
|
+
# @param [String] URL
|
|
180
|
+
#
|
|
181
|
+
# @return [Boolean]
|
|
182
|
+
#
|
|
183
|
+
def self.userServiceDeskRegistration(url)
|
|
184
|
+
url += '/' unless url.to_s.end_with? '/'
|
|
185
|
+
res = sendHttpRequest("#{url}servicedesk/customer/user/signup")
|
|
186
|
+
|
|
187
|
+
return false unless res
|
|
188
|
+
return false unless res.code.to_i == 200
|
|
189
|
+
|
|
190
|
+
res.body.to_s.include?('serviceDeskVersion') || res.body.to_s.include?('com.atlassian.servicedesk')
|
|
191
|
+
end
|
|
192
|
+
|
|
172
193
|
#
|
|
173
194
|
# Check if unauthenticated access to UserPickerBrowser.jspa is allowed
|
|
174
195
|
#
|
metadata
CHANGED
|
@@ -1,41 +1,41 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jira_scan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Brendan Coles
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-01-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: terminal-table
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - ~>
|
|
17
|
+
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: '3.0'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - ~>
|
|
24
|
+
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: '3.0'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: logger
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- - ~>
|
|
31
|
+
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
33
|
version: '1.4'
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- - ~>
|
|
38
|
+
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '1.4'
|
|
41
41
|
description: A simple remote scanner for Atlassian Jira
|
|
@@ -51,25 +51,23 @@ homepage: https://github.com/bcoles/jira_scan
|
|
|
51
51
|
licenses:
|
|
52
52
|
- MIT
|
|
53
53
|
metadata: {}
|
|
54
|
-
post_install_message:
|
|
54
|
+
post_install_message:
|
|
55
55
|
rdoc_options: []
|
|
56
56
|
require_paths:
|
|
57
57
|
- lib
|
|
58
58
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
59
59
|
requirements:
|
|
60
|
-
- -
|
|
60
|
+
- - ">="
|
|
61
61
|
- !ruby/object:Gem::Version
|
|
62
62
|
version: 2.0.0
|
|
63
63
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
64
64
|
requirements:
|
|
65
|
-
- -
|
|
65
|
+
- - ">="
|
|
66
66
|
- !ruby/object:Gem::Version
|
|
67
67
|
version: '0'
|
|
68
68
|
requirements: []
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
signing_key:
|
|
69
|
+
rubygems_version: 3.3.15
|
|
70
|
+
signing_key:
|
|
72
71
|
specification_version: 4
|
|
73
72
|
summary: Jira scanner
|
|
74
73
|
test_files: []
|
|
75
|
-
has_rdoc:
|