pwn 0.4.511 → 0.4.514
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +4 -4
- data/README.md +2 -2
- data/bin/pwn_android_war_dialer +2 -1
- data/lib/pwn/plugins/owasp_zap.rb +1 -1
- data/lib/pwn/reports/sast.rb +4 -4
- data/lib/pwn/sast/amqp_connect_as_guest.rb +7 -5
- data/lib/pwn/sast/apache_file_system_util_api.rb +7 -5
- data/lib/pwn/sast/aws.rb +7 -5
- data/lib/pwn/sast/banned_function_calls_c.rb +7 -5
- data/lib/pwn/sast/base64.rb +7 -5
- data/lib/pwn/sast/beef_hook.rb +7 -5
- data/lib/pwn/sast/cmd_execution_java.rb +7 -5
- data/lib/pwn/sast/cmd_execution_python.rb +7 -5
- data/lib/pwn/sast/cmd_execution_ruby.rb +7 -5
- data/lib/pwn/sast/cmd_execution_scala.rb +7 -5
- data/lib/pwn/sast/csrf.rb +7 -5
- data/lib/pwn/sast/deserial_java.rb +7 -5
- data/lib/pwn/sast/emoticon.rb +7 -5
- data/lib/pwn/sast/eval.rb +7 -5
- data/lib/pwn/sast/factory.rb +7 -5
- data/lib/pwn/sast/http_authorization_header.rb +7 -5
- data/lib/pwn/sast/inner_html.rb +7 -5
- data/lib/pwn/sast/keystore.rb +7 -5
- data/lib/pwn/sast/location_hash.rb +7 -5
- data/lib/pwn/sast/log4j.rb +7 -5
- data/lib/pwn/sast/logger.rb +7 -5
- data/lib/pwn/sast/outer_html.rb +7 -5
- data/lib/pwn/sast/password.rb +7 -5
- data/lib/pwn/sast/pom_version.rb +12 -8
- data/lib/pwn/sast/port.rb +7 -5
- data/lib/pwn/sast/private_key.rb +7 -5
- data/lib/pwn/sast/redirect.rb +7 -5
- data/lib/pwn/sast/redos.rb +7 -5
- data/lib/pwn/sast/shell.rb +7 -5
- data/lib/pwn/sast/signature.rb +7 -5
- data/lib/pwn/sast/sql.rb +7 -5
- data/lib/pwn/sast/ssl.rb +7 -5
- data/lib/pwn/sast/sudo.rb +7 -5
- data/lib/pwn/sast/task_tag.rb +7 -5
- data/lib/pwn/sast/throw_errors.rb +7 -5
- data/lib/pwn/sast/token.rb +7 -5
- data/lib/pwn/sast/version.rb +7 -5
- data/lib/pwn/sast/window_location_hash.rb +7 -5
- data/lib/pwn/version.rb +1 -1
- data/spec/lib/pwn/sast/amqp_connect_as_guest_spec.rb +3 -3
- data/spec/lib/pwn/sast/apache_file_system_util_api_spec.rb +3 -3
- data/spec/lib/pwn/sast/aws_spec.rb +3 -3
- data/spec/lib/pwn/sast/banned_function_calls_c_spec.rb +3 -3
- data/spec/lib/pwn/sast/base64_spec.rb +3 -3
- data/spec/lib/pwn/sast/beef_hook_spec.rb +3 -3
- data/spec/lib/pwn/sast/cmd_execution_java_spec.rb +3 -3
- data/spec/lib/pwn/sast/cmd_execution_python_spec.rb +3 -3
- data/spec/lib/pwn/sast/cmd_execution_ruby_spec.rb +3 -3
- data/spec/lib/pwn/sast/cmd_execution_scala_spec.rb +3 -3
- data/spec/lib/pwn/sast/csrf_spec.rb +3 -3
- data/spec/lib/pwn/sast/deserial_java_spec.rb +3 -3
- data/spec/lib/pwn/sast/emoticon_spec.rb +3 -3
- data/spec/lib/pwn/sast/eval_spec.rb +3 -3
- data/spec/lib/pwn/sast/factory_spec.rb +3 -3
