pwn 0.4.503 → 0.4.507

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b596bbfaab1c2c5442b6be7e46c63fa7b2d9b7c3daa370bc8cfdea68b7e0e039
-  data.tar.gz: 79137ee35bdb6a599eba227124da98567776d6dec5593f8b44681fa95f543f2f
+  metadata.gz: 13fbc36550dc925df57922b3c0016819d4f67eb472e1b1ad07f772aefad82d2f
+  data.tar.gz: b82a0bf11f719584a998d9998e932f5fa0b7e66725ad2d2231b3d27b9853bfc6
 SHA512:
-  metadata.gz: ac749d01182f84dc41213be5d947d7f5ed18d4b35397ebebffe470a9f7cbd175d42d6b3e36f20274bac7565348659ceca01fa21af66af934d1cc4a79263e745e
-  data.tar.gz: 2cd0bbfe6ab55336a62a878b8b55c503f345c46c5cb2b7648fc39761d45b08f045c3ff4426cc6f734350ce5ef03988e08b7125d5e18e89f888f43434ab864eeb
+  metadata.gz: 212c9352d648bc5f497ceca10e78867a347bae086d93dd1c65dd65595bd7f32ff9a02065be3f092a5ec318f10e5e0ba223893feac4940f03aa75a9c19ca864f0
+  data.tar.gz: bdf727826c0421b696abe80d805dd7f93a018959e1dc675c5dae20929e5b2977ce235a241f679e6a79f9d3a0e8e94f0a3403fc3270610083e98b1f3065c73330

data/.rubocop_todo.yml

@@ -1,21 +1,32 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2022-05-27 23:04:56 UTC using RuboCop version 1.30.0.
+# on 2022-07-08 17:25:42 UTC using RuboCop version 1.31.2.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 234
+# Offense count: 5
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AutoCorrect, EnforcedStyle.
+# SupportedStyles: space, no_space
+Layout/LineContinuationSpacing:
+  Exclude:
+    - 'packer/provisioners/beef.rb'
+    - 'packer/provisioners/metasploit.rb'
+    - 'packer/provisioners/wpscan.rb'
+    - 'vagrant/provisioners/beef.rb'
+
+# Offense count: 258
 Lint/UselessAssignment:
   Enabled: false
 
-# Offense count: 253
+# Offense count: 260
 # Configuration parameters: IgnoredMethods, CountRepeatedAttributes.
 Metrics/AbcSize:
   Max: 328
 
-# Offense count: 63
+# Offense count: 64
 # Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods.
 # IgnoredMethods: refine
 Metrics/BlockLength:
@@ -26,12 +37,12 @@ Metrics/BlockLength:
 Metrics/BlockNesting:
   Max: 5
 
-# Offense count: 89
+# Offense count: 91
 # Configuration parameters: IgnoredMethods.
 Metrics/CyclomaticComplexity:
   Max: 231
 
-# Offense count: 459
+# Offense count: 472
 # Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods.
 Metrics/MethodLength:
   Max: 466
@@ -41,16 +52,16 @@ Metrics/MethodLength:
 Metrics/ModuleLength:
   Max: 1186
 
-# Offense count: 81
+# Offense count: 83
 # Configuration parameters: IgnoredMethods.
 Metrics/PerceivedComplexity:
   Max: 51
 
-# Offense count: 161
+# Offense count: 162
 Style/ClassVars:
   Enabled: false
 
-# Offense count: 285
+# Offense count: 283
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle, SingleLineConditionsOnly, IncludeTernaryExpressions.
 # SupportedStyles: assign_to_condition, assign_inside_condition

