pwn 0.4.505 → 0.4.507
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/bin/pwn_sast +0 -1
- data/lib/pwn/reports/sast.rb +5 -5
- data/lib/pwn/sast/amqp_connect_as_guest.rb +5 -3
- data/lib/pwn/sast/apache_file_system_util_api.rb +9 -3
- data/lib/pwn/sast/aws.rb +5 -3
- data/lib/pwn/sast/banned_function_calls_c.rb +9 -3
- data/lib/pwn/sast/base64.rb +6 -7
- data/lib/pwn/sast/beef_hook.rb +5 -3
- data/lib/pwn/sast/cmd_execution_java.rb +5 -3
- data/lib/pwn/sast/cmd_execution_python.rb +5 -3
- data/lib/pwn/sast/cmd_execution_ruby.rb +5 -3
- data/lib/pwn/sast/cmd_execution_scala.rb +5 -3
- data/lib/pwn/sast/csrf.rb +7 -3
- data/lib/pwn/sast/deserial_java.rb +7 -3
- data/lib/pwn/sast/emoticon.rb +5 -3
- data/lib/pwn/sast/eval.rb +5 -3
- data/lib/pwn/sast/factory.rb +7 -3
- data/lib/pwn/sast/http_authorization_header.rb +5 -3
- data/lib/pwn/sast/inner_html.rb +5 -3
- data/lib/pwn/sast/keystore.rb +5 -3
- data/lib/pwn/sast/location_hash.rb +5 -3
- data/lib/pwn/sast/log4j.rb +5 -3
- data/lib/pwn/sast/logger.rb +5 -3
- data/lib/pwn/sast/outer_html.rb +5 -3
- data/lib/pwn/sast/password.rb +5 -3
- data/lib/pwn/sast/pom_version.rb +5 -3
- data/lib/pwn/sast/port.rb +5 -3
- data/lib/pwn/sast/private_key.rb +5 -3
- data/lib/pwn/sast/redirect.rb +5 -3
- data/lib/pwn/sast/redos.rb +5 -3
- data/lib/pwn/sast/shell.rb +5 -3
- data/lib/pwn/sast/signature.rb +5 -3
- data/lib/pwn/sast/sql.rb +5 -3
- data/lib/pwn/sast/ssl.rb +5 -3
- data/lib/pwn/sast/sudo.rb +5 -3
- data/lib/pwn/sast/task_tag.rb +5 -3
- data/lib/pwn/sast/throw_errors.rb +5 -3
- data/lib/pwn/sast/token.rb +5 -3
- data/lib/pwn/sast/version.rb +5 -3
- data/lib/pwn/sast/window_location_hash.rb +5 -3
- data/lib/pwn/sast.rb +0 -1
- data/lib/pwn/version.rb +1 -1
- data/spec/lib/pwn/sast/amqp_connect_as_guest_spec.rb +3 -3
- data/spec/lib/pwn/sast/apache_file_system_util_api_spec.rb +3 -3
- data/spec/lib/pwn/sast/aws_spec.rb +3 -3
- data/spec/lib/pwn/sast/banned_function_calls_c_spec.rb +3 -3
- data/spec/lib/pwn/sast/base64_spec.rb +3 -3
- data/spec/lib/pwn/sast/beef_hook_spec.rb +3 -3
- data/spec/lib/pwn/sast/cmd_execution_java_spec.rb +3 -3
- data/spec/lib/pwn/sast/cmd_execution_python_spec.rb +3 -3
- data/spec/lib/pwn/sast/cmd_execution_ruby_spec.rb +3 -3
- data/spec/lib/pwn/sast/cmd_execution_scala_spec.rb +3 -3
- data/spec/lib/pwn/sast/csrf_spec.rb +3 -3
- data/spec/lib/pwn/sast/deserial_java_spec.rb +3 -3
- data/spec/lib/pwn/sast/emoticon_spec.rb +3 -3
- data/spec/lib/pwn/sast/eval_spec.rb +3 -3
- data/spec/lib/pwn/sast/factory_spec.rb +3 -3
- data/spec/lib/pwn/sast/http_authorization_header_spec.rb +3 -3
- data/spec/lib/pwn/sast/inner_html_spec.rb +3 -3
- data/spec/lib/pwn/sast/keystore_spec.rb +3 -3
- data/spec/lib/pwn/sast/location_hash_spec.rb +3 -3
- data/spec/lib/pwn/sast/log4j_spec.rb +3 -3
- data/spec/lib/pwn/sast/logger_spec.rb +3 -3
- data/spec/lib/pwn/sast/password_spec.rb +3 -3
- data/spec/lib/pwn/sast/pom_version_spec.rb +3 -3
- data/spec/lib/pwn/sast/port_spec.rb +3 -3
- data/spec/lib/pwn/sast/private_key_spec.rb +3 -3
- data/spec/lib/pwn/sast/redirect_spec.rb +3 -3
- data/spec/lib/pwn/sast/redos_spec.rb +3 -3
- data/spec/lib/pwn/sast/shell_spec.rb +3 -3
- data/spec/lib/pwn/sast/signature_spec.rb +3 -3
- data/spec/lib/pwn/sast/sql_spec.rb +3 -3
- data/spec/lib/pwn/sast/ssl_spec.rb +3 -3
- data/spec/lib/pwn/sast/sudo_spec.rb +3 -3
- data/spec/lib/pwn/sast/task_tag_spec.rb +3 -3
- data/spec/lib/pwn/sast/throw_errors_spec.rb +3 -3
- data/spec/lib/pwn/sast/token_spec.rb +3 -3
- data/spec/lib/pwn/sast/version_spec.rb +3 -3
- data/spec/lib/pwn/sast/window_location_hash_spec.rb +3 -3
- metadata +1 -3
- data/lib/pwn/sast/file_permission.rb +0 -142
- data/spec/lib/pwn/sast/file_permission_spec.rb +0 -25
@@ -8,9 +8,9 @@ describe PWN::SAST::CmdExecutionScala do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::CmdExecutionScala
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::CSRF do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::CSRF
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::DeserialJava do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::DeserialJava