- data/spec/lib/pwn/sast/http_authorization_header_spec.rb +3 -3
- data/spec/lib/pwn/sast/inner_html_spec.rb +3 -3
- data/spec/lib/pwn/sast/keystore_spec.rb +3 -3
- data/spec/lib/pwn/sast/location_hash_spec.rb +3 -3
- data/spec/lib/pwn/sast/log4j_spec.rb +3 -3
- data/spec/lib/pwn/sast/logger_spec.rb +3 -3
- data/spec/lib/pwn/sast/password_spec.rb +3 -3
- data/spec/lib/pwn/sast/pom_version_spec.rb +3 -3
- data/spec/lib/pwn/sast/port_spec.rb +3 -3
- data/spec/lib/pwn/sast/private_key_spec.rb +3 -3
- data/spec/lib/pwn/sast/redirect_spec.rb +3 -3
- data/spec/lib/pwn/sast/redos_spec.rb +3 -3
- data/spec/lib/pwn/sast/shell_spec.rb +3 -3
- data/spec/lib/pwn/sast/signature_spec.rb +3 -3
- data/spec/lib/pwn/sast/sql_spec.rb +3 -3
- data/spec/lib/pwn/sast/ssl_spec.rb +3 -3
- data/spec/lib/pwn/sast/sudo_spec.rb +3 -3
- data/spec/lib/pwn/sast/task_tag_spec.rb +3 -3
- data/spec/lib/pwn/sast/throw_errors_spec.rb +3 -3
- data/spec/lib/pwn/sast/token_spec.rb +3 -3
- data/spec/lib/pwn/sast/version_spec.rb +3 -3
- data/spec/lib/pwn/sast/window_location_hash_spec.rb +3 -3
- metadata +11 -11
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e6ef21821ecefa8074e3373780a936233ffa7bf83b0ce1b9db05d0b6cbf2553d
|
|
4
|
+
data.tar.gz: 1f1133a5f30eec2a0281563c7f0566b039061f66934abf6226f9f17b96d658e5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7de7ae8a8b6d03a7873996163d7661feefd60e8ca6fb7d05583859dd70f1a00f9bddec1848c82991ecf6c838dd97ca170c2f7b682a3b2f700db19e9b9657bfd3
|
|
7
|
+
data.tar.gz: 54a965b58711de0e4df07880ca22d66e7296299ce478d9fe0b13615b71593a3e59b7a9b13d1e9ad977d6c5700570a660d4897dc8284dd723d32727ffc8ef4c54
|
data/Gemfile
CHANGED
|
@@ -11,14 +11,14 @@ gemspec
|
|
|
11
11
|
# In some circumstances custom flags are passed to gems in order
|
|
12
12
|
# to build appropriately. Defer to ./reinstall_pwn_gemset.sh
|
|
13
13
|
# to review these custom flags (e.g. pg, serialport, etc).
|
|
14
|
-
gem 'activesupport', '7.0.3'
|
|
14
|
+
gem 'activesupport', '7.0.3.1'
|
|
15
15
|
gem 'anemone', '0.7.2'
|
|
16
16
|
gem 'authy', '3.0.1'
|
|
17
17
|
gem 'aws-sdk', '3.1.0'
|
|
18
18
|
gem 'bettercap', '1.6.2'
|
|
19
19
|
gem 'brakeman', '5.2.3'
|
|
20
20
|
gem 'bson', '4.15.0'
|
|
21
|
-
gem 'bundler', '>=2.3.
|
|
21
|
+
gem 'bundler', '>=2.3.18'
|
|
22
22
|
gem 'bundler-audit', '0.9.1'
|
|
23
23
|
gem 'bunny', '2.19.0'
|
|
24
24
|
gem 'colorize', '0.8.1'
|
|
@@ -42,7 +42,7 @@ gem 'net-ldap', '0.17.1'
|
|
|
42
42
|
gem 'net-openvpn', '0.8.7'
|
|
43
43
|
gem 'net-smtp', '0.3.1'
|
|
44
44
|
gem 'nexpose', '7.3.0'
|
|
45
|
-
gem 'nokogiri', '1.13.
