pwn 0.4.505 → 0.4.507

data/spec/lib/pwn/sast/cmd_execution_scala_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::CmdExecutionScala do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::CmdExecutionScala
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::CmdExecutionScala
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/csrf_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::CSRF do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::CSRF
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::CSRF
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/deserial_java_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::DeserialJava do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::DeserialJava
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::DeserialJava
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/emoticon_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::Emoticon do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::Emoticon
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::Emoticon
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/eval_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::Eval do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::Eval
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::Eval
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/factory_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::Factory do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::Factory
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::Factory
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/http_authorization_header_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::HTTPAuthorizationHeader do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::HTTPAuthorizationHeader
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::HTTPAuthorizationHeader
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/inner_html_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::InnerHTML do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::InnerHTML
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::InnerHTML
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/keystore_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::Keystore do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::Keystore
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::Keystore
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/location_hash_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::LocationHash do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::LocationHash
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::LocationHash
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/log4j_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::Log4J do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::Log4J
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::Log4J
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/logger_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::Logger do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::Logger
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::Logger
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/password_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::Password do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::Password
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::Password
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/pom_version_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::PomVersion do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::PomVersion
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::PomVersion
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/port_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::Port do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::Port
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::Port
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/private_key_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::PrivateKey do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::PrivateKey
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::PrivateKey
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/redirect_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::Redirect do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::Redirect
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::Redirect
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/redos_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::ReDOS do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::ReDOS
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::ReDOS
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/shell_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::Shell do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::Shell
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::Shell
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/signature_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::Signature do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::Signature
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::Signature
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/sql_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::SQL do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::SQL
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::SQL
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/ssl_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::SSL do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::SSL
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::SSL
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/sudo_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::Sudo do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::Sudo
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::Sudo
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/task_tag_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::TaskTag do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::TaskTag
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::TaskTag
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/throw_errors_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::ThrowErrors do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::ThrowErrors
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::ThrowErrors
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/token_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::Token do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::Token
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::Token
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/version_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::Version do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::Version
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::Version
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

data/spec/lib/pwn/sast/window_location_hash_spec.rb

@@ -8,9 +8,9 @@ describe PWN::SAST::WindowLocationHash do
     expect(scan_response).to respond_to :scan
   end
 
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::WindowLocationHash
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  it 'should display information for security_requirements' do
+    security_requirements_response = PWN::SAST::WindowLocationHash
+    expect(security_requirements_response).to respond_to :security_requirements
   end
 
   it 'should display information for authors' do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.505
+  version: 0.4.507
 platform: ruby
 authors:
 - 0day Inc.
@@ -1612,7 +1612,6 @@ files:
 - lib/pwn/sast/emoticon.rb
 - lib/pwn/sast/eval.rb
 - lib/pwn/sast/factory.rb
-- lib/pwn/sast/file_permission.rb
 - lib/pwn/sast/http_authorization_header.rb
 - lib/pwn/sast/inner_html.rb
 - lib/pwn/sast/keystore.rb
@@ -1909,7 +1908,6 @@ files:
 - spec/lib/pwn/sast/emoticon_spec.rb
 - spec/lib/pwn/sast/eval_spec.rb
 - spec/lib/pwn/sast/factory_spec.rb
-- spec/lib/pwn/sast/file_permission_spec.rb
 - spec/lib/pwn/sast/http_authorization_header_spec.rb
 - spec/lib/pwn/sast/inner_html_spec.rb
 - spec/lib/pwn/sast/keystore_spec.rb

