RubyGems - pwn - Versions diffs - 0.4.505 → 0.4.507 - Mend

pwn 0.4.505 → 0.4.507

Files changed (84) hide show

checksums.yaml +4 -4
data/README.md +2 -2
data/bin/pwn_sast +0 -1
data/lib/pwn/reports/sast.rb +5 -5
data/lib/pwn/sast/amqp_connect_as_guest.rb +5 -3
data/lib/pwn/sast/apache_file_system_util_api.rb +9 -3
data/lib/pwn/sast/aws.rb +5 -3
data/lib/pwn/sast/banned_function_calls_c.rb +9 -3
data/lib/pwn/sast/base64.rb +6 -7
data/lib/pwn/sast/beef_hook.rb +5 -3
data/lib/pwn/sast/cmd_execution_java.rb +5 -3
data/lib/pwn/sast/cmd_execution_python.rb +5 -3
data/lib/pwn/sast/cmd_execution_ruby.rb +5 -3
data/lib/pwn/sast/cmd_execution_scala.rb +5 -3
data/lib/pwn/sast/csrf.rb +7 -3
data/lib/pwn/sast/deserial_java.rb +7 -3
data/lib/pwn/sast/emoticon.rb +5 -3
data/lib/pwn/sast/eval.rb +5 -3
data/lib/pwn/sast/factory.rb +7 -3
data/lib/pwn/sast/http_authorization_header.rb +5 -3
data/lib/pwn/sast/inner_html.rb +5 -3
data/lib/pwn/sast/keystore.rb +5 -3
data/lib/pwn/sast/location_hash.rb +5 -3
data/lib/pwn/sast/log4j.rb +5 -3
data/lib/pwn/sast/logger.rb +5 -3
data/lib/pwn/sast/outer_html.rb +5 -3
data/lib/pwn/sast/password.rb +5 -3
data/lib/pwn/sast/pom_version.rb +5 -3
data/lib/pwn/sast/port.rb +5 -3
data/lib/pwn/sast/private_key.rb +5 -3
data/lib/pwn/sast/redirect.rb +5 -3
data/lib/pwn/sast/redos.rb +5 -3
data/lib/pwn/sast/shell.rb +5 -3
data/lib/pwn/sast/signature.rb +5 -3
data/lib/pwn/sast/sql.rb +5 -3
data/lib/pwn/sast/ssl.rb +5 -3
data/lib/pwn/sast/sudo.rb +5 -3
data/lib/pwn/sast/task_tag.rb +5 -3
data/lib/pwn/sast/throw_errors.rb +5 -3
data/lib/pwn/sast/token.rb +5 -3
data/lib/pwn/sast/version.rb +5 -3
data/lib/pwn/sast/window_location_hash.rb +5 -3
data/lib/pwn/sast.rb +0 -1
data/lib/pwn/version.rb +1 -1
data/spec/lib/pwn/sast/amqp_connect_as_guest_spec.rb +3 -3
data/spec/lib/pwn/sast/apache_file_system_util_api_spec.rb +3 -3
data/spec/lib/pwn/sast/aws_spec.rb +3 -3
data/spec/lib/pwn/sast/banned_function_calls_c_spec.rb +3 -3
data/spec/lib/pwn/sast/base64_spec.rb +3 -3
data/spec/lib/pwn/sast/beef_hook_spec.rb +3 -3
data/spec/lib/pwn/sast/cmd_execution_java_spec.rb +3 -3
data/spec/lib/pwn/sast/cmd_execution_python_spec.rb +3 -3
data/spec/lib/pwn/sast/cmd_execution_ruby_spec.rb +3 -3
data/spec/lib/pwn/sast/cmd_execution_scala_spec.rb +3 -3
data/spec/lib/pwn/sast/csrf_spec.rb +3 -3
data/spec/lib/pwn/sast/deserial_java_spec.rb +3 -3
data/spec/lib/pwn/sast/emoticon_spec.rb +3 -3
data/spec/lib/pwn/sast/eval_spec.rb +3 -3
data/spec/lib/pwn/sast/factory_spec.rb +3 -3
data/spec/lib/pwn/sast/http_authorization_header_spec.rb +3 -3
data/spec/lib/pwn/sast/inner_html_spec.rb +3 -3
data/spec/lib/pwn/sast/keystore_spec.rb +3 -3
data/spec/lib/pwn/sast/location_hash_spec.rb +3 -3
data/spec/lib/pwn/sast/log4j_spec.rb +3 -3
data/spec/lib/pwn/sast/logger_spec.rb +3 -3
data/spec/lib/pwn/sast/password_spec.rb +3 -3
data/spec/lib/pwn/sast/pom_version_spec.rb +3 -3
data/spec/lib/pwn/sast/port_spec.rb +3 -3
data/spec/lib/pwn/sast/private_key_spec.rb +3 -3
data/spec/lib/pwn/sast/redirect_spec.rb +3 -3
data/spec/lib/pwn/sast/redos_spec.rb +3 -3
data/spec/lib/pwn/sast/shell_spec.rb +3 -3
data/spec/lib/pwn/sast/signature_spec.rb +3 -3
data/spec/lib/pwn/sast/sql_spec.rb +3 -3
data/spec/lib/pwn/sast/ssl_spec.rb +3 -3
data/spec/lib/pwn/sast/sudo_spec.rb +3 -3
data/spec/lib/pwn/sast/task_tag_spec.rb +3 -3
data/spec/lib/pwn/sast/throw_errors_spec.rb +3 -3
data/spec/lib/pwn/sast/token_spec.rb +3 -3
data/spec/lib/pwn/sast/version_spec.rb +3 -3
data/spec/lib/pwn/sast/window_location_hash_spec.rb +3 -3
metadata +1 -3
data/lib/pwn/sast/file_permission.rb +0 -142
data/spec/lib/pwn/sast/file_permission_spec.rb +0 -25