|
|
45
|
+
gem 'nokogiri', '1.13.7'
|
|
46
46
|
gem 'oily_png', '1.2.1'
|
|
47
47
|
gem 'os', '1.1.4'
|
|
48
48
|
gem 'packetfu', '1.1.13'
|
|
@@ -67,7 +67,7 @@ gem 'ruby-nmap', '0.10.0'
|
|
|
67
67
|
gem 'ruby-saml', '1.14.0'
|
|
68
68
|
gem 'rvm', '1.11.3.9'
|
|
69
69
|
gem 'savon', '2.12.1'
|
|
70
|
-
gem 'selenium-devtools', '0.103.
|
|
70
|
+
gem 'selenium-devtools', '0.103.1'
|
|
71
71
|
gem 'serialport', '1.3.2'
|
|
72
72
|
gem 'sinatra', '2.2.0'
|
|
73
73
|
gem 'slack-ruby-client', '1.1.0'
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
|
37
37
|
$ rvm list gemsets
|
|
38
38
|
$ gem install --verbose pwn
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.4.
|
|
40
|
+
pwn[v0.4.514]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.4.
|
|
55
|
+
pwn[v0.4.514]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
|
data/bin/pwn_android_war_dialer
CHANGED
data/lib/pwn/reports/sast.rb
CHANGED
|
@@ -101,7 +101,7 @@ module PWN
|
|
|
101
101
|
<div>
|
|
102
102
|
<b>Toggle Column(s):</b>
|
|
103
103
|
<a class="toggle-vis" data-column="1" href="#">Timestamp</a> |
|
|
104
|
-
<a class="toggle-vis" data-column="2" href="#">Test Case / Security
|
|
104
|
+
<a class="toggle-vis" data-column="2" href="#">Test Case / Security References</a> |
|
|
105
105
|
<a class="toggle-vis" data-column="3" href="#">Path</a> |
|
|
106
106
|
<a class="toggle-vis" data-column="4" href="#">Line#, Formatted Content, & Last Committed By</a> |
|
|
107
107
|
<a class="toggle-vis" data-column="5" href="#">Raw Content</a> |
|
|
@@ -115,7 +115,7 @@ module PWN
|
|
|
115
115
|
<tr>
|
|
116
116
|
<th>#</th>
|
|
117
117
|
<th>Timestamp</th>
|
|
118
|
-
<th>Test Case / Security
|
|
118
|
+
<th>Test Case / Security References</th>
|
|
119
119
|
<th>Path</th>
|
|
120
120
|
<th>Line#, Formatted Content, & Last Committed By</th>
|
|
121
121
|
<th>Raw Content</th>
|
|
@@ -170,7 +170,7 @@ module PWN
|
|
|
170
170
|
"render": $.fn.dataTable.render.text()
|
|
171
171
|
},
|
|
172
172
|
{
|
|
173
|
-
"data": "
|
|
173
|
+
"data": "security_references",
|
|
174
174
|
"render": function (data, type, row, meta) {
|
|
175
175
|
var sast_dirname = data['sast_module'].split('::')[0].toLowerCase() + '/' + data['sast_module'].split('::')[1].toLowerCase();
|
|
176
176
|
var sast_module = data['sast_module'].split('::')[2];
|
|
@@ -203,7 +203,7 @@ module PWN
|
|
|
203
203
|
|
|
204
204
|
var bug_comment = 'Timestamp: ' + row.timestamp + '\n' +
|
|
205
205
|
'Test Case: http://' + window.location.hostname + ':8808/doc_root/pwn-0.1.0/' +
|
|
206
|
-
row.
