pwn 0.4.510 → 0.4.513
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +4 -4
- data/README.md +2 -2
- data/lib/pwn/plugins/owasp_zap.rb +1 -1
- data/lib/pwn/reports/sast.rb +9 -8
- data/lib/pwn/sast/amqp_connect_as_guest.rb +8 -7
- data/lib/pwn/sast/apache_file_system_util_api.rb +8 -7
- data/lib/pwn/sast/aws.rb +8 -7
- data/lib/pwn/sast/banned_function_calls_c.rb +8 -7
- data/lib/pwn/sast/base64.rb +8 -7
- data/lib/pwn/sast/beef_hook.rb +8 -7
- data/lib/pwn/sast/cmd_execution_java.rb +8 -7
- data/lib/pwn/sast/cmd_execution_python.rb +8 -7
- data/lib/pwn/sast/cmd_execution_ruby.rb +8 -7
- data/lib/pwn/sast/cmd_execution_scala.rb +8 -7
- data/lib/pwn/sast/csrf.rb +8 -7
- data/lib/pwn/sast/deserial_java.rb +8 -7
- data/lib/pwn/sast/emoticon.rb +8 -7
- data/lib/pwn/sast/eval.rb +8 -7
- data/lib/pwn/sast/factory.rb +8 -7
- data/lib/pwn/sast/http_authorization_header.rb +8 -7
- data/lib/pwn/sast/inner_html.rb +8 -7
- data/lib/pwn/sast/keystore.rb +8 -7
- data/lib/pwn/sast/location_hash.rb +8 -7
- data/lib/pwn/sast/log4j.rb +8 -7
- data/lib/pwn/sast/logger.rb +8 -7
- data/lib/pwn/sast/outer_html.rb +8 -7
- data/lib/pwn/sast/password.rb +8 -7
- data/lib/pwn/sast/pom_version.rb +13 -10
- data/lib/pwn/sast/port.rb +8 -7
- data/lib/pwn/sast/private_key.rb +8 -7
- data/lib/pwn/sast/redirect.rb +8 -7
- data/lib/pwn/sast/redos.rb +8 -7
- data/lib/pwn/sast/shell.rb +8 -7
- data/lib/pwn/sast/signature.rb +8 -7
- data/lib/pwn/sast/sql.rb +8 -7
- data/lib/pwn/sast/ssl.rb +8 -7
- data/lib/pwn/sast/sudo.rb +8 -7
- data/lib/pwn/sast/task_tag.rb +8 -7
- data/lib/pwn/sast/throw_errors.rb +8 -7
- data/lib/pwn/sast/token.rb +8 -7
- data/lib/pwn/sast/version.rb +8 -7
- data/lib/pwn/sast/window_location_hash.rb +8 -7
- data/lib/pwn/version.rb +1 -1
- data/spec/lib/pwn/sast/amqp_connect_as_guest_spec.rb +3 -3
- data/spec/lib/pwn/sast/apache_file_system_util_api_spec.rb +3 -3
- data/spec/lib/pwn/sast/aws_spec.rb +3 -3
- data/spec/lib/pwn/sast/banned_function_calls_c_spec.rb +3 -3
- data/spec/lib/pwn/sast/base64_spec.rb +3 -3
- data/spec/lib/pwn/sast/beef_hook_spec.rb +3 -3
- data/spec/lib/pwn/sast/cmd_execution_java_spec.rb +3 -3
- data/spec/lib/pwn/sast/cmd_execution_python_spec.rb +3 -3
- data/spec/lib/pwn/sast/cmd_execution_ruby_spec.rb +3 -3
- data/spec/lib/pwn/sast/cmd_execution_scala_spec.rb +3 -3
- data/spec/lib/pwn/sast/csrf_spec.rb +3 -3
- data/spec/lib/pwn/sast/deserial_java_spec.rb +3 -3
- data/spec/lib/pwn/sast/emoticon_spec.rb +3 -3
- data/spec/lib/pwn/sast/eval_spec.rb +3 -3
- data/spec/lib/pwn/sast/factory_spec.rb +3 -3