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::Emoticon do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::Emoticon
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::Eval do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::Eval
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::Factory do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::Factory
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::HTTPAuthorizationHeader do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::HTTPAuthorizationHeader
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::InnerHTML do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::InnerHTML
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::Keystore do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::Keystore
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::LocationHash do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::LocationHash
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::Log4J do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::Log4J
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::Logger do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::Logger
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::Password do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::Password
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::PomVersion do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::PomVersion
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::Port do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::Port
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::PrivateKey do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::PrivateKey
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::Redirect do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::Redirect
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::ReDOS do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::ReDOS
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::Shell do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::Shell
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::Signature do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::Signature
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::SQL do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::SQL
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::SSL do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::SSL
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::Sudo do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::Sudo
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::TaskTag do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::TaskTag
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::ThrowErrors do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::ThrowErrors
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::Token do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::Token
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::Version do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::Version
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
@@ -8,9 +8,9 @@ describe PWN::SAST::WindowLocationHash do
|
|
8
8
|
expect(scan_response).to respond_to :scan
|
9
9
|
end
|
10
10
|
|
11
|
-
it 'should display information for
|
12
|
-
|
13
|
-
expect(
|
11
|
+
it 'should display information for security_requirements' do
|
12
|
+
security_requirements_response = PWN::SAST::WindowLocationHash
|
13
|
+
expect(security_requirements_response).to respond_to :security_requirements
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should display information for authors' do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.507
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
@@ -1612,7 +1612,6 @@ files:
|
|
1612
1612
|
- lib/pwn/sast/emoticon.rb
|
1613
1613
|
- lib/pwn/sast/eval.rb
|
1614
1614
|
- lib/pwn/sast/factory.rb
|
1615
|
-
- lib/pwn/sast/file_permission.rb
|
1616
1615
|
- lib/pwn/sast/http_authorization_header.rb
|