|
|
206
|
+
row.security_references['sast_module'].replace(/::/g, "/") + '\n' +
|
|
207
207
|
'Source Code Impacted: ' + $("<div/>").html(filename_link).text() + '\n\n' +
|
|
208
208
|
'Test Case Request:\n' +
|
|
209
209
|
$("<div/>").html(row.test_case_filter.replace(/\s{2,}/g, " ")).text() + '\n\n' +
|
|
@@ -49,7 +49,7 @@ module PWN
|
|
|
49
49
|
|
|
50
50
|
hash_line = {
|
|
51
51
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
52
|
-
|
|
52
|
+
security_references: security_references,
|
|
53
53
|
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
54
54
|
line_no_and_contents: '',
|
|
55
55
|
raw_content: str,
|
|
@@ -78,9 +78,11 @@ module PWN
|
|
|
78
78
|
else
|
|
79
79
|
author = 'N/A'
|
|
80
80
|
end
|
|
81
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
82
|
-
|
|
83
|
-
|
|
81
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
82
|
+
line_no: line_no,
|
|
83
|
+
contents: contents,
|
|
84
|
+
author: author
|
|
85
|
+
)
|
|
84
86
|
current_count += 2
|
|
85
87
|
end
|
|
86
88
|
result_arr.push(hash_line)
|
|
@@ -104,7 +106,7 @@ module PWN
|
|
|
104
106
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
105
107
|
# Determine the level of Testing Coverage w/ PWN.
|
|
106
108
|
|
|
107
|
-
public_class_method def self.
|
|
109
|
+
public_class_method def self.security_references
|
|
108
110
|
{
|
|
109
111
|
sast_module: self,
|
|
110
112
|
section: 'ACCOUNT MANAGEMENT',
|
|
@@ -48,7 +48,7 @@ module PWN
|
|
|
48
48
|
|
|
49
49
|
hash_line = {
|
|
50
50
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
51
|
-
|
|
51
|
+
security_references: security_references,
|
|
52
52
|
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
53
53
|
line_no_and_contents: '',
|
|
54
54
|
raw_content: str,
|
|
@@ -78,9 +78,11 @@ module PWN
|
|
|
78
78
|
else
|
|
79
79
|
author = 'N/A'
|
|
80
80
|
end
|
|
81
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
82
|
-
|
|
83
|
-
|
|
81
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
82
|
+
line_no: line_no,
|
|
83
|
+
contents: contents,
|
|
84
|
+
author: author
|
|
85
|
+
)
|
|
84
86
|
|
|
85
87
|
current_count += 2
|
|
86
88
|
end
|
|
@@ -105,7 +107,7 @@ module PWN
|
|
|
105
107
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
106
108
|
# Determine the level of Testing Coverage w/ PWN.
|
|
107
109
|
|
|
108
|
-
public_class_method def self.
|
|
110
|
+
public_class_method def self.security_references
|
|
109
111
|
{
|
|
110
112
|
sast_module: self,
|
|
111
113
|
section: 'INFORMATION INPUT VALIDATION',
|
data/lib/pwn/sast/aws.rb
CHANGED
|
@@ -49,7 +49,7 @@ module PWN
|
|
|
49
49
|
|
|
50
50
|
hash_line = {
|
|
51
51
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
52
|
-
|
|
52
|
+
security_references: security_references,
|
|
53
53
|
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
54
54
|
line_no_and_contents: '',
|
|
55
55
|
raw_content: str,
|
|
@@ -79,9 +79,11 @@ module PWN
|
|
|
79
79
|
else
|
|
80
80
|
author = 'N/A'
|
|
81
81
|
end
|
|
82
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
83
|
-
|
|
84
|
-
|
|
82
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
83
|
+
line_no: line_no,
|
|
84
|
+
contents: contents,
|
|
85
|
+
author: author
|
|
86
|
+
)
|
|
85
87
|
|
|
86
88
|
current_count += 2
|
|
87
89
|
end
|
|
@@ -106,7 +108,7 @@ module PWN
|
|
|
106
108
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
107
109
|
# Determine the level of Testing Coverage w/ PWN.
|
|
108
110
|
|
|
109
|
-
public_class_method def self.
