pwn 0.4.504 → 0.4.508

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 253136ca915fe42e666099b83268b49fad33ea66e55360bd89bd660948c5263b
-  data.tar.gz: 85369110544b7c21a2e86e27c4b4794a52c91952ba8e59b9be3ce0a3e94c601f
+  metadata.gz: 3c4e3392221454a18ab169489c67991b2e6706bb6b70f5fe98dab58baf7a965f
+  data.tar.gz: dfd93ac966ab033b918ab2bb03ba31317d9b0a25ca0fcadabd876a9d2ffe8132
 SHA512:
-  metadata.gz: 611767de224ab03d45bebb1111366de7a8209ba56ba94165198cffa0ba42ff8d22807f9f43ecff0f9cf641ab80095ff9e284508aa3739dbda5a4d2127201a2d7
-  data.tar.gz: 21cc9be2adca3389ad131b461b31d6f4bb8cac59f179edf7f0e8f823c3e0997a3c2c1f80fdad7689ed0fbcd138be2a5bd6e9cdab9eef316c82e6f60296b5a15c
+  metadata.gz: 76051d4152d8aa9b8c708372e1a9d7a2e5f012f7b6c420ac595b6d0df69569f2e733842e5c46605fb31a9bca9e4fa572abb3f692d9a128f27f2828b398a2f20e
+  data.tar.gz: 6f022be505ae8145be9e015ae93c113222bb3ebfc2344723cabb53c47b44659d7c61b1999716fbe8467e69e5714b911ac2005c0247c437aa24d91c0869862e9c

data/.rubocop_todo.yml

@@ -1,21 +1,32 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2022-05-27 23:04:56 UTC using RuboCop version 1.30.0.
+# on 2022-07-08 17:25:42 UTC using RuboCop version 1.31.2.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 234
+# Offense count: 5
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AutoCorrect, EnforcedStyle.
+# SupportedStyles: space, no_space
+Layout/LineContinuationSpacing:
+  Exclude:
+    - 'packer/provisioners/beef.rb'
+    - 'packer/provisioners/metasploit.rb'
+    - 'packer/provisioners/wpscan.rb'
+    - 'vagrant/provisioners/beef.rb'
+
+# Offense count: 258
 Lint/UselessAssignment:
   Enabled: false
 
-# Offense count: 253
+# Offense count: 260
 # Configuration parameters: IgnoredMethods, CountRepeatedAttributes.
 Metrics/AbcSize:
   Max: 328
 
-# Offense count: 63
+# Offense count: 64
 # Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods.
 # IgnoredMethods: refine
 Metrics/BlockLength:
@@ -26,12 +37,12 @@ Metrics/BlockLength:
 Metrics/BlockNesting:
   Max: 5
 
-# Offense count: 89
+# Offense count: 91
 # Configuration parameters: IgnoredMethods.
 Metrics/CyclomaticComplexity:
   Max: 231
 
-# Offense count: 459
+# Offense count: 472
 # Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods.
 Metrics/MethodLength:
   Max: 466
@@ -41,16 +52,16 @@ Metrics/MethodLength:
 Metrics/ModuleLength:
   Max: 1186
 
-# Offense count: 81
+# Offense count: 83
 # Configuration parameters: IgnoredMethods.
 Metrics/PerceivedComplexity:
   Max: 51
 
-# Offense count: 161
+# Offense count: 162
 Style/ClassVars:
   Enabled: false
 
-# Offense count: 285
+# Offense count: 283
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle, SingleLineConditionsOnly, IncludeTernaryExpressions.
 # SupportedStyles: assign_to_condition, assign_inside_condition

