pwn 0.4.505 → 0.4.507
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/bin/pwn_sast +0 -1
- data/lib/pwn/reports/sast.rb +5 -5
- data/lib/pwn/sast/amqp_connect_as_guest.rb +5 -3
- data/lib/pwn/sast/apache_file_system_util_api.rb +9 -3
- data/lib/pwn/sast/aws.rb +5 -3
- data/lib/pwn/sast/banned_function_calls_c.rb +9 -3
- data/lib/pwn/sast/base64.rb +6 -7
- data/lib/pwn/sast/beef_hook.rb +5 -3
- data/lib/pwn/sast/cmd_execution_java.rb +5 -3
- data/lib/pwn/sast/cmd_execution_python.rb +5 -3
- data/lib/pwn/sast/cmd_execution_ruby.rb +5 -3
- data/lib/pwn/sast/cmd_execution_scala.rb +5 -3
- data/lib/pwn/sast/csrf.rb +7 -3
- data/lib/pwn/sast/deserial_java.rb +7 -3
- data/lib/pwn/sast/emoticon.rb +5 -3
- data/lib/pwn/sast/eval.rb +5 -3
- data/lib/pwn/sast/factory.rb +7 -3
- data/lib/pwn/sast/http_authorization_header.rb +5 -3
- data/lib/pwn/sast/inner_html.rb +5 -3
- data/lib/pwn/sast/keystore.rb +5 -3
- data/lib/pwn/sast/location_hash.rb +5 -3
- data/lib/pwn/sast/log4j.rb +5 -3
- data/lib/pwn/sast/logger.rb +5 -3
- data/lib/pwn/sast/outer_html.rb +5 -3
- data/lib/pwn/sast/password.rb +5 -3
- data/lib/pwn/sast/pom_version.rb +5 -3
- data/lib/pwn/sast/port.rb +5 -3
- data/lib/pwn/sast/private_key.rb +5 -3
- data/lib/pwn/sast/redirect.rb +5 -3
- data/lib/pwn/sast/redos.rb +5 -3
- data/lib/pwn/sast/shell.rb +5 -3
- data/lib/pwn/sast/signature.rb +5 -3
- data/lib/pwn/sast/sql.rb +5 -3
- data/lib/pwn/sast/ssl.rb +5 -3
- data/lib/pwn/sast/sudo.rb +5 -3
- data/lib/pwn/sast/task_tag.rb +5 -3
- data/lib/pwn/sast/throw_errors.rb +5 -3
- data/lib/pwn/sast/token.rb +5 -3
- data/lib/pwn/sast/version.rb +5 -3
- data/lib/pwn/sast/window_location_hash.rb +5 -3
- data/lib/pwn/sast.rb +0 -1
- data/lib/pwn/version.rb +1 -1
- data/spec/lib/pwn/sast/amqp_connect_as_guest_spec.rb +3 -3
- data/spec/lib/pwn/sast/apache_file_system_util_api_spec.rb +3 -3
- data/spec/lib/pwn/sast/aws_spec.rb +3 -3
- data/spec/lib/pwn/sast/banned_function_calls_c_spec.rb +3 -3
- data/spec/lib/pwn/sast/base64_spec.rb +3 -3
- data/spec/lib/pwn/sast/beef_hook_spec.rb +3 -3
- data/spec/lib/pwn/sast/cmd_execution_java_spec.rb +3 -3
- data/spec/lib/pwn/sast/cmd_execution_python_spec.rb +3 -3
- data/spec/lib/pwn/sast/cmd_execution_ruby_spec.rb +3 -3
- data/spec/lib/pwn/sast/cmd_execution_scala_spec.rb +3 -3
- data/spec/lib/pwn/sast/csrf_spec.rb +3 -3
- data/spec/lib/pwn/sast/deserial_java_spec.rb +3 -3
- data/spec/lib/pwn/sast/emoticon_spec.rb +3 -3
- data/spec/lib/pwn/sast/eval_spec.rb +3 -3
- data/spec/lib/pwn/sast/factory_spec.rb +3 -3
- data/spec/lib/pwn/sast/http_authorization_header_spec.rb +3 -3
- data/spec/lib/pwn/sast/inner_html_spec.rb +3 -3
- data/spec/lib/pwn/sast/keystore_spec.rb +3 -3
- data/spec/lib/pwn/sast/location_hash_spec.rb +3 -3
- data/spec/lib/pwn/sast/log4j_spec.rb +3 -3
- data/spec/lib/pwn/sast/logger_spec.rb +3 -3
- data/spec/lib/pwn/sast/password_spec.rb +3 -3
- data/spec/lib/pwn/sast/pom_version_spec.rb +3 -3
- data/spec/lib/pwn/sast/port_spec.rb +3 -3
- data/spec/lib/pwn/sast/private_key_spec.rb +3 -3
- data/spec/lib/pwn/sast/redirect_spec.rb +3 -3
- data/spec/lib/pwn/sast/redos_spec.rb +3 -3
- data/spec/lib/pwn/sast/shell_spec.rb +3 -3