|
|
111
|
+
public_class_method def self.security_references
|
|
110
112
|
{
|
|
111
113
|
sast_module: self,
|
|
112
114
|
section: 'TRANSMISSION CONFIDENTIALITY AND INTEGRITY',
|
|
@@ -176,7 +176,7 @@ module PWN
|
|
|
176
176
|
|
|
177
177
|
hash_line = {
|
|
178
178
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
179
|
-
|
|
179
|
+
security_references: security_references,
|
|
180
180
|
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
181
181
|
line_no_and_contents: '',
|
|
182
182
|
raw_content: str,
|
|
@@ -206,9 +206,11 @@ module PWN
|
|
|
206
206
|
else
|
|
207
207
|
author = 'N/A'
|
|
208
208
|
end
|
|
209
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
210
|
-
|
|
211
|
-
|
|
209
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
210
|
+
line_no: line_no,
|
|
211
|
+
contents: contents,
|
|
212
|
+
author: author
|
|
213
|
+
)
|
|
212
214
|
|
|
213
215
|
current_count += 2
|
|
214
216
|
end
|
|
@@ -233,7 +235,7 @@ module PWN
|
|
|
233
235
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
234
236
|
# Determine the level of Testing Coverage w/ PWN.
|
|
235
237
|
|
|
236
|
-
public_class_method def self.
|
|
238
|
+
public_class_method def self.security_references
|
|
237
239
|
{
|
|
238
240
|
sast_module: self,
|
|
239
241
|
section: 'INFORMATION INPUT VALIDATION',
|
data/lib/pwn/sast/base64.rb
CHANGED
|
@@ -50,7 +50,7 @@ module PWN
|
|
|
50
50
|
|
|
51
51
|
hash_line = {
|
|
52
52
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
53
|
-
|
|
53
|
+
security_references: security_references,
|
|
54
54
|
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
55
55
|
line_no_and_contents: '',
|
|
56
56
|
raw_content: str,
|
|
@@ -80,9 +80,11 @@ module PWN
|
|
|
80
80
|
else
|
|
81
81
|
author = 'N/A'
|
|
82
82
|
end
|
|
83
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
84
|
-
|
|
85
|
-
|
|
83
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
84
|
+
line_no: line_no,
|
|
85
|
+
contents: contents,
|
|
86
|
+
author: author
|
|
87
|
+
)
|
|
86
88
|
|
|
87
89
|
current_count += 2
|
|
88
90
|
end
|
|
@@ -104,7 +106,7 @@ module PWN
|
|
|
104
106
|
|
|
105
107
|
# Used to dictate Security Control Requirements for a Given SAST module.
|
|
106
108
|
|
|
107
|
-
public_class_method def self.
|
|
109
|
+
public_class_method def self.security_references
|
|
108
110
|
{
|
|
109
111
|
sast_module: self,
|
|
110
112
|
section: 'PROTECTION OF INFORMATION AT REST',
|
data/lib/pwn/sast/beef_hook.rb
CHANGED
|
@@ -44,7 +44,7 @@ module PWN
|
|
|
44
44
|
|
|
45
45
|
hash_line = {
|
|
46
46
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
47
|
-
|
|
47
|
+
security_references: security_references,
|
|
48
48
|
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
49
49
|
line_no_and_contents: '',
|
|
50
50
|
raw_content: str,
|
|
@@ -74,9 +74,11 @@ module PWN
|
|
|
74
74
|
else
|
|
75
75
|
author = 'N/A'
|
|
76
76
|
end
|
|
77
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
78
|
-
|
|
79
|
-
|
|
77
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
78
|
+
line_no: line_no,
|
|
79
|
+
contents: contents,
|
|
80
|
+
author: author
|
|
81
|
+
)
|
|
80
82
|
|
|
81
83
|
current_count += 2
|
|
82
84
|
end
|
|
@@ -101,7 +103,7 @@ module PWN
|
|
|
101
103
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
102
104
|
# Determine the level of Testing Coverage w/ PWN.
|
|
103
105
|
|
|
104
|
-
public_class_method def self.
