pwn 0.4.514 → 0.4.517

data/lib/pwn/plugins/thread_pool.rb

@@ -7,7 +7,8 @@ module PWN
       # Supported Method Parameters::
       # PWN::Plugins::ThreadPool.fill(
       #   enumerable_array: 'required array for proper thread pool assignment',
-      #   :max_threads: 'optional number of threads in the thread pool (defaults to 9)',
+      #   max_threads: 'optional number of threads in the thread pool (defaults to 9)',
+      #   seconds_between_thread_exec: 'optional - time to sleep between thread execution (defaults to 0)'
       #   &block
       # )
       #
@@ -19,19 +20,32 @@ module PWN
 
       public_class_method def self.fill(opts = {})
         enumerable_array = opts[:enumerable_array]
-        opts[:max_threads].nil? ? max_threads = 9 : max_threads = opts[:max_threads].to_i
+        max_threads = opts[:max_threads].to_i
+        max_threads = 9 if max_threads.zero?
+        # seconds_between_thread_exec = opts[:seconds_between_thread_exec].to_i
 
         puts "Initiating Thread Pool of #{max_threads} Worker Threads...."
         queue = SizedQueue.new(max_threads)
         threads = Array.new(max_threads) do
           Thread.new do
-            until (this_thread = queue.pop) == :END
+            until (this_thread = queue.pop) == :POOL_EXHAUSTED
               yield this_thread
             end
           end
         end
-        enumerable_array.uniq.sort.each { |this_thread| queue << this_thread }
-        max_threads.times { queue << :END }
+
+        enumerable_array.uniq.sort.each do |this_thread|
+          queue << this_thread
+        end
+
+        max_threads.times do
+          queue << :POOL_EXHAUSTED
+        end
+
+        # threads.each do |thread|
+        #   sleep seconds_between_thread_exec if seconds_between_thread_exec.positive?
+        #   thread.join
+        # end
         threads.each(&:join)
       rescue Interrupt
         puts "\nGoodbye."

data/lib/pwn/plugins.rb

@@ -8,6 +8,7 @@ module PWN
     autoload :Android, 'pwn/plugins/android'
     autoload :AnsibleVault, 'pwn/plugins/ansible_vault'
     autoload :AuthenticationHelper, 'pwn/plugins/authentication_helper'
+    autoload :BareSIP, 'pwn/plugins/baresip'
     autoload :BasicAuth, 'pwn/plugins/basic_auth'
     autoload :BeEF, 'pwn/plugins/beef'
     autoload :BurpSuite, 'pwn/plugins/burp_suite'