- data/spec/lib/pwn/sast/signature_spec.rb +3 -3
- data/spec/lib/pwn/sast/sql_spec.rb +3 -3
- data/spec/lib/pwn/sast/ssl_spec.rb +3 -3
- data/spec/lib/pwn/sast/sudo_spec.rb +3 -3
- data/spec/lib/pwn/sast/task_tag_spec.rb +3 -3
- data/spec/lib/pwn/sast/throw_errors_spec.rb +3 -3
- data/spec/lib/pwn/sast/token_spec.rb +3 -3
- data/spec/lib/pwn/sast/version_spec.rb +3 -3
- data/spec/lib/pwn/sast/window_location_hash_spec.rb +3 -3
- metadata +1 -3
- data/lib/pwn/sast/file_permission.rb +0 -142
- data/spec/lib/pwn/sast/file_permission_spec.rb +0 -25
data/lib/pwn/sast/log4j.rb
CHANGED
@@ -48,7 +48,7 @@ module PWN
|
|
48
48
|
|
49
49
|
hash_line = {
|
50
50
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
51
|
-
|
51
|
+
security_requirements: security_requirements,
|
52
52
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
53
53
|
line_no_and_contents: '',
|
54
54
|
raw_content: str,
|
@@ -105,11 +105,13 @@ module PWN
|
|
105
105
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
106
106
|
# Determine the level of Testing Coverage w/ PWN.
|
107
107
|
|
108
|
-
public_class_method def self.
|
108
|
+
public_class_method def self.security_requirements
|
109
109
|
{
|
110
110
|
sast_module: self,
|
111
111
|
section: 'DEVELOPER SECURITY AND PRIVACY ARCHITECTURE AND DESIGN',
|
112
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-17'
|
112
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-17',
|
113
|
+
cwe_id: '502',
|
114
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/502.html'
|
113
115
|
}
|
114
116
|
rescue StandardError => e
|
115
117
|
raise e
|
data/lib/pwn/sast/logger.rb
CHANGED
@@ -63,7 +63,7 @@ module PWN
|
|
63
63
|
|
64
64
|
hash_line = {
|
65
65
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
66
|
-
|
66
|
+
security_requirements: security_requirements,
|
67
67
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
68
68
|
line_no_and_contents: '',
|
69
69
|
raw_content: str,
|
@@ -120,11 +120,13 @@ module PWN
|
|
120
120
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
121
121
|
# Determine the level of Testing Coverage w/ PWN.
|
122
122
|
|
123
|
-
public_class_method def self.
|
123
|
+
public_class_method def self.security_requirements
|
124
124
|
{
|
125
125
|
sast_module: self,
|
126
126
|
section: 'PROTECTION OF INFORMATION AT REST',
|
127
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28'
|
127
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28',
|
128
|
+
cwe_id: '779',
|
129
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/779.html'
|
128
130
|
}
|
129
131
|
rescue StandardError => e
|
130
132
|
raise e
|
data/lib/pwn/sast/outer_html.rb
CHANGED
@@ -48,7 +48,7 @@ module PWN
|
|
48
48
|
|
49
49
|
hash_line = {
|
50
50
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
51
|
-
|
51
|
+
security_requirements: security_requirements,
|
52
52
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
53
53
|
line_no_and_contents: '',
|
54
54
|
raw_content: str,
|
@@ -105,11 +105,13 @@ module PWN
|
|
105
105
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
106
106
|
# Determine the level of Testing Coverage w/ PWN.
|
107
107
|
|
108
|
-
public_class_method def self.