- data/spec/lib/pwn/sast/http_authorization_header_spec.rb +3 -3
- data/spec/lib/pwn/sast/inner_html_spec.rb +3 -3
- data/spec/lib/pwn/sast/keystore_spec.rb +3 -3
- data/spec/lib/pwn/sast/location_hash_spec.rb +3 -3
- data/spec/lib/pwn/sast/log4j_spec.rb +3 -3
- data/spec/lib/pwn/sast/logger_spec.rb +3 -3
- data/spec/lib/pwn/sast/password_spec.rb +3 -3
- data/spec/lib/pwn/sast/pom_version_spec.rb +3 -3
- data/spec/lib/pwn/sast/port_spec.rb +3 -3
- data/spec/lib/pwn/sast/private_key_spec.rb +3 -3
- data/spec/lib/pwn/sast/redirect_spec.rb +3 -3
- data/spec/lib/pwn/sast/redos_spec.rb +3 -3
- data/spec/lib/pwn/sast/shell_spec.rb +3 -3
- data/spec/lib/pwn/sast/signature_spec.rb +3 -3
- data/spec/lib/pwn/sast/sql_spec.rb +3 -3
- data/spec/lib/pwn/sast/ssl_spec.rb +3 -3
- data/spec/lib/pwn/sast/sudo_spec.rb +3 -3
- data/spec/lib/pwn/sast/task_tag_spec.rb +3 -3
- data/spec/lib/pwn/sast/throw_errors_spec.rb +3 -3
- data/spec/lib/pwn/sast/token_spec.rb +3 -3
- data/spec/lib/pwn/sast/version_spec.rb +3 -3
- data/spec/lib/pwn/sast/window_location_hash_spec.rb +3 -3
- metadata +10 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1169e57fa12d1e0274c2c67d2970cbeb4fadcbab56cf06ddc3cd52bf3871b952
|
|
4
|
+
data.tar.gz: 33721901ad464045c79c006fd54843d459ed7ebbf41a9ee5c4795fc354cf7d59
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a15f3517c53b04b1ea2b5e07a548d2f1591eef2ebd02707e7ec727d859662695f95edaf4764cfc719b9e70a750ed3ae60694c95bfdf81ed1ecd16dac0bd5a0ce
|
|
7
|
+
data.tar.gz: d49d46cf9e7b86e611b56445dca9b08823abe846f5cd13100a332d200ade4f304c170c55bc5ebacd30a45c7d8e296bf418d412999467200b68abbc360f74e31b
|
data/Gemfile
CHANGED
|
@@ -11,14 +11,14 @@ gemspec
|
|
|
11
11
|
# In some circumstances custom flags are passed to gems in order
|
|
12
12
|
# to build appropriately. Defer to ./reinstall_pwn_gemset.sh
|
|
13
13
|
# to review these custom flags (e.g. pg, serialport, etc).
|
|
14
|
-
gem 'activesupport', '7.0.3'
|
|
14
|
+
gem 'activesupport', '7.0.3.1'
|
|
15
15
|
gem 'anemone', '0.7.2'
|
|
16
16
|
gem 'authy', '3.0.1'
|
|
17
17
|
gem 'aws-sdk', '3.1.0'
|
|
18
18
|
gem 'bettercap', '1.6.2'
|
|
19
19
|
gem 'brakeman', '5.2.3'
|
|
20
20
|
gem 'bson', '4.15.0'
|
|
21
|
-
gem 'bundler', '>=2.3.
|
|
21
|
+
gem 'bundler', '>=2.3.18'
|
|
22
22
|
gem 'bundler-audit', '0.9.1'
|
|
23
23
|
gem 'bunny', '2.19.0'
|
|
24
24
|
gem 'colorize', '0.8.1'
|
|
@@ -42,7 +42,7 @@ gem 'net-ldap', '0.17.1'
|
|
|
42
42
|
gem 'net-openvpn', '0.8.7'
|
|
43
43
|
gem 'net-smtp', '0.3.1'
|
|
44
44
|
gem 'nexpose', '7.3.0'
|
|
45
|
-
gem 'nokogiri', '1.13.