1617
1616
|
- lib/pwn/sast/inner_html.rb
|
1618
1617
|
- lib/pwn/sast/keystore.rb
|
@@ -1909,7 +1908,6 @@ files:
|
|
1909
1908
|
- spec/lib/pwn/sast/emoticon_spec.rb
|
1910
1909
|
- spec/lib/pwn/sast/eval_spec.rb
|
1911
1910
|
- spec/lib/pwn/sast/factory_spec.rb
|
1912
|
-
- spec/lib/pwn/sast/file_permission_spec.rb
|
1913
1911
|
- spec/lib/pwn/sast/http_authorization_header_spec.rb
|
1914
1912
|
- spec/lib/pwn/sast/inner_html_spec.rb
|
1915
1913
|
- spec/lib/pwn/sast/keystore_spec.rb
|
@@ -1,142 +0,0 @@
|
|
1
|
-
# frozen_string_literal: false
|
2
|
-
|
3
|
-
require 'socket'
|
4
|
-
|
5
|
-
module PWN
|
6
|
-
module SAST
|
7
|
-
# SAST Module used to identify the permissions
|
8
|
-
# set on files within Puppet .pp files
|
9
|
-
module FilePermission
|
10
|
-
@@logger = PWN::Plugins::PWNLogger.create
|
11
|
-
|
12
|
-
# Supported Method Parameters::
|
13
|
-
# PWN::SAST::FilePermission.scan(
|
14
|
-
# dir_path: 'optional path to dir defaults to .'
|
15
|
-
# git_repo_root_uri: 'optional http uri of git repo scanned'
|
16
|
-
# )
|
17
|
-
|
18
|
-
public_class_method def self.scan(opts = {})
|
19
|
-
dir_path = opts[:dir_path]
|
20
|
-
git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
|
21
|
-
result_arr = []
|
22
|
-
logger_results = ''
|
23
|
-
|
24
|
-
PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
|
25
|
-
if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && File.extname(entry) == '.pp'
|
26
|
-
line_no_and_contents_arr = []
|
27
|
-
filename_arr = []
|
28
|
-
entry_beautified = false
|
29
|
-
|
30
|
-
if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
|
31
|
-
js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED`.to_s.scrub
|
32
|
-
entry = "#{entry}.JS-BEAUTIFIED"
|
33
|
-
entry_beautified = true
|
34
|
-
end
|
35
|
-
|
36
|
-
test_case_filter = " sed -e '/file {/,/}/!d;=' #{entry} "
|
37
|
-
|
38
|
-
line_number_jumble_str = `#{test_case_filter}`.to_s.scrub
|
39
|
-
|
40
|
-
# Convert sed line output to grep for consistent JSON data consumption
|
41
|
-
numbered_str = line_number_jumble_str.gsub(/(^\d{1,}|\n\d{1,})\n/, '\1:')
|
42
|
-
str = numbered_str
|
43
|
-
|
44
|
-
if str.to_s.empty?
|
45
|
-
# If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
|
46
|
-
logger_results = "#{logger_results}~" # Catching bugs is good :)
|
47
|
-
else
|
48
|
-
str = "1:Result larger than 64KB -> Size: #{str.to_s.length}. Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
|
49
|
-
|
50
|
-
hash_line = {
|
51
|
-
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
52
|
-
test_case: nist_800_53_requirements,
|
53
|
-
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
|
54
|
-
line_no_and_contents: '',
|
55
|
-
raw_content: str,
|
56
|
-
test_case_filter: test_case_filter
|
57
|
-
}
|
58
|
-
|
59
|
-
# COMMMENT: Must be a better way to implement this (regex is kinda funky)
|
60
|
-
line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
|
61
|
-
line_no_count = line_contents_split.length # This should always be an even number
|
62
|
-
current_count = 0
|
63
|
-
while line_no_count > current_count
|
64
|
-
line_no = line_contents_split[current_count]
|
65
|
-
contents = line_contents_split[current_count + 1]
|
66
|
-
if Dir.exist?("#{dir_path}/.git") ||
|
67
|
-
Dir.exist?('.git')
|
68
|
-
|
69
|
-
repo_root = dir_path
|
70
|
-
repo_root = '.' if Dir.exist?('.git')
|
71
|
-
|
72
|
-
author = PWN::Plugins::Git.get_author(
|
73
|
-
repo_root: repo_root,
|
74
|
-
from_line: line_no,
|
75
|
-
to_line: line_no,
|
76
|
-
target_file: entry,
|
77
|
-
entry_beautified: entry_beautified
|
78
|
-
)
|
79
|
-
else
|
80
|
-
author = 'N/A'
|
81
|
-
end
|
82
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(line_no: line_no,
|
83
|
-
contents: contents,
|
84
|
-
author: author)
|
85
|
-
|
86
|
-
current_count += 2
|
87
|
-
end
|
88
|
-
|
89
|
-
result_arr.push(hash_line)
|
90
|
-
logger_results = "#{logger_results}x" # Seeing progress is good :)
|
91
|
-
end
|
92
|
-
end
|
93
|
-
end
|
94
|
-
logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
|
95
|
-
if logger_results.empty?