|
108
|
+
public_class_method def self.security_requirements
|
109
109
|
{
|
110
110
|
sast_module: self,
|
111
111
|
section: 'MALICIOUS CODE PROTECTION',
|
112
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
|
112
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
|
113
|
+
cwe_id: '79',
|
114
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'
|
113
115
|
}
|
114
116
|
rescue StandardError => e
|
115
117
|
raise e
|
data/lib/pwn/sast/password.rb
CHANGED
@@ -52,7 +52,7 @@ module PWN
|
|
52
52
|
|
53
53
|
hash_line = {
|
54
54
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
55
|
-
|
55
|
+
security_requirements: security_requirements,
|
56
56
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
57
57
|
line_no_and_contents: '',
|
58
58
|
raw_content: str,
|
@@ -107,11 +107,13 @@ module PWN
|
|
107
107
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
108
108
|
# Determine the level of Testing Coverage w/ PWN.
|
109
109
|
|
110
|
-
public_class_method def self.
|
110
|
+
public_class_method def self.security_requirements
|
111
111
|
{
|
112
112
|
sast_module: self,
|
113
113
|
section: 'PROTECTION OF INFORMATION AT REST',
|
114
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28'
|
114
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28',
|
115
|
+
cwe_id: '540',
|
116
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/540.html'
|
115
117
|
}
|
116
118
|
end
|
117
119
|
|
data/lib/pwn/sast/pom_version.rb
CHANGED
@@ -46,7 +46,7 @@ module PWN
|
|
46
46
|
|
47
47
|
hash_line = {
|
48
48
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
49
|
-
|
49
|
+
security_requirements: security_requirements,
|
50
50
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
51
51
|
line_no_and_contents: '',
|
52
52
|
raw_content: str,
|
@@ -109,11 +109,13 @@ module PWN
|
|
109
109
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
110
110
|
# Determine the level of Testing Coverage w/ PWN.
|
111
111
|
|
112
|
-
public_class_method def self.
|
112
|
+
public_class_method def self.security_requirements
|
113
113
|
{
|
114
114
|
sast_module: self,
|
115
115
|
section: 'VULNERABILITY SCANNING',
|
116
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=RA-5'
|
116
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=RA-5',
|
117
|
+
cwe_id: '.0',
|
118
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/1104.html'
|
117
119
|
}
|
118
120
|
rescue StandardError => e
|
119
121
|
raise e
|
data/lib/pwn/sast/port.rb
CHANGED
@@ -55,7 +55,7 @@ module PWN
|
|
55
55
|
|
56
56
|
hash_line = {
|
57
57
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
58
|
-
|
58
|
+
security_requirements: security_requirements,
|
59
59
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
60
60
|
line_no_and_contents: '',
|
61
61
|
raw_content: str,
|
@@ -112,11 +112,13 @@ module PWN
|
|
112
112
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
113
113
|
# Determine the level of Testing Coverage w/ PWN.
|
114
114
|
|
115
|
-
public_class_method def self.
|
115
|
+
public_class_method def self.security_requirements
|
116
116
|
{
|
117
117
|
sast_module: self,
|
118
118
|
section: 'TRANSMISSION CONFIDENTIALITY AND INTEGRITY',
|
119
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-8'
|
119
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-8',
|
120
|
+
cwe_id: '319',
|
121
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/319.html'
|
120
122
|
}
|
121
123
|
rescue StandardError => e
|
122
124
|
raise e
|
data/lib/pwn/sast/private_key.rb
CHANGED
@@ -48,7 +48,7 @@ module PWN
|
|
48
48
|
|
49
49
|
hash_line = {
|
50
50
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
51
|
-
|
51
|
+
security_requirements: security_requirements,
|
52
52
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
53
53
|
line_no_and_contents: '',
|
54
54
|
raw_content: str,
|
@@ -105,11 +105,13 @@ module PWN
|
|
105
105
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
106
106
|
# Determine the level of Testing Coverage w/ PWN.
|
107
107
|
|
108
|
-
public_class_method def self.
|
108
|
+
public_class_method def self.security_requirements
|
109
109
|
{
|
110
110
|
sast_module: self,
|
111
111
|
section: 'CRYPTOGRAPHIC MODULE AUTHENTICATION',
|
112
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7'
|
112
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7',
|
113
|
+
cwe_id: '321',
|
114
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/321.html'
|
113
115
|
}
|
114
116
|
rescue StandardError => e
|
115
117
|
raise e
|
data/lib/pwn/sast/redirect.rb
CHANGED
@@ -50,7 +50,7 @@ module PWN
|
|
50
50
|
|
51
51
|
hash_line = {
|
52
52
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
53
|
-
|
53
|
+
security_requirements: security_requirements,
|
54
54
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
55
55
|
line_no_and_contents: '',
|
56
56
|
raw_content: str,
|
@@ -107,11 +107,13 @@ module PWN
|
|
107
107
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
108
108
|
# Determine the level of Testing Coverage w/ PWN.
|
109
109
|
|
110
|
-
public_class_method def self.