|
|
45
|
+
gem 'nokogiri', '1.13.7'
|
|
46
46
|
gem 'oily_png', '1.2.1'
|
|
47
47
|
gem 'os', '1.1.4'
|
|
48
48
|
gem 'packetfu', '1.1.13'
|
|
@@ -67,7 +67,7 @@ gem 'ruby-nmap', '0.10.0'
|
|
|
67
67
|
gem 'ruby-saml', '1.14.0'
|
|
68
68
|
gem 'rvm', '1.11.3.9'
|
|
69
69
|
gem 'savon', '2.12.1'
|
|
70
|
-
gem 'selenium-devtools', '0.103.
|
|
70
|
+
gem 'selenium-devtools', '0.103.1'
|
|
71
71
|
gem 'serialport', '1.3.2'
|
|
72
72
|
gem 'sinatra', '2.2.0'
|
|
73
73
|
gem 'slack-ruby-client', '1.1.0'
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
|
37
37
|
$ rvm list gemsets
|
|
38
38
|
$ gem install --verbose pwn
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.4.
|
|
40
|
+
pwn[v0.4.513]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.4.
|
|
55
|
+
pwn[v0.4.513]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
|
data/lib/pwn/reports/sast.rb
CHANGED
|
@@ -101,7 +101,7 @@ module PWN
|
|
|
101
101
|
<div>
|
|
102
102
|
<b>Toggle Column(s):</b>
|
|
103
103
|
<a class="toggle-vis" data-column="1" href="#">Timestamp</a> |
|
|
104
|
-
<a class="toggle-vis" data-column="2" href="#">Test Case / Security
|
|
104
|
+
<a class="toggle-vis" data-column="2" href="#">Test Case / Security References</a> |
|
|
105
105
|
<a class="toggle-vis" data-column="3" href="#">Path</a> |
|
|
106
106
|
<a class="toggle-vis" data-column="4" href="#">Line#, Formatted Content, & Last Committed By</a> |
|
|
107
107
|
<a class="toggle-vis" data-column="5" href="#">Raw Content</a> |
|
|
@@ -115,7 +115,7 @@ module PWN
|
|
|
115
115
|
<tr>
|
|
116
116
|
<th>#</th>
|
|
117
117
|
<th>Timestamp</th>
|
|
118
|
-
<th>Test Case / Security
|
|
118
|
+
<th>Test Case / Security References</th>
|
|
119
119
|
<th>Path</th>
|
|
120
120
|
<th>Line#, Formatted Content, & Last Committed By</th>
|
|
121
121
|
<th>Raw Content</th>
|
|
@@ -170,7 +170,7 @@ module PWN
|
|
|
170
170
|
"render": $.fn.dataTable.render.text()
|
|
171
171
|
},
|
|
172
172
|
{
|
|
173
|
-
"data": "
|
|
173
|
+
"data": "security_references",
|
|
174
174
|
"render": function (data, type, row, meta) {
|
|
175
175
|
var sast_dirname = data['sast_module'].split('::')[0].toLowerCase() + '/' + data['sast_module'].split('::')[1].toLowerCase();
|
|
176
176
|
var sast_module = data['sast_module'].split('::')[2];
|
|
@@ -182,12 +182,13 @@ module PWN
|
|
|
182
182
|
{
|
|
183
183
|
"data": "filename",
|
|
184
184
|
"render": function (data, type, row, meta) {
|
|
185
|
-
|
|
186
|
-
|
|
185
|
+
line_entry_uri = htmlEntityEncode(
|
|
186
|
+
data['git_repo_root_uri'] + '/' + data['entry']
|
|
187
|
+
);
|
|
187
188
|
|
|
188
|
-
|
|
189
|
+
file = htmlEntityEncode(data['entry']);
|
|
189
190
|
|
|
190
|
-
|
|
191
|
+
return '<table class="squish"><tr class="highlighted"><td style="width:150px;" align="left"><a href="' + line_entry_uri + '" target="_blank">' + file + '</a></td></tr></table>';
|
|
191
192
|
}
|
|
192
193
|
},
|
|
193
194
|
{
|
|
@@ -202,7 +203,7 @@ module PWN
|
|
|
202
203
|
|
|
203
204
|
var bug_comment = 'Timestamp: ' + row.timestamp + '\n' +
|
|
204
205
|
'Test Case: http://' + window.location.hostname + ':8808/doc_root/pwn-0.1.0/' +
|
|
205
|
-
row.