data/Gemfile

@@ -18,7 +18,7 @@ gem 'aws-sdk', '3.1.0'
 gem 'bettercap', '1.6.2'
 gem 'brakeman', '5.2.3'
 gem 'bson', '4.15.0'
-gem 'bundler', '>=2.3.16'
+gem 'bundler', '>=2.3.17'
 gem 'bundler-audit', '0.9.1'
 gem 'bunny', '2.19.0'
 gem 'colorize', '0.8.1'
@@ -47,7 +47,7 @@ gem 'oily_png', '1.2.1'
 gem 'os', '1.1.4'
 gem 'packetfu', '1.1.13'
 gem 'pdf-reader', '2.10.0'
-gem 'pg', '1.4.0'
+gem 'pg', '1.4.1'
 gem 'pry', '0.14.1'
 gem 'pry-doc', '1.3.0'
 gem 'rake', '13.0.6'
@@ -59,15 +59,15 @@ gem 'rex', '2.0.13'
 gem 'rmagick', '4.2.5'
 gem 'rspec', '3.11.0'
 gem 'rtesseract', '3.1.2'
-gem 'rubocop', '1.30.1'
+gem 'rubocop', '1.31.2'
 gem 'rubocop-rake', '0.6.0'
-gem 'rubocop-rspec', '2.11.1'
+gem 'rubocop-rspec', '2.12.1'
 gem 'ruby-audio', '1.6.1'
 gem 'ruby-nmap', '0.10.0'
 gem 'ruby-saml', '1.14.0'
 gem 'rvm', '1.11.3.9'
 gem 'savon', '2.12.1'
-gem 'selenium-devtools', '0.102.0'
+gem 'selenium-devtools', '0.103.0'
 gem 'serialport', '1.3.2'
 gem 'sinatra', '2.2.0'
 gem 'slack-ruby-client', '1.1.0'