|
110
|
+
public_class_method def self.security_requirements
|
111
111
|
{
|
112
112
|
sast_module: self,
|
113
113
|
section: 'LEAST PRIVILEGE',
|
114
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6'
|
114
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6',
|
115
|
+
cwe_id: '601',
|
116
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/601.html'
|
115
117
|
}
|
116
118
|
rescue StandardError => e
|
117
119
|
raise e
|
data/lib/pwn/sast/redos.rb
CHANGED
@@ -55,7 +55,7 @@ module PWN
|
|
55
55
|
|
56
56
|
hash_line = {
|
57
57
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
58
|
-
|
58
|
+
security_requirements: security_requirements,
|
59
59
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
60
60
|
line_no_and_contents: '',
|
61
61
|
raw_content: str,
|
@@ -112,11 +112,13 @@ module PWN
|
|
112
112
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
113
113
|
# Determine the level of Testing Coverage w/ PWN.
|
114
114
|
|
115
|
-
public_class_method def self.
|
115
|
+
public_class_method def self.security_requirements
|
116
116
|
{
|
117
117
|
sast_module: self,
|
118
118
|
section: 'PROTECTION OF INFORMATION AT REST',
|
119
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28'
|
119
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28',
|
120
|
+
cwe_id: '1333',
|
121
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/1333.html'
|
120
122
|
}
|
121
123
|
rescue StandardError => e
|
122
124
|
raise e
|
data/lib/pwn/sast/shell.rb
CHANGED
@@ -56,7 +56,7 @@ module PWN
|
|
56
56
|
|
57
57
|
hash_line = {
|
58
58
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
59
|
-
|
59
|
+
security_requirements: security_requirements,
|
60
60
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
61
61
|
line_no_and_contents: '',
|
62
62
|
raw_content: str,
|
@@ -113,11 +113,13 @@ module PWN
|
|
113
113
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
114
114
|
# Determine the level of Testing Coverage w/ PWN.
|
115
115
|
|
116
|
-
public_class_method def self.
|
116
|
+
public_class_method def self.security_requirements
|
117
117
|
{
|
118
118
|
sast_module: self,
|
119
119
|
section: 'DEVELOPER SECURITY AND PRIVACY ARCHITECTURE AND DESIGN',
|
120
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-17'
|
120
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-17',
|
121
|
+
cwe_id: '553',
|
122
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/553.html'
|
121
123
|
}
|
122
124
|
rescue StandardError => e
|
123
125
|
raise e
|
data/lib/pwn/sast/signature.rb
CHANGED
@@ -48,7 +48,7 @@ module PWN
|
|
48
48
|
|
49
49
|
hash_line = {
|
50
50
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
51
|
-
|
51
|
+
security_requirements: security_requirements,
|
52
52
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
53
53
|
line_no_and_contents: '',
|
54
54
|
raw_content: str,
|
@@ -105,11 +105,13 @@ module PWN
|
|
105
105
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
106
106
|
# Determine the level of Testing Coverage w/ PWN.
|
107
107
|
|
108
|
-
public_class_method def self.
|
108
|
+
public_class_method def self.security_requirements
|
109
109
|
{
|
110
110
|
sast_module: self,
|
111
111
|
section: 'CRYPTOGRAPHIC MODULE AUTHENTICATION',
|
112
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7'
|
112
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7',
|
113
|
+
cwe_id: '347',
|
114
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/347.html'
|
113
115
|
}
|
114
116
|
rescue StandardError => e
|
115
117
|
raise e
|
data/lib/pwn/sast/sql.rb
CHANGED
@@ -52,7 +52,7 @@ module PWN
|
|
52
52
|
|
53
53
|
hash_line = {
|
54
54
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
55
|
-
|
55
|
+
security_requirements: security_requirements,
|
56
56
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
57
57
|
line_no_and_contents: '',
|
58
58
|
raw_content: str,
|
@@ -109,11 +109,13 @@ module PWN
|
|
109
109
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
110
110
|
# Determine the level of Testing Coverage w/ PWN.
|
111
111
|
|
112
|
-
public_class_method def self.