|
|
206
|
+
row.security_references['sast_module'].replace(/::/g, "/") + '\n' +
|
|
206
207
|
'Source Code Impacted: ' + $("<div/>").html(filename_link).text() + '\n\n' +
|
|
207
208
|
'Test Case Request:\n' +
|
|
208
209
|
$("<div/>").html(row.test_case_filter.replace(/\s{2,}/g, " ")).text() + '\n\n' +
|
|
@@ -25,7 +25,6 @@ module PWN
|
|
|
25
25
|
PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
|
|
26
26
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
|
|
27
27
|
line_no_and_contents_arr = []
|
|
28
|
-
filename_arr = []
|
|
29
28
|
entry_beautified = false
|
|
30
29
|
|
|
31
30
|
if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
|
|
@@ -50,8 +49,8 @@ module PWN
|
|
|
50
49
|
|
|
51
50
|
hash_line = {
|
|
52
51
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
53
|
-
|
|
54
|
-
filename:
|
|
52
|
+
security_references: security_references,
|
|
53
|
+
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
55
54
|
line_no_and_contents: '',
|
|
56
55
|
raw_content: str,
|
|
57
56
|
test_case_filter: test_case_filter
|
|
@@ -79,9 +78,11 @@ module PWN
|
|
|
79
78
|
else
|
|
80
79
|
author = 'N/A'
|
|
81
80
|
end
|
|
82
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
83
|
-
|
|
84
|
-
|
|
81
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
82
|
+
line_no: line_no,
|
|
83
|
+
contents: contents,
|
|
84
|
+
author: author
|
|
85
|
+
)
|
|
85
86
|
current_count += 2
|
|
86
87
|
end
|
|
87
88
|
result_arr.push(hash_line)
|
|
@@ -105,7 +106,7 @@ module PWN
|
|
|
105
106
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
106
107
|
# Determine the level of Testing Coverage w/ PWN.
|
|
107
108
|
|
|
108
|
-
public_class_method def self.
|
|
109
|
+
public_class_method def self.security_references
|
|
109
110
|
{
|
|
110
111
|
sast_module: self,
|
|
111
112
|
section: 'ACCOUNT MANAGEMENT',
|
|
@@ -24,7 +24,6 @@ module PWN
|
|
|
24
24
|
PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
|
|
25
25
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
|
|
26
26
|
line_no_and_contents_arr = []
|
|
27
|
-
filename_arr = []
|
|
28
27
|
entry_beautified = false
|
|
29
28
|
|
|
30
29
|
if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
|
|
@@ -49,8 +48,8 @@ module PWN
|
|
|
49
48
|
|
|
50
49
|
hash_line = {
|
|
51
50
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
52
|
-
|
|
53
|
-
filename:
|
|
51
|
+
security_references: security_references,
|
|
52
|
+
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
54
53
|
line_no_and_contents: '',
|
|
55
54
|
raw_content: str,
|
|
56
55
|
test_case_filter: test_case_filter
|
|
@@ -79,9 +78,11 @@ module PWN
|
|
|
79
78
|
else
|
|
80
79
|
author = 'N/A'
|
|
81
80
|
end
|
|
82
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
83
|
-
|
|
84
|
-
|
|
81
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
82
|
+
line_no: line_no,
|
|
83
|
+
contents: contents,
|
|
84
|
+
author: author
|
|
85
|
+
)
|
|
85
86
|
|
|
86
87
|
current_count += 2
|
|
87
88
|
end
|
|
@@ -106,7 +107,7 @@ module PWN
|
|
|
106
107
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
107
108
|
# Determine the level of Testing Coverage w/ PWN.
|
|
108
109
|
|
|
109
|
-
public_class_method def self.