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.503]:001 >>> PWN.help
+pwn[v0.4.507]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.503]:001 >>> PWN.help
+pwn[v0.4.507]:001 >>> PWN.help
 ```
 
 

data/Vagrantfile

@@ -247,4 +247,4 @@ else
     end
   end
 end
-File.unlink(runtime_userland) if File.exist?(runtime_userland)
+File.unlink(runtime_userland)

data/bin/pwn_arachni_rest

@@ -105,8 +105,8 @@ rescue Interrupt
   exit 1
 ensure
   Process.kill('TERM', fork_pid) if fork_pid
-  File.unlink(arachni_stdout_log_path) if File.exist?(arachni_stdout_log_path)
-  File.unlink(trained_attack_vectors_yaml) if File.exist?(trained_attack_vectors_yaml)
+  File.unlink(arachni_stdout_log_path)
+  File.unlink(trained_attack_vectors_yaml)
 end
 
 # Watch for Arachni proxy plugin to intialize prior to invoking navigation-REST.instruct

data/bin/pwn_sast

@@ -80,7 +80,6 @@ begin
       Emoticon
       Eval
       Factory
-      FilePermission
       HTTPAuthorizationHeader
       InnerHTML
       LocationHash

data/lib/pwn/plugins/owasp_zap.rb

@@ -139,10 +139,10 @@ module PWN
           end
         rescue PTY::ChildExited, SystemExit, Interrupt, Errno::EIO
           puts 'Spawned OWASP Zap PTY exiting...'
-          File.unlink(pwn_stdout_log_path) if File.exist?(pwn_stdout_log_path)
+          File.unlink(pwn_stdout_log_path)
         rescue StandardError => e
           puts 'Spawned process exiting...'
-          File.unlink(pwn_stdout_log_path) if File.exist?(pwn_stdout_log_path)
+          File.unlink(pwn_stdout_log_path)
           raise e
         end
         Process.detach(fork_pid)
@@ -475,7 +475,7 @@ module PWN
         zap_obj = opts[:zap_obj]
         unless zap_obj.nil?
           pid = zap_obj[:pid]
-          File.unlink(zap_obj[:stdout_log]) if File.exist?(zap_obj[:stdout_log])
+          File.unlink(zap_obj[:stdout_log])
 
           Process.kill('TERM', pid)
         end

data/lib/pwn/reports/fuzz.rb

@@ -25,7 +25,11 @@ module PWN
 
         # JSON object Completion
         File.open("#{dir_path}/pwn_fuzz_net_app_proto.json", "w:#{char_encoding}") do |f|
-          f.print(results_hash.to_json.force_encoding(char_encoding))
+          f.print(
+            JSON.pretty_generate(
+              results_hash.to_json.force_encoding(char_encoding)
+            )
+          )
         end
 
         # Report All the Bugs!!! \o/

data/lib/pwn/reports/sast.rb

@@ -22,9 +22,13 @@ module PWN
         results_hash = opts[:results_hash]
 
         # JSON object Completion
-        File.open("#{dir_path}/pwn_scan_git_source.json", 'w') do |f|
-          f.print(results_hash.to_json)
-        end
+        # File.open("#{dir_path}/pwn_scan_git_source.json", 'w') do |f|
+        #   f.print(results_hash.to_json)
+        # end
+        File.write(
+          "#{dir_path}/pwn_scan_git_source.json",
+          JSON.pretty_generate(results_hash.to_json)
+        )
 
         html_report = %q{<!DOCTYPE HTML>
         <html>
@@ -97,7 +101,7 @@ module PWN
             <div>
               <b>Toggle Column(s):</b>&nbsp;
               <a class="toggle-vis" data-column="1" href="#">Timestamp</a>&nbsp;|&nbsp;
-              <a class="toggle-vis" data-column="2" href="#">Test Case Invoked/NIST 800-53 Rev. 4 Section</a>&nbsp;|&nbsp;
+              <a class="toggle-vis" data-column="2" href="#">Test Case / Security Requirements</a>&nbsp;|&nbsp;
               <a class="toggle-vis" data-column="3" href="#">Path</a>&nbsp;|&nbsp;
               <a class="toggle-vis" data-column="4" href="#">Line#, Formatted Content, &amp; Last Committed By</a>&nbsp;|&nbsp;
               <a class="toggle-vis" data-column="5" href="#">Raw Content</a>&nbsp;|&nbsp;
@@ -111,7 +115,7 @@ module PWN
                   <tr>
                     <th>#</th>
                     <th>Timestamp</th>
-                    <th>Test Case / NIST 800-53 Security Control</th>
+                    <th>Test Case / Security Requirements</th>
                     <th>Path</th>
                     <th>Line#, Formatted Content, &amp; Last Committed By</th>
                     <th>Raw Content</th>
@@ -166,13 +170,13 @@ module PWN
                       "render": $.fn.dataTable.render.text()
                     },
                     {
-                      "data": "test_case",
+                      "data": "security_requirements",
                       "render": function (data, type, row, meta) {
                         var sast_dirname = data['sast_module'].split('::')[0].toLowerCase() + '/' + data['sast_module'].split('::')[1].toLowerCase();
                         var sast_module = data['sast_module'].split('::')[2];
                         var sast_test_case = sast_module.replace(/\.?([A-Z])/g, function (x,y){ if (sast_module.match(/\.?([A-Z][a-z])/g) ) { return "_" + y.toLowerCase(); } else { return y.toLowerCase(); } }).replace(/^_/g, "");
 
-                        return '<tr><td style="width:150px;" align="left"><a href="https://github.com/0dayinc/pwn/tree/master/lib/' + htmlEntityEncode(sast_dirname) + '/' + htmlEntityEncode(sast_test_case) + '.rb" target="_blank">' + htmlEntityEncode(data['sast_module'].split("::")[2]) + '</a><br /><a href="' + htmlEntityEncode(data['nist_800_53_uri']) + '" target="_blank">' + htmlEntityEncode(data['section'])  + '</a></td></tr>';
+                        return '<tr><td style="width:150px;" align="left"><a href="https://github.com/0dayinc/pwn/tree/master/lib/' + htmlEntityEncode(sast_dirname) + '/' + htmlEntityEncode(sast_test_case) + '.rb" target="_blank">' + htmlEntityEncode(data['sast_module'].split("::")[2]) + '</a><br /><a href="' + htmlEntityEncode(data['nist_800_53_uri']) + '" target="_blank">NIST 800-53:' + htmlEntityEncode(data['section'])  + '</a><a href="' + htmlEntityEncode(data['cwe_uri']) + '" target="_blank">CWE:' + htmlEntityEncode(data['cwe_id'])  + '</a></td></tr>';
                       }
                     },
                     {
@@ -198,7 +202,7 @@ module PWN
 
                           var bug_comment = 'Timestamp: ' + row.timestamp + '\n' +