data/lib/pwn/sast/log4j.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'DEVELOPER SECURITY AND PRIVACY ARCHITECTURE AND DESIGN',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-17'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-17',
+          cwe_id: '502',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/502.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/logger.rb CHANGED Viewed

@@ -63,7 +63,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -120,11 +120,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'PROTECTION OF INFORMATION AT REST',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28',
+          cwe_id: '779',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/779.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/outer_html.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
+          cwe_id: '79',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/password.rb CHANGED Viewed

@@ -52,7 +52,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -107,11 +107,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'PROTECTION OF INFORMATION AT REST',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28',
+          cwe_id: '540',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/540.html'
         }
       end

data/lib/pwn/sast/pom_version.rb CHANGED Viewed

@@ -46,7 +46,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -109,11 +109,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'VULNERABILITY SCANNING',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=RA-5'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=RA-5',
+          cwe_id: '.0',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/1104.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/port.rb CHANGED Viewed

@@ -55,7 +55,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -112,11 +112,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'TRANSMISSION CONFIDENTIALITY AND INTEGRITY',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-8'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-8',
+          cwe_id: '319',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/319.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/private_key.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'CRYPTOGRAPHIC MODULE AUTHENTICATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7',
+          cwe_id: '321',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/321.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/redirect.rb CHANGED Viewed

@@ -50,7 +50,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -107,11 +107,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'LEAST PRIVILEGE',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6',
+          cwe_id: '601',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/601.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/redos.rb CHANGED Viewed

@@ -55,7 +55,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -112,11 +112,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'PROTECTION OF INFORMATION AT REST',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28',
+          cwe_id: '1333',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/1333.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/shell.rb CHANGED Viewed

@@ -56,7 +56,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -113,11 +113,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'DEVELOPER SECURITY AND PRIVACY ARCHITECTURE AND DESIGN',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-17'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-17',
+          cwe_id: '553',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/553.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/signature.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'CRYPTOGRAPHIC MODULE AUTHENTICATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7',
+          cwe_id: '347',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/347.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/sql.rb CHANGED Viewed

@@ -52,7 +52,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -109,11 +109,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '89',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/89.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/ssl.rb CHANGED Viewed

@@ -45,7 +45,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -102,11 +102,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'PUBLIC KEY INFRASTRUCTURE CERTIFICATES',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-17'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-17',
+          cwe_id: '310',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/310.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/sudo.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'LEAST PRIVILEGE',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6',
+          cwe_id: '250',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/250.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/task_tag.rb CHANGED Viewed

@@ -62,7 +62,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -119,11 +119,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'LEAST PRIVILEGE',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6',
+          cwe_id: '546',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/546.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/throw_errors.rb CHANGED Viewed

@@ -47,7 +47,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -104,11 +104,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'ERROR HANDLING',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-11'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-11',
+          cwe_id: '209',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/209.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/token.rb CHANGED Viewed

@@ -45,7 +45,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -102,11 +102,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'CRYPTOGRAPHIC MODULE AUTHENTICATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7',
+          cwe_id: '798',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/798.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/version.rb CHANGED Viewed