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.504]:001 >>> PWN.help
+pwn[v0.4.508]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.504]:001 >>> PWN.help
+pwn[v0.4.508]:001 >>> PWN.help
 ```
 
 

data/Vagrantfile

@@ -247,4 +247,4 @@ else
     end
   end
 end
-File.unlink(runtime_userland) if File.exist?(runtime_userland)
+File.unlink(runtime_userland)

data/bin/pwn_arachni_rest

@@ -105,8 +105,8 @@ rescue Interrupt
   exit 1
 ensure
   Process.kill('TERM', fork_pid) if fork_pid
-  File.unlink(arachni_stdout_log_path) if File.exist?(arachni_stdout_log_path)
-  File.unlink(trained_attack_vectors_yaml) if File.exist?(trained_attack_vectors_yaml)
+  File.unlink(arachni_stdout_log_path)
+  File.unlink(trained_attack_vectors_yaml)
 end
 
 # Watch for Arachni proxy plugin to intialize prior to invoking navigation-REST.instruct

data/bin/pwn_sast

@@ -80,7 +80,6 @@ begin
       Emoticon
       Eval
       Factory
-      FilePermission
       HTTPAuthorizationHeader
       InnerHTML
       LocationHash

data/bin/pwn_simple_http_server

@@ -38,7 +38,8 @@ begin
   system(
     'thin',
     'start',
-    '--adapter file',
+    '--adapter',
+    'file',
     '--address',
     bind_ip,
     '--port',

data/lib/pwn/plugins/owasp_zap.rb

@@ -139,10 +139,10 @@ module PWN
           end
         rescue PTY::ChildExited, SystemExit, Interrupt, Errno::EIO
           puts 'Spawned OWASP Zap PTY exiting...'
-          File.unlink(pwn_stdout_log_path) if File.exist?(pwn_stdout_log_path)
+          File.unlink(pwn_stdout_log_path)
         rescue StandardError => e
           puts 'Spawned process exiting...'
-          File.unlink(pwn_stdout_log_path) if File.exist?(pwn_stdout_log_path)
+          File.unlink(pwn_stdout_log_path)
           raise e
         end
         Process.detach(fork_pid)
@@ -475,7 +475,7 @@ module PWN
         zap_obj = opts[:zap_obj]
         unless zap_obj.nil?
           pid = zap_obj[:pid]
-          File.unlink(zap_obj[:stdout_log]) if File.exist?(zap_obj[:stdout_log])
+          File.unlink(zap_obj[:stdout_log])
 
           Process.kill('TERM', pid)
         end

data/lib/pwn/reports/sast.rb

@@ -101,7 +101,7 @@ module PWN
             <div>
               <b>Toggle Column(s):</b>&nbsp;
               <a class="toggle-vis" data-column="1" href="#">Timestamp</a>&nbsp;|&nbsp;
-              <a class="toggle-vis" data-column="2" href="#">Test Case Invoked/NIST 800-53 Rev. 4 Section</a>&nbsp;|&nbsp;
+              <a class="toggle-vis" data-column="2" href="#">Test Case / Security Requirements</a>&nbsp;|&nbsp;
               <a class="toggle-vis" data-column="3" href="#">Path</a>&nbsp;|&nbsp;
               <a class="toggle-vis" data-column="4" href="#">Line#, Formatted Content, &amp; Last Committed By</a>&nbsp;|&nbsp;
               <a class="toggle-vis" data-column="5" href="#">Raw Content</a>&nbsp;|&nbsp;
@@ -115,7 +115,7 @@ module PWN
                   <tr>
                     <th>#</th>
                     <th>Timestamp</th>
-                    <th>Test Case / NIST 800-53 Security Control</th>
+                    <th>Test Case / Security Requirements</th>
                     <th>Path</th>
                     <th>Line#, Formatted Content, &amp; Last Committed By</th>
                     <th>Raw Content</th>
@@ -170,13 +170,13 @@ module PWN
                       "render": $.fn.dataTable.render.text()
                     },
                     {
-                      "data": "test_case",
+                      "data": "security_requirements",
                       "render": function (data, type, row, meta) {
                         var sast_dirname = data['sast_module'].split('::')[0].toLowerCase() + '/' + data['sast_module'].split('::')[1].toLowerCase();
                         var sast_module = data['sast_module'].split('::')[2];
                         var sast_test_case = sast_module.replace(/\.?([A-Z])/g, function (x,y){ if (sast_module.match(/\.?([A-Z][a-z])/g) ) { return "_" + y.toLowerCase(); } else { return y.toLowerCase(); } }).replace(/^_/g, "");
 
-                        return '<tr><td style="width:150px;" align="left"><a href="https://github.com/0dayinc/pwn/tree/master/lib/' + htmlEntityEncode(sast_dirname) + '/' + htmlEntityEncode(sast_test_case) + '.rb" target="_blank">' + htmlEntityEncode(data['sast_module'].split("::")[2]) + '</a><br /><a href="' + htmlEntityEncode(data['nist_800_53_uri']) + '" target="_blank">' + htmlEntityEncode(data['section'])  + '</a></td></tr>';
+                        return '<tr><td style="width:150px;" align="left"><a href="https://github.com/0dayinc/pwn/tree/master/lib/' + htmlEntityEncode(sast_dirname) + '/' + htmlEntityEncode(sast_test_case) + '.rb" target="_blank">' + htmlEntityEncode(data['sast_module'].split("::")[2]) + '</a><br /><a href="' + htmlEntityEncode(data['nist_800_53_uri']) + '" target="_blank">NIST 800-53:' + htmlEntityEncode(data['section'])  + '</a><a href="' + htmlEntityEncode(data['cwe_uri']) + '" target="_blank">CWE:' + htmlEntityEncode(data['cwe_id'])  + '</a></td></tr>';
                       }
                     },
                     {
@@ -202,7 +202,7 @@ module PWN
 
                           var bug_comment = 'Timestamp: ' + row.timestamp + '\n' +
                                             'Test Case: http://' + window.location.hostname + ':8808/doc_root/pwn-0.1.0/' +
-                                              row.test_case['sast_module'].replace(/::/g, "/") + '\n' +
+                                              row.security_requirements['sast_module'].replace(/::/g, "/") + '\n' +
                                             'Source Code Impacted: ' + $("<div/>").html(filename_link).text() + '\n\n' +
                                             'Test Case Request:\n' +
                                             $("<div/>").html(row.test_case_filter.replace(/\s{2,}/g, " ")).text() + '\n\n' +

data/lib/pwn/sast/amqp_connect_as_guest.rb