                                             'Test Case: http://' + window.location.hostname + ':8808/doc_root/pwn-0.1.0/' +
-                                              row.test_case['sast_module'].replace(/::/g, "/") + '\n' +
+                                              row.security_requirements['sast_module'].replace(/::/g, "/") + '\n' +
                                             'Source Code Impacted: ' + $("<div/>").html(filename_link).text() + '\n\n' +
                                             'Test Case Request:\n' +
                                             $("<div/>").html(row.test_case_filter.replace(/\s{2,}/g, " ")).text() + '\n\n' +

data/lib/pwn/sast/amqp_connect_as_guest.rb

@@ -50,7 +50,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'ACCOUNT MANAGEMENT',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-2'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-2',
+          cwe_id: '285',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/285.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/apache_file_system_util_api.rb

@@ -49,7 +49,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -97,6 +97,8 @@ module PWN
           @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
         end
         result_arr
+      rescue StandardError => e
+        raise e
       end
 
       # Used primarily to map NIST 800-53 Revision 4 Security Controls
@@ -104,12 +106,16 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '78',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/78.html'
         }
+      rescue StandardError => e
+        raise e
       end
 
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>

data/lib/pwn/sast/aws.rb

@@ -50,7 +50,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -107,11 +107,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'TRANSMISSION CONFIDENTIALITY AND INTEGRITY',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-8'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-8',
+          cwe_id: '256',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/256.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/banned_function_calls_c.rb

@@ -177,7 +177,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -225,6 +225,8 @@ module PWN
           @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
         end
         result_arr
+      rescue StandardError => e
+        raise e
       end
 
       # Used primarily to map NIST 800-53 Revision 4 Security Controls
@@ -232,12 +234,16 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '676',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/676.html'
         }
+      rescue StandardError => e
+        raise e
       end
 
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>

data/lib/pwn/sast/base64.rb

@@ -51,7 +51,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -103,16 +103,15 @@ module PWN
         raise e
       end
 
-      # Used primarily to map NIST 800-53 Revision 4 Security Controls
-      # https://web.nvd.nist.gov/view/800-53/Rev4/impact?impactName=HIGH
-      # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
-      # Determine the level of Testing Coverage w/ PWN.
+      # Used to dictate Security Control Requirements for a Given SAST module.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'PROTECTION OF INFORMATION AT REST',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28',
+          cwe_id: '95',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/95.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/beef_hook.rb

@@ -45,7 +45,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -102,11 +102,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
+          cwe_id: '506',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/506.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/cmd_execution_java.rb

@@ -50,7 +50,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -107,11 +107,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '78',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/78.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/cmd_execution_python.rb

@@ -52,7 +52,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -109,11 +109,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '78',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/78.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/cmd_execution_ruby.rb

@@ -60,7 +60,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -117,11 +117,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '78',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/78.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/cmd_execution_scala.rb

@@ -50,7 +50,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -107,11 +107,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '78',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/78.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/csrf.rb

@@ -48,7 +48,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -103,12 +103,16 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
+          cwe_id: '352',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/352.html'
         }
+      rescue StandardError => e
+        raise e
       end
 
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>

data/lib/pwn/sast/deserial_java.rb

@@ -47,7 +47,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -102,12 +102,16 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '502',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/502.html'
         }
+      rescue StandardError => e
+        raise e
       end
 
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>

data/lib/pwn/sast/emoticon.rb

@@ -52,7 +52,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -110,11 +110,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'LEAST PRIVILEGE',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6',
+          cwe_id: '546',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/546.html'
         }
       rescue StandardError => e
         raise e