|
|
110
|
+
public_class_method def self.security_references
|
|
110
111
|
{
|
|
111
112
|
sast_module: self,
|
|
112
113
|
section: 'INFORMATION INPUT VALIDATION',
|
data/lib/pwn/sast/aws.rb
CHANGED
|
@@ -23,7 +23,6 @@ module PWN
|
|
|
23
23
|
PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
|
|
24
24
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
|
|
25
25
|
line_no_and_contents_arr = []
|
|
26
|
-
filename_arr = []
|
|
27
26
|
entry_beautified = false
|
|
28
27
|
|
|
29
28
|
if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
|
|
@@ -50,8 +49,8 @@ module PWN
|
|
|
50
49
|
|
|
51
50
|
hash_line = {
|
|
52
51
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
53
|
-
|
|
54
|
-
filename:
|
|
52
|
+
security_references: security_references,
|
|
53
|
+
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
55
54
|
line_no_and_contents: '',
|
|
56
55
|
raw_content: str,
|
|
57
56
|
test_case_filter: test_case_filter
|
|
@@ -80,9 +79,11 @@ module PWN
|
|
|
80
79
|
else
|
|
81
80
|
author = 'N/A'
|
|
82
81
|
end
|
|
83
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
84
|
-
|
|
85
|
-
|
|
82
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
83
|
+
line_no: line_no,
|
|
84
|
+
contents: contents,
|
|
85
|
+
author: author
|
|
86
|
+
)
|
|
86
87
|
|
|
87
88
|
current_count += 2
|
|
88
89
|
end
|
|
@@ -107,7 +108,7 @@ module PWN
|
|
|
107
108
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
108
109
|
# Determine the level of Testing Coverage w/ PWN.
|
|
109
110
|
|
|
110
|
-
public_class_method def self.
|
|
111
|
+
public_class_method def self.security_references
|
|
111
112
|
{
|
|
112
113
|
sast_module: self,
|
|
113
114
|
section: 'TRANSMISSION CONFIDENTIALITY AND INTEGRITY',
|
|
@@ -25,7 +25,6 @@ module PWN
|
|
|
25
25
|
PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
|
|
26
26
|
if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.c' || File.extname(entry) == '.cpp' || File.extname(entry) == '.c++' || File.extname(entry) == '.cxx' || File.extname(entry) == '.h' || File.extname(entry) == '.hpp' || File.extname(entry) == '.h++' || File.extname(entry) == '.hh' || File.extname(entry) == '.hxx' || File.extname(entry) == '.ii' || File.extname(entry) == '.ixx' || File.extname(entry) == '.ipp' || File.extname(entry) == '.inl' || File.extname(entry) == '.txx' || File.extname(entry) == '.tpp' || File.extname(entry) == '.tpl')
|
|
27
27
|
line_no_and_contents_arr = []
|
|
28
|
-
filename_arr = []
|
|
29
28
|
entry_beautified = false
|
|
30
29
|
|
|
31
30
|
if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
|
|
@@ -177,8 +176,8 @@ module PWN
|
|
|
177
176
|
|
|
178
177
|
hash_line = {
|
|
179
178
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
180
|
-
|
|
181
|
-
filename:
|
|
179
|
+
security_references: security_references,
|
|
180
|
+
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
182
181
|
line_no_and_contents: '',
|
|
183
182
|
raw_content: str,
|
|
184
183
|
test_case_filter: test_case_filter
|
|
@@ -207,9 +206,11 @@ module PWN
|
|
|
207
206
|
else
|
|
208
207
|
author = 'N/A'
|
|
209
208
|
end
|
|
210
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
211
|
-
|
|
212
|
-
|
|
209
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
210
|
+
line_no: line_no,
|
|
211
|
+
contents: contents,
|
|
212
|
+
author: author
|
|
213
|
+
)
|
|
213
214
|
|
|
214
215
|
current_count += 2
|
|
215
216
|
end
|
|
@@ -234,7 +235,7 @@ module PWN
|
|
|
234
235
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
235
236
|
# Determine the level of Testing Coverage w/ PWN.
|
|
236
237
|
|
|
237
|
-
public_class_method def self.