@@ -50,7 +50,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'ACCOUNT MANAGEMENT',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-2'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-2',
+          cwe_id: '285',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/285.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/apache_file_system_util_api.rb

@@ -49,7 +49,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -97,6 +97,8 @@ module PWN
           @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
         end
         result_arr
+      rescue StandardError => e
+        raise e
       end
 
       # Used primarily to map NIST 800-53 Revision 4 Security Controls
@@ -104,12 +106,16 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '78',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/78.html'
         }
+      rescue StandardError => e
+        raise e
       end
 
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>

data/lib/pwn/sast/aws.rb

@@ -50,7 +50,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -107,11 +107,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'TRANSMISSION CONFIDENTIALITY AND INTEGRITY',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-8'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-8',
+          cwe_id: '256',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/256.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/banned_function_calls_c.rb

@@ -177,7 +177,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -225,6 +225,8 @@ module PWN
           @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
         end
         result_arr
+      rescue StandardError => e
+        raise e
       end
 
       # Used primarily to map NIST 800-53 Revision 4 Security Controls
@@ -232,12 +234,16 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '676',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/676.html'
         }
+      rescue StandardError => e
+        raise e
       end
 
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>

data/lib/pwn/sast/base64.rb

@@ -51,7 +51,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -103,16 +103,15 @@ module PWN
         raise e
       end
 
-      # Used primarily to map NIST 800-53 Revision 4 Security Controls
-      # https://web.nvd.nist.gov/view/800-53/Rev4/impact?impactName=HIGH
-      # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
-      # Determine the level of Testing Coverage w/ PWN.
+      # Used to dictate Security Control Requirements for a Given SAST module.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'PROTECTION OF INFORMATION AT REST',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28',
+          cwe_id: '95',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/95.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/beef_hook.rb

@@ -45,7 +45,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -102,11 +102,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
+          cwe_id: '506',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/506.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/cmd_execution_java.rb

@@ -50,7 +50,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -107,11 +107,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '78',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/78.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/cmd_execution_python.rb

@@ -52,7 +52,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -109,11 +109,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '78',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/78.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/cmd_execution_ruby.rb

@@ -60,7 +60,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -117,11 +117,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '78',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/78.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/cmd_execution_scala.rb

@@ -50,7 +50,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -107,11 +107,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '78',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/78.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/csrf.rb

@@ -48,7 +48,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -103,12 +103,16 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
+          cwe_id: '352',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/352.html'
         }
+      rescue StandardError => e
+        raise e
       end
 
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>

data/lib/pwn/sast/deserial_java.rb

@@ -47,7 +47,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -102,12 +102,16 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '502',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/502.html'
         }
+      rescue StandardError => e
+        raise e
       end
 
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>

data/lib/pwn/sast/emoticon.rb

@@ -52,7 +52,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -110,11 +110,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'LEAST PRIVILEGE',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6',
+          cwe_id: '546',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/546.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/eval.rb

@@ -48,7 +48,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
+          cwe_id: '95',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/95.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/factory.rb

@@ -47,7 +47,7 @@ module PWN
 
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -102,12 +102,16 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
 
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'DEVELOPER CONFIGURATION MANAGEMENT',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-10',
+          cwe_id: '611',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/611.html'
         }
+      rescue StandardError => e
+        raise e
       end
 
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>