RubyGems - pwn - Versions diffs - 0.4.503 → 0.4.507 - Mend

pwn 0.4.503 → 0.4.507

Files changed (90) hide show

checksums.yaml +4 -4
data/.rubocop_todo.yml +20 -9
data/Gemfile +5 -5
data/README.md +2 -2
data/Vagrantfile +1 -1
data/bin/pwn_arachni_rest +2 -2
data/bin/pwn_sast +0 -1
data/lib/pwn/plugins/owasp_zap.rb +3 -3
data/lib/pwn/reports/fuzz.rb +5 -1
data/lib/pwn/reports/sast.rb +12 -8
data/lib/pwn/sast/amqp_connect_as_guest.rb +5 -3
data/lib/pwn/sast/apache_file_system_util_api.rb +9 -3
data/lib/pwn/sast/aws.rb +5 -3
data/lib/pwn/sast/banned_function_calls_c.rb +9 -3
data/lib/pwn/sast/base64.rb +6 -7
data/lib/pwn/sast/beef_hook.rb +5 -3
data/lib/pwn/sast/cmd_execution_java.rb +5 -3
data/lib/pwn/sast/cmd_execution_python.rb +5 -3
data/lib/pwn/sast/cmd_execution_ruby.rb +5 -3
data/lib/pwn/sast/cmd_execution_scala.rb +5 -3
data/lib/pwn/sast/csrf.rb +7 -3
data/lib/pwn/sast/deserial_java.rb +7 -3
data/lib/pwn/sast/emoticon.rb +5 -3
data/lib/pwn/sast/eval.rb +5 -3
data/lib/pwn/sast/factory.rb +7 -3
data/lib/pwn/sast/http_authorization_header.rb +5 -3
data/lib/pwn/sast/inner_html.rb +5 -3
data/lib/pwn/sast/keystore.rb +5 -3
data/lib/pwn/sast/location_hash.rb +5 -3
data/lib/pwn/sast/log4j.rb +5 -3
data/lib/pwn/sast/logger.rb +5 -3
data/lib/pwn/sast/outer_html.rb +5 -3
data/lib/pwn/sast/password.rb +5 -3
data/lib/pwn/sast/pom_version.rb +5 -3
data/lib/pwn/sast/port.rb +5 -3
data/lib/pwn/sast/private_key.rb +5 -3
data/lib/pwn/sast/redirect.rb +5 -3
data/lib/pwn/sast/redos.rb +5 -3
data/lib/pwn/sast/shell.rb +5 -3
data/lib/pwn/sast/signature.rb +5 -3
data/lib/pwn/sast/sql.rb +5 -3
data/lib/pwn/sast/ssl.rb +5 -3
data/lib/pwn/sast/sudo.rb +5 -3
data/lib/pwn/sast/task_tag.rb +5 -3
data/lib/pwn/sast/throw_errors.rb +5 -3
data/lib/pwn/sast/token.rb +5 -3
data/lib/pwn/sast/version.rb +5 -3
data/lib/pwn/sast/window_location_hash.rb +5 -3
data/lib/pwn/sast.rb +0 -1
data/lib/pwn/version.rb +1 -1
data/spec/lib/pwn/sast/amqp_connect_as_guest_spec.rb +3 -3
data/spec/lib/pwn/sast/apache_file_system_util_api_spec.rb +3 -3
data/spec/lib/pwn/sast/aws_spec.rb +3 -3
data/spec/lib/pwn/sast/banned_function_calls_c_spec.rb +3 -3
data/spec/lib/pwn/sast/base64_spec.rb +3 -3
data/spec/lib/pwn/sast/beef_hook_spec.rb +3 -3
data/spec/lib/pwn/sast/cmd_execution_java_spec.rb +3 -3
data/spec/lib/pwn/sast/cmd_execution_python_spec.rb +3 -3
data/spec/lib/pwn/sast/cmd_execution_ruby_spec.rb +3 -3
data/spec/lib/pwn/sast/cmd_execution_scala_spec.rb +3 -3
data/spec/lib/pwn/sast/csrf_spec.rb +3 -3
data/spec/lib/pwn/sast/deserial_java_spec.rb +3 -3
data/spec/lib/pwn/sast/emoticon_spec.rb +3 -3
data/spec/lib/pwn/sast/eval_spec.rb +3 -3
data/spec/lib/pwn/sast/factory_spec.rb +3 -3
data/spec/lib/pwn/sast/http_authorization_header_spec.rb +3 -3
data/spec/lib/pwn/sast/inner_html_spec.rb +3 -3
data/spec/lib/pwn/sast/keystore_spec.rb +3 -3
data/spec/lib/pwn/sast/location_hash_spec.rb +3 -3
data/spec/lib/pwn/sast/log4j_spec.rb +3 -3
data/spec/lib/pwn/sast/logger_spec.rb +3 -3
data/spec/lib/pwn/sast/password_spec.rb +3 -3
data/spec/lib/pwn/sast/pom_version_spec.rb +3 -3
data/spec/lib/pwn/sast/port_spec.rb +3 -3
data/spec/lib/pwn/sast/private_key_spec.rb +3 -3
data/spec/lib/pwn/sast/redirect_spec.rb +3 -3
data/spec/lib/pwn/sast/redos_spec.rb +3 -3
data/spec/lib/pwn/sast/shell_spec.rb +3 -3
data/spec/lib/pwn/sast/signature_spec.rb +3 -3
data/spec/lib/pwn/sast/sql_spec.rb +3 -3
data/spec/lib/pwn/sast/ssl_spec.rb +3 -3
data/spec/lib/pwn/sast/sudo_spec.rb +3 -3
data/spec/lib/pwn/sast/task_tag_spec.rb +3 -3
data/spec/lib/pwn/sast/throw_errors_spec.rb +3 -3
data/spec/lib/pwn/sast/token_spec.rb +3 -3
data/spec/lib/pwn/sast/version_spec.rb +3 -3
data/spec/lib/pwn/sast/window_location_hash_spec.rb +3 -3
metadata +13 -15
data/lib/pwn/sast/file_permission.rb +0 -142
data/spec/lib/pwn/sast/file_permission_spec.rb +0 -25