|
|
238
|
+
public_class_method def self.security_references
|
|
238
239
|
{
|
|
239
240
|
sast_module: self,
|
|
240
241
|
section: 'INFORMATION INPUT VALIDATION',
|
data/lib/pwn/sast/base64.rb
CHANGED
|
@@ -24,7 +24,6 @@ module PWN
|
|
|
24
24
|
PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
|
|
25
25
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
|
|
26
26
|
line_no_and_contents_arr = []
|
|
27
|
-
filename_arr = []
|
|
28
27
|
entry_beautified = false
|
|
29
28
|
|
|
30
29
|
if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
|
|
@@ -51,8 +50,8 @@ module PWN
|
|
|
51
50
|
|
|
52
51
|
hash_line = {
|
|
53
52
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
54
|
-
|
|
55
|
-
filename:
|
|
53
|
+
security_references: security_references,
|
|
54
|
+
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
56
55
|
line_no_and_contents: '',
|
|
57
56
|
raw_content: str,
|
|
58
57
|
test_case_filter: test_case_filter
|
|
@@ -81,9 +80,11 @@ module PWN
|
|
|
81
80
|
else
|
|
82
81
|
author = 'N/A'
|
|
83
82
|
end
|
|
84
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
85
|
-
|
|
86
|
-
|
|
83
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
84
|
+
line_no: line_no,
|
|
85
|
+
contents: contents,
|
|
86
|
+
author: author
|
|
87
|
+
)
|
|
87
88
|
|
|
88
89
|
current_count += 2
|
|
89
90
|
end
|
|
@@ -105,7 +106,7 @@ module PWN
|
|
|
105
106
|
|
|
106
107
|
# Used to dictate Security Control Requirements for a Given SAST module.
|
|
107
108
|
|
|
108
|
-
public_class_method def self.
|
|
109
|
+
public_class_method def self.security_references
|
|
109
110
|
{
|
|
110
111
|
sast_module: self,
|
|
111
112
|
section: 'PROTECTION OF INFORMATION AT REST',
|
data/lib/pwn/sast/beef_hook.rb
CHANGED
|
@@ -24,7 +24,6 @@ module PWN
|
|
|
24
24
|
PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
|
|
25
25
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
|
|
26
26
|
line_no_and_contents_arr = []
|
|
27
|
-
filename_arr = []
|
|
28
27
|
entry_beautified = false
|
|
29
28
|
|
|
30
29
|
if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
|
|
@@ -45,8 +44,8 @@ module PWN
|
|
|
45
44
|
|
|
46
45
|
hash_line = {
|
|
47
46
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
48
|
-
|
|
49
|
-
filename:
|
|
47
|
+
security_references: security_references,
|
|
48
|
+
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
50
49
|
line_no_and_contents: '',
|
|
51
50
|
raw_content: str,
|
|
52
51
|
test_case_filter: test_case_filter
|
|
@@ -75,9 +74,11 @@ module PWN
|
|
|
75
74
|
else
|
|
76
75
|
author = 'N/A'
|
|
77
76
|
end
|
|
78
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
79
|
-
|
|
80
|
-
|
|
77
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
78
|
+
line_no: line_no,
|
|
79
|
+
contents: contents,
|
|
80
|
+
author: author
|
|
81
|
+
)
|
|
81
82
|
|
|
82
83
|
current_count += 2
|
|
83
84
|
end
|
|
@@ -102,7 +103,7 @@ module PWN
|
|
|
102
103
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
103
104
|
# Determine the level of Testing Coverage w/ PWN.
|
|
104
105
|
|
|
105
|
-
public_class_method def self.
|
|
106
|
+
public_class_method def self.security_references
|
|
106
107
|
{
|
|
107
108
|
sast_module: self,
|
|
108
109
|
section: 'MALICIOUS CODE PROTECTION',
|
|
@@ -24,7 +24,6 @@ module PWN
|
|
|
24
24
|
PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
|
|
25
25
|
if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && File.extname(entry) == '.java'
|
|
26
26
|
line_no_and_contents_arr = []
|
|
27
|
-
filename_arr = []
|
|
28
27
|
entry_beautified = false
|
|
29
28
|
|
|
30
29
|
if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
|
|
@@ -50,8 +49,8 @@ module PWN
|
|
|
50
49
|
|
|
51
50
|
hash_line = {
|
|
52
51
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
53
|
-
|
|
54
|
-
filename:
|
|
52
|
+
security_references: security_references,
|
|
53
|
+
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
55
54
|
line_no_and_contents: '',
|
|
56
55
|
raw_content: str,
|
|
57
56
|
test_case_filter: test_case_filter
|
|
@@ -80,9 +79,11 @@ module PWN
|
|
|
80
79
|
else
|
|
81
80
|
author = 'N/A'
|
|
82
81
|
end
|
|
83
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
84
|
-
|
|
85
|
-
|
|
82
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
83
|
+
line_no: line_no,
|
|
84
|
+
contents: contents,
|
|
85
|
+
author: author
|
|
86
|
+
)