data/lib/pwn/reports/phone.rb

@@ -0,0 +1,294 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module PWN
+  module Reports
+    # This plugin generates the War Dialing results produced by pwn_phone.
+    module Phone
+      # Supported Method Parameters::
+      # PWN::Reports::Phone.generate(
+      #   dir_path: dir_path,
+      #   results_hash: results_hash
+      # )
+
+      public_class_method def self.generate(opts = {})
+        dir_path = opts[:dir_path].to_s if File.directory?(opts[:dir_path].to_s)
+        raise "PWN Error: Invalid Directory #{dir_path}" if dir_path.nil?
+
+        results_hash = opts[:results_hash]
+
+        File.write(
+          "#{dir_path}/pwn_phone.json",
+          JSON.pretty_generate(results_hash)
+        )
+
+        html_report = %q{<!DOCTYPE HTML>
+        <html>
+          <head>
+            <!-- favicon.ico from https://0dayinc.com -->
+            <link rel="icon" href="data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAABIXAAASFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIkAAACJAgAAiSYAAIlbAACJcAAAiX0AAIlmAACJLQAAiQQAAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIkAAACJAAAAiS0AAIluAACJdwAAiXgAAIl+AACJeAAAiXQAAIk5AACJAQAAiQAAAAAAAAAAAAAAAAAAAAAAAACJAAAAiRgAAIlvAACJbQAAiXcAAIl7AACJcwAAiXEAAIl1AACJZwAAiR4AAIkAAACJAAAAAAAAAAAAAACJAAAAiQAAAIlEAACJfAAAiXIAAIlyAACJewAAiX4AAIl5AACJdQAAiXcAAIlIAACJAAAAiQAAAAAAAAAAAAAAiQAAAIkJAACJWQAAiXUAAIl9AACJdAAAiYYAAImLAACJdAAAiXkAAImNAACJfQAAiQwAAIkAAAAAAAAAAAAAAIkAAACJFQAAiWsAAIl2AACJfAAAiYIAAImCAACJfwAAiXYAAIl5AACJiQAAiYYAAIkWAACJAAAAAAAAAAAAAACJAAAAiSAAAIl2AACJeQAAiXkAAIl1AACJfwAAiYEAAIl8AACJbwAAiXoAAImBAACJFgAAiQAAAAAAAAAAAAAAiQAAAIkpAACJeAAAiXMAAIl3AACJeQAAiXUAAImAAACJfwAAiWYAAIl4AACJfwAAiR4AAIkAAAAAAAAAAAAAAIkAAACJKAAAiXkAAIlyAACJdQAAiXQAAIluAACJfAAAiXwAAIl3AACJewAAiXwAAIkvAACJAAAAAAAAAAAAAACJAAAAiSMAAIl4AACJdgAAiXsAAIl1AACJcQAAiXcAAIl6AACJeQAAiXoAAIl0AACJKQAAiQAAAAAAAAAAAAAAiQAAAIkXAACJaAAAiXgAAIl3AACJfAAAiXkAAIl3AACJZwAAiXcAAIl0AACJagAAiSgAAIkAAAAAAAAAAAAAAIkAAACJDgAAiV4AAIl5AACJbwAAiW4AAIl9AACJewAAiXcAAIl6AACJfQAAiW8AAIkWAACJAAAAAAAAAAAAAACJAAAAiQ0AAIllAACJewAAiXYAAIl4AACJdQAAiXUAAIl4AACJbQAAiXkAAIlNAACJAwAAiQAAAAAAAAAAAAAAiQAAAIkCAACJPQAAiXMAAIl2AACJeAAAiWgAAIlsAACJfQAAiXsAAIlwAACJGQAAiQAAAIkAAAAAAAAAAAAAAAAAAACJAAAAiQcAAIk4AACJXAAAiXoAAIl7AACJfAAAiYAAAIlsAACJJwAAiQMAAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIkAAACJAQAAiSsAAIluAACJewAAiXwAAIluAACJKgAAiQAAAIkAAAAAAAAAAAAAAAAA8A8AAPAHAADgBwAA4AcAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMAHAADgBwAA8B8AAA==" type="image/x-icon" />
+            <style>
+              body {
+                font-family: Verdana, Geneva, sans-serif;
+                font-size: 11px;
+                background-color: #FFFFFF;
+                color: #084B8A !important;
+              }
+
+              a:link {
+                color: #0174DF;
+                text-decoration: none;
+              }
+
+              a:visited {
+                color: #B40404;
+                text-decoration: none;
+              }
+
+              a:hover {
+                color: #01A9DB;
+                text-decoration: underline;
+              }
+
+              a:active {
+                color: #610B5E;
+                text-decoration: underline;
+              }
+
+              table {
+                width: 100%;
+                border-spacing:0px;
+              }
+
+              table.squish {
+                table-layout: fixed;
+              }
+
+              td {
+                vertical-align: top;
+                word-wrap: break-word !important;
+              }
+
+              .highlighted {
+                background-color: #F2F5A9 !important;
+              }
+            </style>
+
+            <!-- jQuery, DataTables, & FancyApps -->
+            <script type="text/javascript" src="//code.jquery.com/jquery-3.6.0.min.js"></script>
+
+            <link rel="stylesheet" type="text/css" href="//cdn.datatables.net/v/dt/dt-1.11.4/b-2.2.2/b-colvis-2.2.2/b-html5-2.2.2/b-print-2.2.2/cr-1.5.5/fc-4.0.1/fh-3.2.1/kt-2.6.4/r-2.2.9/rg-1.1.4/rr-1.2.8/sc-2.0.5/sp-1.4.0/sl-1.3.4/datatables.min.css"/>
+
+            <script type="text/javascript" src="//cdn.datatables.net/v/dt/dt-1.11.4/b-2.2.2/b-colvis-2.2.2/b-html5-2.2.2/b-print-2.2.2/cr-1.5.5/fc-4.0.1/fh-3.2.1/kt-2.6.4/r-2.2.9/rg-1.1.4/rr-1.2.8/sc-2.0.5/sp-1.4.0/sl-1.3.4/datatables.min.js"></script>
+
+            <link rel="stylesheet" href="//cdn.jsdelivr.net/npm/@fancyapps/ui@4.0/dist/fancybox.css" type="text/css" />
+
+            <script type="text/javascript" src="//cdn.jsdelivr.net/npm/@fancyapps/ui@4.0/dist/fancybox.umd.js"></script>
+          </head>
+
+          <body id="pwn_body">
+
+            <h1 style="display:inline">
+              <a href="https://github.com/0dayinc/pwn/tree/master">~ pwn phone</a>
+            </h1><br /><br />
+            <h2 id="report_name"></h2><br />
+
+            <div><button type="button" id="button">Rows Selected</button></div><br />
+            <div>
+              <b>Toggle Column(s):</b>&nbsp;
+              <a class="toggle-vis" data-column="1" href="#">Call Started</a>&nbsp;|&nbsp;
+              <a class="toggle-vis" data-column="2" href="#">Source #</a>&nbsp;|&nbsp;
+              <a class="toggle-vis" data-column="3" href="#">Source # Rules</a>&nbsp;|&nbsp;
+              <a class="toggle-vis" data-column="4" href="#">Target #</a>&nbsp;|&nbsp;
+              <a class="toggle-vis" data-column="5" href="#">Seconds Recorded</a>&nbsp;|&nbsp;
+              <a class="toggle-vis" data-column="6" href="#">Call Stopped</a>
+              <a class="toggle-vis" data-column="7" href="#">Reason</a>
+              <a class="toggle-vis" data-column="8" href="#">Recording</a>&nbsp;|&nbsp;
+              <a class="toggle-vis" data-column="9" href="#">Spectrogram</a>&nbsp;|&nbsp;
+              <a class="toggle-vis" data-column="10" href="#">Waveform</a>
+            </div>
+            <br /><br />
+
+            <div>
+              <table id="pwn_phone_results" class="display" cellspacing="0">
+                <thead>
+                  <tr>
+                    <th>#</th>
+                    <th>Call Started</th>
+                    <th>Source #</th>
+                    <th>Source # Rules</th>
+                    <th>Target #</th>
+                    <th>Seconds Recorded</th>
+                    <th>Call Stopped</th>
+                    <th>Reason Stopped</th>
+                    <th>Recording</th>
+                    <th>Spectrogram</th>
+                    <th>Waveform</th>
+                  </tr>
+                </thead>