|
|
106
|
+
public_class_method def self.security_references
|
|
105
107
|
{
|
|
106
108
|
sast_module: self,
|
|
107
109
|
section: 'MALICIOUS CODE PROTECTION',
|
|
@@ -49,7 +49,7 @@ module PWN
|
|
|
49
49
|
|
|
50
50
|
hash_line = {
|
|
51
51
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
52
|
-
|
|
52
|
+
security_references: security_references,
|
|
53
53
|
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
54
54
|
line_no_and_contents: '',
|
|
55
55
|
raw_content: str,
|
|
@@ -79,9 +79,11 @@ module PWN
|
|
|
79
79
|
else
|
|
80
80
|
author = 'N/A'
|
|
81
81
|
end
|
|
82
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
83
|
-
|
|
84
|
-
|
|
82
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
83
|
+
line_no: line_no,
|
|
84
|
+
contents: contents,
|
|
85
|
+
author: author
|
|
86
|
+
)
|
|
85
87
|
|
|
86
88
|
current_count += 2
|
|
87
89
|
end
|
|
@@ -106,7 +108,7 @@ module PWN
|
|
|
106
108
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
107
109
|
# Determine the level of Testing Coverage w/ PWN.
|
|
108
110
|
|
|
109
|
-
public_class_method def self.
|
|
111
|
+
public_class_method def self.security_references
|
|
110
112
|
{
|
|
111
113
|
sast_module: self,
|
|
112
114
|
section: 'INFORMATION INPUT VALIDATION',
|
|
@@ -51,7 +51,7 @@ module PWN
|
|
|
51
51
|
|
|
52
52
|
hash_line = {
|
|
53
53
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
54
|
-
|
|
54
|
+
security_references: security_references,
|
|
55
55
|
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
56
56
|
line_no_and_contents: '',
|
|
57
57
|
raw_content: str,
|
|
@@ -81,9 +81,11 @@ module PWN
|
|
|
81
81
|
else
|
|
82
82
|
author = 'N/A'
|
|
83
83
|
end
|
|
84
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
85
|
-
|
|
86
|
-
|
|
84
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
85
|
+
line_no: line_no,
|
|
86
|
+
contents: contents,
|
|
87
|
+
author: author
|
|
88
|
+
)
|
|
87
89
|
|
|
88
90
|
current_count += 2
|
|
89
91
|
end
|
|
@@ -108,7 +110,7 @@ module PWN
|
|
|
108
110
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
109
111
|
# Determine the level of Testing Coverage w/ PWN.
|
|
110
112
|
|
|
111
|
-
public_class_method def self.
|
|
113
|
+
public_class_method def self.security_references
|
|
112
114
|
{
|
|
113
115
|
sast_module: self,
|
|
114
116
|
section: 'INFORMATION INPUT VALIDATION',
|
|
@@ -59,7 +59,7 @@ module PWN
|
|
|
59
59
|
|
|
60
60
|
hash_line = {
|
|
61
61
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
62
|
-
|
|
62
|
+
security_references: security_references,
|
|
63
63
|
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
64
64
|
line_no_and_contents: '',
|
|
65
65
|
raw_content: str,
|
|
@@ -89,9 +89,11 @@ module PWN
|
|
|
89
89
|
else
|
|
90
90
|
author = 'N/A'
|
|
91
91
|
end
|
|
92
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
93
|
-
|
|
94
|
-
|
|
92
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
93
|
+
line_no: line_no,
|
|
94
|
+
contents: contents,
|
|
95
|
+
author: author
|
|
96
|
+
)
|
|
95
97
|
|
|
96
98
|
current_count += 2
|
|
97
99
|
end
|
|
@@ -116,7 +118,7 @@ module PWN
|
|
|
116
118
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
117
119
|
# Determine the level of Testing Coverage w/ PWN.
|
|
118
120
|
|
|
119
|
-
public_class_method def self.