|
|
86
87
|
|
|
87
88
|
current_count += 2
|
|
88
89
|
end
|
|
@@ -107,7 +108,7 @@ module PWN
|
|
|
107
108
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
108
109
|
# Determine the level of Testing Coverage w/ PWN.
|
|
109
110
|
|
|
110
|
-
public_class_method def self.
|
|
111
|
+
public_class_method def self.security_references
|
|
111
112
|
{
|
|
112
113
|
sast_module: self,
|
|
113
114
|
section: 'INFORMATION INPUT VALIDATION',
|
|
@@ -24,7 +24,6 @@ module PWN
|
|
|
24
24
|
PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
|
|
25
25
|
if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.py' || File.extname(entry) == '.pyc' || File.extname(entry) == '.pyo' || File.extname(entry) == '.pyd')
|
|
26
26
|
line_no_and_contents_arr = []
|
|
27
|
-
filename_arr = []
|
|
28
27
|
entry_beautified = false
|
|
29
28
|
|
|
30
29
|
if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
|
|
@@ -52,8 +51,8 @@ module PWN
|
|
|
52
51
|
|
|
53
52
|
hash_line = {
|
|
54
53
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
55
|
-
|
|
56
|
-
filename:
|
|
54
|
+
security_references: security_references,
|
|
55
|
+
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
57
56
|
line_no_and_contents: '',
|
|
58
57
|
raw_content: str,
|
|
59
58
|
test_case_filter: test_case_filter
|
|
@@ -82,9 +81,11 @@ module PWN
|
|
|
82
81
|
else
|
|
83
82
|
author = 'N/A'
|
|
84
83
|
end
|
|
85
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
86
|
-
|
|
87
|
-
|
|
84
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
85
|
+
line_no: line_no,
|
|
86
|
+
contents: contents,
|
|
87
|
+
author: author
|
|
88
|
+
)
|
|
88
89
|
|
|
89
90
|
current_count += 2
|
|
90
91
|
end
|
|
@@ -109,7 +110,7 @@ module PWN
|
|
|
109
110
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
110
111
|
# Determine the level of Testing Coverage w/ PWN.
|
|
111
112
|
|
|
112
|
-
public_class_method def self.
|
|
113
|
+
public_class_method def self.security_references
|
|
113
114
|
{
|
|
114
115
|
sast_module: self,
|
|
115
116
|
section: 'INFORMATION INPUT VALIDATION',
|
|
@@ -24,7 +24,6 @@ module PWN
|
|
|
24
24
|
PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
|
|
25
25
|
if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.rb' || File.extname(entry) == '.rbw')
|
|
26
26
|
line_no_and_contents_arr = []
|
|
27
|
-
filename_arr = []
|
|
28
27
|
entry_beautified = false
|
|
29
28
|
|
|
30
29
|
if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
|
|
@@ -60,8 +59,8 @@ module PWN
|
|
|
60
59
|
|
|
61
60
|
hash_line = {
|
|
62
61
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
63
|
-
|
|
64
|
-
filename:
|
|
62
|
+
security_references: security_references,
|
|
63
|
+
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
65
64
|
line_no_and_contents: '',
|
|
66
65
|
raw_content: str,
|
|
67
66
|
test_case_filter: test_case_filter
|
|
@@ -90,9 +89,11 @@ module PWN
|
|
|
90
89
|
else
|
|
91
90
|
author = 'N/A'
|
|
92
91
|
end
|
|
93
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
94
|
-
|
|
95
|
-
|
|
92
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
93
|
+
line_no: line_no,
|
|
94
|
+
contents: contents,
|
|
95
|
+
author: author
|
|
96
|
+
)
|
|
96
97
|
|
|
97
98
|
current_count += 2
|
|
98
99
|
end
|
|
@@ -117,7 +118,7 @@ module PWN
|
|
|
117
118
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
118
119
|
# Determine the level of Testing Coverage w/ PWN.
|
|
119
120
|
|
|
120
|
-
public_class_method def self.