|
112
|
+
public_class_method def self.security_requirements
|
113
113
|
{
|
114
114
|
sast_module: self,
|
115
115
|
section: 'INFORMATION INPUT VALIDATION',
|
116
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
|
116
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
|
117
|
+
cwe_id: '89',
|
118
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/89.html'
|
117
119
|
}
|
118
120
|
rescue StandardError => e
|
119
121
|
raise e
|
data/lib/pwn/sast/ssl.rb
CHANGED
@@ -45,7 +45,7 @@ module PWN
|
|
45
45
|
|
46
46
|
hash_line = {
|
47
47
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
48
|
-
|
48
|
+
security_requirements: security_requirements,
|
49
49
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
50
50
|
line_no_and_contents: '',
|
51
51
|
raw_content: str,
|
@@ -102,11 +102,13 @@ module PWN
|
|
102
102
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
103
103
|
# Determine the level of Testing Coverage w/ PWN.
|
104
104
|
|
105
|
-
public_class_method def self.
|
105
|
+
public_class_method def self.security_requirements
|
106
106
|
{
|
107
107
|
sast_module: self,
|
108
108
|
section: 'PUBLIC KEY INFRASTRUCTURE CERTIFICATES',
|
109
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-17'
|
109
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-17',
|
110
|
+
cwe_id: '310',
|
111
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/310.html'
|
110
112
|
}
|
111
113
|
rescue StandardError => e
|
112
114
|
raise e
|
data/lib/pwn/sast/sudo.rb
CHANGED
@@ -48,7 +48,7 @@ module PWN
|
|
48
48
|
|
49
49
|
hash_line = {
|
50
50
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
51
|
-
|
51
|
+
security_requirements: security_requirements,
|
52
52
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
53
53
|
line_no_and_contents: '',
|
54
54
|
raw_content: str,
|
@@ -105,11 +105,13 @@ module PWN
|
|
105
105
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
106
106
|
# Determine the level of Testing Coverage w/ PWN.
|
107
107
|
|
108
|
-
public_class_method def self.
|
108
|
+
public_class_method def self.security_requirements
|
109
109
|
{
|
110
110
|
sast_module: self,
|
111
111
|
section: 'LEAST PRIVILEGE',
|
112
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6'
|
112
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6',
|
113
|
+
cwe_id: '250',
|
114
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/250.html'
|
113
115
|
}
|
114
116
|
rescue StandardError => e
|
115
117
|
raise e
|
data/lib/pwn/sast/task_tag.rb
CHANGED
@@ -62,7 +62,7 @@ module PWN
|
|
62
62
|
|
63
63
|
hash_line = {
|
64
64
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
65
|
-
|
65
|
+
security_requirements: security_requirements,
|
66
66
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
67
67
|
line_no_and_contents: '',
|
68
68
|
raw_content: str,
|
@@ -119,11 +119,13 @@ module PWN
|
|
119
119
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
120
120
|
# Determine the level of Testing Coverage w/ PWN.
|
121
121
|
|
122
|
-
public_class_method def self.
|
122
|
+
public_class_method def self.security_requirements
|
123
123
|
{
|
124
124
|
sast_module: self,
|
125
125
|
section: 'LEAST PRIVILEGE',
|
126
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6'
|
126
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6',
|
127
|
+
cwe_id: '546',
|
128
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/546.html'
|
127
129
|
}
|
128
130
|
rescue StandardError => e
|
129
131
|
raise e
|
@@ -47,7 +47,7 @@ module PWN
|
|
47
47
|
|
48
48
|
hash_line = {
|
49
49
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
50
|
-
|
50
|
+
security_requirements: security_requirements,
|
51
51
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
52
52
|
line_no_and_contents: '',
|
53
53
|
raw_content: str,
|
@@ -104,11 +104,13 @@ module PWN
|
|
104
104
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
105
105
|
# Determine the level of Testing Coverage w/ PWN.
|
106
106
|
|
107
|
-
public_class_method def self.