|
|
121
|
+
public_class_method def self.security_references
|
|
120
122
|
{
|
|
121
123
|
sast_module: self,
|
|
122
124
|
section: 'INFORMATION INPUT VALIDATION',
|
|
@@ -49,7 +49,7 @@ module PWN
|
|
|
49
49
|
|
|
50
50
|
hash_line = {
|
|
51
51
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
52
|
-
|
|
52
|
+
security_references: security_references,
|
|
53
53
|
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
54
54
|
line_no_and_contents: '',
|
|
55
55
|
raw_content: str,
|
|
@@ -79,9 +79,11 @@ module PWN
|
|
|
79
79
|
else
|
|
80
80
|
author = 'N/A'
|
|
81
81
|
end
|
|
82
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
83
|
-
|
|
84
|
-
|
|
82
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
83
|
+
line_no: line_no,
|
|
84
|
+
contents: contents,
|
|
85
|
+
author: author
|
|
86
|
+
)
|
|
85
87
|
|
|
86
88
|
current_count += 2
|
|
87
89
|
end
|
|
@@ -106,7 +108,7 @@ module PWN
|
|
|
106
108
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
107
109
|
# Determine the level of Testing Coverage w/ PWN.
|
|
108
110
|
|
|
109
|
-
public_class_method def self.
|
|
111
|
+
public_class_method def self.security_references
|
|
110
112
|
{
|
|
111
113
|
sast_module: self,
|
|
112
114
|
section: 'INFORMATION INPUT VALIDATION',
|
data/lib/pwn/sast/csrf.rb
CHANGED
|
@@ -47,7 +47,7 @@ module PWN
|
|
|
47
47
|
|
|
48
48
|
hash_line = {
|
|
49
49
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
50
|
-
|
|
50
|
+
security_references: security_references,
|
|
51
51
|
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
52
52
|
line_no_and_contents: '',
|
|
53
53
|
raw_content: str,
|
|
@@ -77,9 +77,11 @@ module PWN
|
|
|
77
77
|
else
|
|
78
78
|
author = 'N/A'
|
|
79
79
|
end
|
|
80
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
81
|
-
|
|
82
|
-
|
|
80
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
81
|
+
line_no: line_no,
|
|
82
|
+
contents: contents,
|
|
83
|
+
author: author
|
|
84
|
+
)
|
|
83
85
|
|
|
84
86
|
current_count += 2
|
|
85
87
|
end
|
|
@@ -102,7 +104,7 @@ module PWN
|
|
|
102
104
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
103
105
|
# Determine the level of Testing Coverage w/ PWN.
|
|
104
106
|
|
|
105
|
-
public_class_method def self.
|
|
107
|
+
public_class_method def self.security_references
|
|
106
108
|
{
|
|
107
109
|
sast_module: self,
|
|
108
110
|
section: 'MALICIOUS CODE PROTECTION',
|
|
@@ -46,7 +46,7 @@ module PWN
|
|
|
46
46
|
|
|
47
47
|
hash_line = {
|
|
48
48
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
49
|
-
|
|
49
|
+
security_references: security_references,
|
|
50
50
|
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
51
51
|
line_no_and_contents: '',
|
|
52
52
|
raw_content: str,
|
|
@@ -76,9 +76,11 @@ module PWN
|
|
|
76
76
|
else
|
|
77
77
|
author = 'N/A'
|
|
78
78
|
end
|
|
79
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
80
|
-
|
|
81
|
-
|
|
79
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
80
|
+
line_no: line_no,
|
|
81
|
+
contents: contents,
|
|
82
|
+
author: author
|
|
83
|
+
)
|
|
82
84
|
|
|
83
85
|
current_count += 2
|
|
84
86
|
end
|
|
@@ -101,7 +103,7 @@ module PWN
|
|
|
101
103
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
102
104
|
# Determine the level of Testing Coverage w/ PWN.
|
|
103
105
|
|
|
104
|
-
public_class_method def self.