|
|
121
|
+
public_class_method def self.security_references
|
|
121
122
|
{
|
|
122
123
|
sast_module: self,
|
|
123
124
|
section: 'INFORMATION INPUT VALIDATION',
|
|
@@ -24,7 +24,6 @@ module PWN
|
|
|
24
24
|
PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
|
|
25
25
|
if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && File.extname(entry) == '.scala'
|
|
26
26
|
line_no_and_contents_arr = []
|
|
27
|
-
filename_arr = []
|
|
28
27
|
entry_beautified = false
|
|
29
28
|
|
|
30
29
|
if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
|
|
@@ -50,8 +49,8 @@ module PWN
|
|
|
50
49
|
|
|
51
50
|
hash_line = {
|
|
52
51
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
53
|
-
|
|
54
|
-
filename:
|
|
52
|
+
security_references: security_references,
|
|
53
|
+
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
55
54
|
line_no_and_contents: '',
|
|
56
55
|
raw_content: str,
|
|
57
56
|
test_case_filter: test_case_filter
|
|
@@ -80,9 +79,11 @@ module PWN
|
|
|
80
79
|
else
|
|
81
80
|
author = 'N/A'
|
|
82
81
|
end
|
|
83
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
84
|
-
|
|
85
|
-
|
|
82
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
83
|
+
line_no: line_no,
|
|
84
|
+
contents: contents,
|
|
85
|
+
author: author
|
|
86
|
+
)
|
|
86
87
|
|
|
87
88
|
current_count += 2
|
|
88
89
|
end
|
|
@@ -107,7 +108,7 @@ module PWN
|
|
|
107
108
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
108
109
|
# Determine the level of Testing Coverage w/ PWN.
|
|
109
110
|
|
|
110
|
-
public_class_method def self.
|
|
111
|
+
public_class_method def self.security_references
|
|
111
112
|
{
|
|
112
113
|
sast_module: self,
|
|
113
114
|
section: 'INFORMATION INPUT VALIDATION',
|
data/lib/pwn/sast/csrf.rb
CHANGED
|
@@ -25,7 +25,6 @@ module PWN
|
|
|
25
25
|
PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
|
|
26
26
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
|
|
27
27
|
line_no_and_contents_arr = []
|
|
28
|
-
filename_arr = []
|
|
29
28
|
entry_beautified = false
|
|
30
29
|
|
|
31
30
|
if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
|
|
@@ -48,8 +47,8 @@ module PWN
|
|
|
48
47
|
|
|
49
48
|
hash_line = {
|
|
50
49
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
51
|
-
|
|
52
|
-
filename:
|
|
50
|
+
security_references: security_references,
|
|
51
|
+
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
53
52
|
line_no_and_contents: '',
|
|
54
53
|
raw_content: str,
|
|
55
54
|
test_case_filter: test_case_filter
|
|
@@ -78,9 +77,11 @@ module PWN
|
|
|
78
77
|
else
|
|
79
78
|
author = 'N/A'
|
|
80
79
|
end
|
|
81
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
82
|
-
|
|
83
|
-
|
|
80
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
81
|
+
line_no: line_no,
|
|
82
|
+
contents: contents,
|
|
83
|
+
author: author
|
|
84
|
+
)
|
|
84
85
|
|
|
85
86
|
current_count += 2
|
|
86
87
|
end
|
|
@@ -103,7 +104,7 @@ module PWN
|
|
|
103
104
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
104
105
|
# Determine the level of Testing Coverage w/ PWN.
|
|
105
106
|
|
|
106
|
-
public_class_method def self.
|
|
107
|
+
public_class_method def self.security_references
|
|
107
108
|
{
|
|
108
109
|
sast_module: self,
|
|
109
110
|
section: 'MALICIOUS CODE PROTECTION',
|