@@ -45,7 +45,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -102,11 +102,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'VULNERABILITY SCANNING',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=RA-5'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=RA-5',
+          cwe_id: '672',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/672.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/window_location_hash.rb CHANGED Viewed

@@ -47,7 +47,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -104,11 +104,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
+          cwe_id: '79',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast.rb CHANGED Viewed

@@ -21,7 +21,6 @@ module PWN
     autoload :Emoticon, 'pwn/sast/emoticon'
     autoload :Eval, 'pwn/sast/eval'
     autoload :Factory, 'pwn/sast/factory'
-    autoload :FilePermission, 'pwn/sast/file_permission'
     autoload :HTTPAuthorizationHeader, 'pwn/sast/http_authorization_header'
     autoload :InnerHTML, 'pwn/sast/inner_html'
     autoload :Keystore, 'pwn/sast/keystore'

data/lib/pwn/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module PWN
-  VERSION = '0.4.505'
+  VERSION = '0.4.507'
 end

data/spec/lib/pwn/sast/amqp_connect_as_guest_spec.rb CHANGED Viewed

@@ -8,9 +8,9 @@ describe PWN::SAST::AMQPConnectAsGuest do
     expect(scan_response).to respond_to :scan
   end
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::AMQPConnectAsGuest
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::AMQPConnectAsGuest
+    expect(security_requirements_response).to respond_to :security_requirements
   end
   it 'should display information for authors' do

data/spec/lib/pwn/sast/apache_file_system_util_api_spec.rb CHANGED Viewed

@@ -8,9 +8,9 @@ describe PWN::SAST::ApacheFileSystemUtilAPI do
     expect(scan_response).to respond_to :scan
   end
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::ApacheFileSystemUtilAPI
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::ApacheFileSystemUtilAPI
+    expect(security_requirements_response).to respond_to :security_requirements
   end
   it 'should display information for authors' do

data/spec/lib/pwn/sast/aws_spec.rb CHANGED Viewed

@@ -8,9 +8,9 @@ describe PWN::SAST::AWS do
     expect(scan_response).to respond_to :scan
   end
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::AWS
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::AWS
+    expect(security_requirements_response).to respond_to :security_requirements
   end
   it 'should display information for authors' do

data/spec/lib/pwn/sast/banned_function_calls_c_spec.rb CHANGED Viewed

@@ -8,9 +8,9 @@ describe PWN::SAST::BannedFunctionCallsC do
     expect(scan_response).to respond_to :scan
   end
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::BannedFunctionCallsC
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::BannedFunctionCallsC
+    expect(security_requirements_response).to respond_to :security_requirements
   end
   it 'should display information for authors' do

data/spec/lib/pwn/sast/base64_spec.rb CHANGED Viewed

@@ -8,9 +8,9 @@ describe PWN::SAST::Base64 do
     expect(scan_response).to respond_to :scan
   end
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::Base64
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::Base64
+    expect(security_requirements_response).to respond_to :security_requirements
   end
   it 'should display information for authors' do

data/spec/lib/pwn/sast/beef_hook_spec.rb CHANGED Viewed

@@ -8,9 +8,9 @@ describe PWN::SAST::BeefHook do
     expect(scan_response).to respond_to :scan
   end
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::BeefHook
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::BeefHook
+    expect(security_requirements_response).to respond_to :security_requirements
   end
   it 'should display information for authors' do

data/spec/lib/pwn/sast/cmd_execution_java_spec.rb CHANGED Viewed

@@ -8,9 +8,9 @@ describe PWN::SAST::CmdExecutionJava do
     expect(scan_response).to respond_to :scan
   end
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::CmdExecutionJava
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::CmdExecutionJava
+    expect(security_requirements_response).to respond_to :security_requirements
   end
   it 'should display information for authors' do

data/spec/lib/pwn/sast/cmd_execution_python_spec.rb CHANGED Viewed

@@ -8,9 +8,9 @@ describe PWN::SAST::CmdExecutionPython do
     expect(scan_response).to respond_to :scan
   end
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::CmdExecutionPython
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::CmdExecutionPython
+    expect(security_requirements_response).to respond_to :security_requirements
   end
   it 'should display information for authors' do

data/spec/lib/pwn/sast/cmd_execution_ruby_spec.rb CHANGED Viewed

@@ -8,9 +8,9 @@ describe PWN::SAST::CmdExecutionRuby do
     expect(scan_response).to respond_to :scan
   end
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::CmdExecutionRuby
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::CmdExecutionRuby
+    expect(security_requirements_response).to respond_to :security_requirements
   end
   it 'should display information for authors' do