|
|
106
|
+
public_class_method def self.security_references
|
|
105
107
|
{
|
|
106
108
|
sast_module: self,
|
|
107
109
|
section: 'INFORMATION INPUT VALIDATION',
|
data/lib/pwn/sast/emoticon.rb
CHANGED
|
@@ -51,7 +51,7 @@ module PWN
|
|
|
51
51
|
|
|
52
52
|
hash_line = {
|
|
53
53
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
54
|
-
|
|
54
|
+
security_references: security_references,
|
|
55
55
|
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
56
56
|
line_no_and_contents: '',
|
|
57
57
|
raw_content: str,
|
|
@@ -81,9 +81,11 @@ module PWN
|
|
|
81
81
|
else
|
|
82
82
|
author = 'N/A'
|
|
83
83
|
end
|
|
84
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
85
|
-
|
|
86
|
-
|
|
84
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
85
|
+
line_no: line_no,
|
|
86
|
+
contents: contents,
|
|
87
|
+
author: author
|
|
88
|
+
)
|
|
87
89
|
|
|
88
90
|
current_count += 2
|
|
89
91
|
end
|
|
@@ -109,7 +111,7 @@ module PWN
|
|
|
109
111
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
110
112
|
# Determine the level of Testing Coverage w/ PWN.
|
|
111
113
|
|
|
112
|
-
public_class_method def self.
|
|
114
|
+
public_class_method def self.security_references
|
|
113
115
|
{
|
|
114
116
|
sast_module: self,
|
|
115
117
|
section: 'LEAST PRIVILEGE',
|
data/lib/pwn/sast/eval.rb
CHANGED
|
@@ -47,7 +47,7 @@ module PWN
|
|
|
47
47
|
|
|
48
48
|
hash_line = {
|
|
49
49
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
50
|
-
|
|
50
|
+
security_references: security_references,
|
|
51
51
|
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
52
52
|
line_no_and_contents: '',
|
|
53
53
|
raw_content: str,
|
|
@@ -77,9 +77,11 @@ module PWN
|
|
|
77
77
|
else
|
|
78
78
|
author = 'N/A'
|
|
79
79
|
end
|
|
80
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
81
|
-
|
|
82
|
-
|
|
80
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
81
|
+
line_no: line_no,
|
|
82
|
+
contents: contents,
|
|
83
|
+
author: author
|
|
84
|
+
)
|
|
83
85
|
|
|
84
86
|
current_count += 2
|
|
85
87
|
end
|
|
@@ -104,7 +106,7 @@ module PWN
|
|
|
104
106
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
105
107
|
# Determine the level of Testing Coverage w/ PWN.
|
|
106
108
|
|
|
107
|
-
public_class_method def self.
|
|
109
|
+
public_class_method def self.security_references
|
|
108
110
|
{
|
|
109
111
|
sast_module: self,
|
|
110
112
|
section: 'MALICIOUS CODE PROTECTION',
|
data/lib/pwn/sast/factory.rb
CHANGED
|
@@ -46,7 +46,7 @@ module PWN
|
|
|
46
46
|
|
|
47
47
|
hash_line = {
|
|
48
48
|
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
|
49
|
-
|
|
49
|
+
security_references: security_references,
|
|
50
50
|
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
|
51
51
|
line_no_and_contents: '',
|
|
52
52
|
raw_content: str,
|
|
@@ -76,9 +76,11 @@ module PWN
|
|
|
76
76
|
else
|
|
77
77
|
author = 'N/A'
|
|
78
78
|
end
|
|
79
|
-
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
80
|
-
|
|
81
|
-
|
|
79
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
80
|
+
line_no: line_no,
|
|
81
|
+
contents: contents,
|
|
82
|
+
author: author
|
|
83
|
+
)
|
|
82
84
|
|
|
83
85
|
current_count += 2
|
|
84
86
|
end
|
|
@@ -101,7 +103,7 @@ module PWN
|
|
|
101
103
|
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
|
102
104
|
# Determine the level of Testing Coverage w/ PWN.
|
|
103
105
|
|
|
104
|
-
public_class_method def self.
|
|
106
|
+
public_class_method def self.security_references
|
|
105
107
|
{
|
|
106
108
|
sast_module: self,
|
|
107
109
|
section: 'DEVELOPER CONFIGURATION MANAGEMENT',
|