data/lib/pwn/sast/file_permission.rb

@@ -1,142 +0,0 @@
-# frozen_string_literal: false
-
-require 'socket'
-
-module PWN
-  module SAST
-    # SAST Module used to identify the permissions
-    # set on files within Puppet .pp files
-    module FilePermission
-      @@logger = PWN::Plugins::PWNLogger.create
-
-      # Supported Method Parameters::
-      # PWN::SAST::FilePermission.scan(
-      #   dir_path: 'optional path to dir defaults to .'
-      #   git_repo_root_uri: 'optional http uri of git repo scanned'
-      # )
-
-      public_class_method def self.scan(opts = {})
-        dir_path = opts[:dir_path]
-        git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
-        result_arr = []
-        logger_results = ''
-
-        PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && File.extname(entry) == '.pp'
-            line_no_and_contents_arr = []
-            filename_arr = []
-            entry_beautified = false
-
-            if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
-              js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED`.to_s.scrub
-              entry = "#{entry}.JS-BEAUTIFIED"
-              entry_beautified = true
-            end
-
-            test_case_filter = " sed -e '/file {/,/}/!d;=' #{entry} "
-
-            line_number_jumble_str = `#{test_case_filter}`.to_s.scrub
-
-            # Convert sed line output to grep for consistent JSON data consumption
-            numbered_str = line_number_jumble_str.gsub(/(^\d{1,}|\n\d{1,})\n/, '\1:')
-            str = numbered_str
-
-            if str.to_s.empty?
-              # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
-              logger_results = "#{logger_results}~" # Catching bugs is good :)
-            else
-              str = "1:Result larger than 64KB -> Size: #{str.to_s.length}.  Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
-
-              hash_line = {
-                timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
-                filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
-                line_no_and_contents: '',
-                raw_content: str,
-                test_case_filter: test_case_filter
-              }
-
-              # COMMMENT: Must be a better way to implement this (regex is kinda funky)
-              line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
-              line_no_count = line_contents_split.length # This should always be an even number
-              current_count = 0
-              while line_no_count > current_count
-                line_no = line_contents_split[current_count]
-                contents = line_contents_split[current_count + 1]
-                if Dir.exist?("#{dir_path}/.git") ||
-                   Dir.exist?('.git')
-
-                  repo_root = dir_path
-                  repo_root = '.' if Dir.exist?('.git')
-
-                  author = PWN::Plugins::Git.get_author(
-                    repo_root: repo_root,
-                    from_line: line_no,
-                    to_line: line_no,
-                    target_file: entry,
-                    entry_beautified: entry_beautified
-                  )
-                else
-                  author = 'N/A'
-                end
-                hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(line_no: line_no,
-                                                                                 contents: contents,
-                                                                                 author: author)
-
-                current_count += 2
-              end
-
-              result_arr.push(hash_line)
-              logger_results = "#{logger_results}x" # Seeing progress is good :)
-            end
-          end
-        end
-        logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
-        if logger_results.empty?
-          @@logger.info("#{logger_banner}: No files applicable to this test case.\n")
-        else
-          @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
-        end
-        result_arr
-      rescue StandardError => e
-        raise e
-      end
-
-      # Used primarily to map NIST 800-53 Revision 4 Security Controls
-      # https://web.nvd.nist.gov/view/800-53/Rev4/impact?impactName=HIGH
-      # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
-      # Determine the level of Testing Coverage w/ PWN.
-
-      public_class_method def self.nist_800_53_requirements
-        {
-          sast_module: self,
-          section: 'LEAST PRIVILEGE',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6'
-        }
-      rescue StandardError => e
-        raise e
-      end
-
-      # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
-
-      public_class_method def self.authors
-        "AUTHOR(S):
-          0day Inc. <request.pentest@0dayinc.com>
-        "
-      end
-
-      # Display Usage for this Module
-
-      public_class_method def self.help
-        puts "USAGE:
-          sast_arr = #{self}.scan(
-            dir_path: 'optional path to dir defaults to .',
-            git_repo_root_uri: 'optional http uri of git repo scanned'
-          )
-
-          #{self}.authors
-        "
-      end
-    end
-  end
-end

data/spec/lib/pwn/sast/file_permission_spec.rb

@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-describe PWN::SAST::FilePermission do
-  it 'scan method should exist' do
-    scan_response = PWN::SAST::FilePermission
-    expect(scan_response).to respond_to :scan
-  end
-
-  it 'should display information for nist_800_53_requirements' do
-    nist_800_53_requirements_response = PWN::SAST::FilePermission
-    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
-  end
-
-  it 'should display information for authors' do
-    authors_response = PWN::SAST::FilePermission
-    expect(authors_response).to respond_to :authors
-  end
-
-  it 'should display information for existing help method' do
-    help_response = PWN::SAST::FilePermission
-    expect(help_response).to respond_to :help
-  end
-end