data/lib/pwn/sast/eval.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
+          cwe_id: '95',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/95.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/factory.rb CHANGED Viewed

@@ -47,7 +47,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -102,12 +102,16 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'DEVELOPER CONFIGURATION MANAGEMENT',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-10',
+          cwe_id: '611',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/611.html'
         }
+      rescue StandardError => e
+        raise e
       end
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>

data/lib/pwn/sast/http_authorization_header.rb CHANGED Viewed

@@ -57,7 +57,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -112,11 +112,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'PROTECTION OF INFORMATION AT REST',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28',
+          cwe_id: '285',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/285.html'
         }
       end

data/lib/pwn/sast/inner_html.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
+          cwe_id: '79',
+          uri: 'https://cwe.mitre.org/data/definitions/79.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/keystore.rb CHANGED Viewed

@@ -45,7 +45,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -102,11 +102,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-12'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-12',
+          cwe_id: '522',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/522.html'
         }
       rescue StandardError => e
         raise e.mesasge

data/lib/pwn/sast/location_hash.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
+          cwe_id: '79',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/log4j.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'DEVELOPER SECURITY AND PRIVACY ARCHITECTURE AND DESIGN',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-17'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-17',
+          cwe_id: '502',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/502.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/logger.rb CHANGED Viewed

@@ -63,7 +63,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -120,11 +120,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'PROTECTION OF INFORMATION AT REST',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28',
+          cwe_id: '779',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/779.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/outer_html.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
+          cwe_id: '79',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/password.rb CHANGED Viewed

@@ -52,7 +52,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -107,11 +107,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'PROTECTION OF INFORMATION AT REST',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28',
+          cwe_id: '540',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/540.html'
         }
       end

data/lib/pwn/sast/pom_version.rb CHANGED Viewed

@@ -46,7 +46,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -109,11 +109,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'VULNERABILITY SCANNING',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=RA-5'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=RA-5',
+          cwe_id: '.0',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/1104.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/port.rb CHANGED Viewed

@@ -55,7 +55,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -112,11 +112,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'TRANSMISSION CONFIDENTIALITY AND INTEGRITY',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-8'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-8',
+          cwe_id: '319',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/319.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/private_key.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'CRYPTOGRAPHIC MODULE AUTHENTICATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7',
+          cwe_id: '321',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/321.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/redirect.rb CHANGED Viewed

@@ -50,7 +50,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -107,11 +107,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'LEAST PRIVILEGE',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6',
+          cwe_id: '601',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/601.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/redos.rb CHANGED Viewed

@@ -55,7 +55,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -112,11 +112,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'PROTECTION OF INFORMATION AT REST',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28',
+          cwe_id: '1333',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/1333.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/shell.rb CHANGED Viewed

@@ -56,7 +56,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -113,11 +113,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'DEVELOPER SECURITY AND PRIVACY ARCHITECTURE AND DESIGN',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-17'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-17',
+          cwe_id: '553',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/553.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/signature.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'CRYPTOGRAPHIC MODULE AUTHENTICATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7',
+          cwe_id: '347',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/347.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/sql.rb CHANGED Viewed

@@ -52,7 +52,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -109,11 +109,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '89',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/89.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/ssl.rb CHANGED Viewed

@@ -45,7 +45,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -102,11 +102,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'PUBLIC KEY INFRASTRUCTURE CERTIFICATES',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-17'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-17',
+          cwe_id: '310',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/310.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/sudo.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'LEAST PRIVILEGE',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6',
+          cwe_id: '250',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/250.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/task_tag.rb CHANGED Viewed

@@ -62,7 +62,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -119,11 +119,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'LEAST PRIVILEGE',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6',
+          cwe_id: '546',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/546.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/throw_errors.rb CHANGED Viewed

@@ -47,7 +47,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -104,11 +104,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'ERROR HANDLING',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-11'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-11',
+          cwe_id: '209',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/209.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/token.rb CHANGED Viewed

@@ -45,7 +45,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -102,11 +102,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'CRYPTOGRAPHIC MODULE AUTHENTICATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7',
+          cwe_id: '798',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/798.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/version.rb CHANGED Viewed

@@ -45,7 +45,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -102,11 +102,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'VULNERABILITY SCANNING',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=RA-5'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=RA-5',
+          cwe_id: '672',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/672.html'
         }
       rescue StandardError => e
         raise e