+                <!-- DataTables <tbody> -->
+              </table>
+            </div>
+
+            <script>
+              var htmlEntityEncode = $.fn.dataTable.render.text().display;
+              var line_entry_uri = "";
+              $(document).ready(function() {
+                var oldStart = 0;
+                var table = $('#pwn_phone_results').DataTable( {
+                  "paging": true,
+                  "pagingType": "full_numbers",
+                  "fnDrawCallback": function ( oSettings ) {
+                    /* Need to redo the counters if filtered or sorted */
+                    if ( oSettings.bSorted || oSettings.bFiltered ) {
+                      for ( var i=0, iLen=oSettings.aiDisplay.length ; i<iLen ; i++ ) {
+                        $('td:eq(0)', oSettings.aoData[ oSettings.aiDisplay[i] ].nTr ).html( i+1 );
+                      }
+                    }
+                    // Jump to top when utilizing pagination
+                    if ( oSettings._iDisplayStart != oldStart ) {
+                      var targetOffset = $('#pwn_body').offset().top;
+                      $('html,body').animate({scrollTop: targetOffset}, 500);
+                      oldStart = oSettings._iDisplayStart;
+                    }
+                    // Select individual lines in a row
+                    $('#multi_line_select tbody').on('click', 'tr', function () {
+                      $(this).toggleClass('highlighted');
+                      if ($('#multi_line_select tr.highlighted').length > 0) {
+                        $('#multi_line_select tr td button').attr('disabled', 'disabled');
+                        // Remove multi-line bug button
+                      } else {
+                        $('#multi_line_select tr td button').removeAttr('disabled');
+                        // Add multi-line bug button
+                      }
+                    });
+                  },
+                  "ajax": "pwn_phone.json",
+                  //"deferRender": true,
+                  "dom": "fplitfpliS",
+                  "autoWidth": false,
+                  "columns": [
+                    { "data": null },
+                    {
+                      "data": "call_started",
+                      "render": $.fn.dataTable.render.text()
+                    },
+                    {
+                      "data": "src_num",
+                      "render": $.fn.dataTable.render.text()
+                    },
+                    {
+                      "data": "src_num_rules",
+                      "render": $.fn.dataTable.render.text()
+                    },
+                    {
+                      "data": "target_num",
+                      "render": $.fn.dataTable.render.text()
+                    },
+                    {
+                      "data": "seconds_recorded",
+                      "render": $.fn.dataTable.render.text()
+                    },
+                    {
+                      "data": "call_stopped",
+                      "render": $.fn.dataTable.render.text()
+                    },
+                    {
+                      "data": "reason",
+                      "render": $.fn.dataTable.render.text()
+                    },
+                    {
+                      "data": "recording",
+                      "render": function (data, type, row, meta) {
+                        var wav = htmlEntityEncode(data);
+                        if (wav == '--') {
+                          return wav;
+                        } else {
+                          return '<audio controls><source src="' + wav +'" type="audio/wav"></audio>';
+                        }
+                      }
+                    },
+                    {
+                      "data": "spectrogram",
+                      "render": function (data, type, row, meta) {
+                        var spt = htmlEntityEncode(data);
+                        if (spt == '--') {
+                          return spt;
+                        } else {
+                          return '<a data-fancybox data-src="' + spt + '" data-caption="' + spt + '"><img src="' + data +'" target="_blank" style="width:150px; height:150px;"/></a>';
+                        }
+                      }
+                    },
+                    {
+                      "data": "waveform",
+                      "render": function (data, type, row, meta) {
+                        var wfm = htmlEntityEncode(data);
+                        if (wfm == '--') {
+                          return wfm;
+                        } else {
+                          return '<a data-fancybox data-src="' + wfm + '" data-caption="' + wfm + '"><img src="' + data +'" target="_blank" style="width:150px; height:150px;"/></a>';
+                        }
+                      }
+                    }
+                  ]
+                });
+                // Toggle Columns
+                $('a.toggle-vis').on('click', function (e) {
+                  e.preventDefault();
+
+                  // Get the column API object
+                  var column = table.column( $(this).attr('data-column') );
+
+                  // Toggle the visibility
+                  column.visible( ! column.visible() );
+                });
+
+                // TODO: Open bug for highlighted rows ;)
+                $('#button').click( function () {
+                  alert($('#multi_line_select tr.highlighted').length +' row(s) highlighted');
+                });
+              });
+
+              function multi_line_select() {
+                // Select all lines in a row
+                //$('#pwn_phone_results tbody').on('click', 'tr', function () {
+                //  $(this).children('td').children('#multi_line_select').children('tbody').children('tr').toggleClass('highlighted');
+                //});
+
+              }
+            </script>
+          </body>
+        </html>
+        }
+
+        File.open("#{dir_path}/pwn_phone.html", 'w') do |f|
+          f.print(html_report)
+        end
+      rescue StandardError => e
+        raise e
+      end
+
+      # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
+
+      public_class_method def self.authors
+        "AUTHOR(S):
+          0day Inc. <request.pentest@0dayinc.com>
+        "
+      end
+
+      # Display Usage for this Module
+
+      public_class_method def self.help
+        puts "USAGE:
+          #{self}.generate(
+            dir_path: dir_path,
+            results_hash: results_hash
+          )
+
+          #{self}.authors
+        "
+      end
+    end
+  end
+end