|
96
|
-
@@logger.info("#{logger_banner}: No files applicable to this test case.\n")
|
97
|
-
else
|
98
|
-
@@logger.info("#{logger_banner} => #{logger_results}complete.\n")
|
99
|
-
end
|
100
|
-
result_arr
|
101
|
-
rescue StandardError => e
|
102
|
-
raise e
|
103
|
-
end
|
104
|
-
|
105
|
-
# Used primarily to map NIST 800-53 Revision 4 Security Controls
|
106
|
-
# https://web.nvd.nist.gov/view/800-53/Rev4/impact?impactName=HIGH
|
107
|
-
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
108
|
-
# Determine the level of Testing Coverage w/ PWN.
|
109
|
-
|
110
|
-
public_class_method def self.nist_800_53_requirements
|
111
|
-
{
|
112
|
-
sast_module: self,
|
113
|
-
section: 'LEAST PRIVILEGE',
|
114
|
-
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6'
|
115
|
-
}
|
116
|
-
rescue StandardError => e
|
117
|
-
raise e
|
118
|
-
end
|
119
|
-
|
120
|
-
# Author(s):: 0day Inc. <request.pentest@0dayinc.com>
|
121
|
-
|
122
|
-
public_class_method def self.authors
|
123
|
-
"AUTHOR(S):
|
124
|
-
0day Inc. <request.pentest@0dayinc.com>
|
125
|
-
"
|
126
|
-
end
|
127
|
-
|
128
|
-
# Display Usage for this Module
|
129
|
-
|
130
|
-
public_class_method def self.help
|
131
|
-
puts "USAGE:
|
132
|
-
sast_arr = #{self}.scan(
|
133
|
-
dir_path: 'optional path to dir defaults to .',
|
134
|
-
git_repo_root_uri: 'optional http uri of git repo scanned'
|
135
|
-
)
|
136
|
-
|
137
|
-
#{self}.authors
|
138
|
-
"
|
139
|
-
end
|
140
|
-
end
|
141
|
-
end
|
142
|
-
end
|
@@ -1,25 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'spec_helper'
|
4
|
-
|
5
|
-
describe PWN::SAST::FilePermission do
|
6
|
-
it 'scan method should exist' do
|
7
|
-
scan_response = PWN::SAST::FilePermission
|
8
|
-
expect(scan_response).to respond_to :scan
|
9
|
-
end
|
10
|
-
|
11
|
-
it 'should display information for nist_800_53_requirements' do
|
12
|
-
nist_800_53_requirements_response = PWN::SAST::FilePermission
|
13
|
-
expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
|
14
|
-
end
|
15
|
-
|
16
|
-
it 'should display information for authors' do
|
17
|
-
authors_response = PWN::SAST::FilePermission
|
18
|
-
expect(authors_response).to respond_to :authors
|
19
|
-
end
|
20
|
-
|
21
|
-
it 'should display information for existing help method' do
|
22
|
-
help_response = PWN::SAST::FilePermission
|
23
|
-
expect(help_response).to respond_to :help
|
24
|
-
end
|
25
|
-
end
|