|
107
|
+
public_class_method def self.security_requirements
|
108
108
|
{
|
109
109
|
sast_module: self,
|
110
110
|
section: 'ERROR HANDLING',
|
111
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-11'
|
111
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-11',
|
112
|
+
cwe_id: '209',
|
113
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/209.html'
|
112
114
|
}
|
113
115
|
rescue StandardError => e
|
114
116
|
raise e
|
data/lib/pwn/sast/token.rb
CHANGED
@@ -45,7 +45,7 @@ module PWN
|
|
45
45
|
|
46
46
|
hash_line = {
|
47
47
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
48
|
-
|
48
|
+
security_requirements: security_requirements,
|
49
49
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
50
50
|
line_no_and_contents: '',
|
51
51
|
raw_content: str,
|
@@ -102,11 +102,13 @@ module PWN
|
|
102
102
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
103
103
|
# Determine the level of Testing Coverage w/ PWN.
|
104
104
|
|
105
|
-
public_class_method def self.
|
105
|
+
public_class_method def self.security_requirements
|
106
106
|
{
|
107
107
|
sast_module: self,
|
108
108
|
section: 'CRYPTOGRAPHIC MODULE AUTHENTICATION',
|
109
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7'
|
109
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=IA-7',
|
110
|
+
cwe_id: '798',
|
111
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/798.html'
|
110
112
|
}
|
111
113
|
rescue StandardError => e
|
112
114
|
raise e
|
data/lib/pwn/sast/version.rb
CHANGED
@@ -45,7 +45,7 @@ module PWN
|
|
45
45
|
|
46
46
|
hash_line = {
|
47
47
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
48
|
-
|
48
|
+
security_requirements: security_requirements,
|
49
49
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
50
50
|
line_no_and_contents: '',
|
51
51
|
raw_content: str,
|
@@ -102,11 +102,13 @@ module PWN
|
|
102
102
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
103
103
|
# Determine the level of Testing Coverage w/ PWN.
|
104
104
|
|
105
|
-
public_class_method def self.
|
105
|
+
public_class_method def self.security_requirements
|
106
106
|
{
|
107
107
|
sast_module: self,
|
108
108
|
section: 'VULNERABILITY SCANNING',
|
109
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=RA-5'
|
109
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=RA-5',
|
110
|
+
cwe_id: '672',
|
111
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/672.html'
|
110
112
|
}
|
111
113
|
rescue StandardError => e
|
112
114
|
raise e
|
@@ -47,7 +47,7 @@ module PWN
|
|
47
47
|
|
48
48
|
hash_line = {
|
49
49
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
50
|
-
|
50
|
+
security_requirements: security_requirements,
|
51
51
|
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
52
52
|
line_no_and_contents: '',
|
53
53
|
raw_content: str,
|
@@ -104,11 +104,13 @@ module PWN
|
|
104
104
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
105
105
|
# Determine the level of Testing Coverage w/ PWN.
|
106
106
|
|
107
|
-
public_class_method def self.
|
107
|
+
public_class_method def self.security_requirements
|
108
108
|
{
|
109
109
|
sast_module: self,
|
110
110
|
section: 'MALICIOUS CODE PROTECTION',
|
111
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
|
111
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
|
112
|
+
cwe_id: '79',
|
113
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'
|
112
114
|
}
|
113
115
|
rescue StandardError => e
|
114
116
|
raise e
|
data/lib/pwn/sast.rb
CHANGED
@@ -21,7 +21,6 @@ module PWN
|
|
21
21
|
autoload :Emoticon, 'pwn/sast/emoticon'
|
22
22
|
autoload :Eval, 'pwn/sast/eval'
|
23
23
|
autoload :Factory, 'pwn/sast/factory'
|
24
|
-
autoload :FilePermission, 'pwn/sast/file_permission'
|
25
24
|
autoload :HTTPAuthorizationHeader, 'pwn/sast/http_authorization_header'
|
26
25
|
autoload :InnerHTML, 'pwn/sast/inner_html'
|
27
26
|
autoload :Keystore, 'pwn/sast/keystore'
|
data/lib/pwn/version.rb
CHANGED
@@ -8,9 +8,9 @@ describe PWN::SAST::AMQPConnectAsGuest do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::AMQPConnectAsGuest
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::ApacheFileSystemUtilAPI do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::ApacheFileSystemUtilAPI
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::AWS do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::AWS
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::BannedFunctionCallsC do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::BannedFunctionCallsC
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::Base64 do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::Base64
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::BeefHook do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::BeefHook
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::CmdExecutionJava do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::CmdExecutionJava
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::CmdExecutionPython do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::CmdExecutionPython
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::CmdExecutionRuby do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::CmdExecutionRuby
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|