data/lib/pwn/reports.rb

@@ -9,6 +9,7 @@ module PWN
     # autoload :JSON, 'pwn/reports/json'
     # autoload :PDF, 'pwn/reports/pdf'
     autoload :Fuzz, 'pwn/reports/fuzz'
+    autoload :Phone, 'pwn/reports/phone'
     autoload :SAST, 'pwn/reports/sast'
     # autoload :XML, 'pwn/reports/xml'
 

data/lib/pwn/sast/amqp_connect_as_guest.rb

@@ -23,7 +23,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
+          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 

data/lib/pwn/sast/apache_file_system_util_api.rb

@@ -22,7 +22,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
+          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 

data/lib/pwn/sast/aws.rb

@@ -21,7 +21,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
+          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 

data/lib/pwn/sast/banned_function_calls_c.rb

@@ -23,7 +23,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.c' || File.extname(entry) == '.cpp' || File.extname(entry) == '.c++' || File.extname(entry) == '.cxx' || File.extname(entry) == '.h' || File.extname(entry) == '.hpp' || File.extname(entry) == '.h++' || File.extname(entry) == '.hh' || File.extname(entry) == '.hxx' || File.extname(entry) == '.ii' || File.extname(entry) == '.ixx' || File.extname(entry) == '.ipp' || File.extname(entry) == '.inl' || File.extname(entry) == '.txx' || File.extname(entry) == '.tpp' || File.extname(entry) == '.tpl')
+          if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.c' || File.extname(entry) == '.cpp' || File.extname(entry) == '.c++' || File.extname(entry) == '.cxx' || File.extname(entry) == '.h' || File.extname(entry) == '.hpp' || File.extname(entry) == '.h++' || File.extname(entry) == '.hh' || File.extname(entry) == '.hxx' || File.extname(entry) == '.ii' || File.extname(entry) == '.ixx' || File.extname(entry) == '.ipp' || File.extname(entry) == '.inl' || File.extname(entry) == '.txx' || File.extname(entry) == '.tpp' || File.extname(entry) == '.tpl') && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 

data/lib/pwn/sast/base64.rb

@@ -22,7 +22,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
+          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 

data/lib/pwn/sast/beef_hook.rb

@@ -22,7 +22,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
+          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 
@@ -32,7 +32,10 @@ module PWN
               entry_beautified = true
             end
 
-            test_case_filter = "grep -Fin 'hook.js' #{entry}"
+            test_case_filter = "
+              grep -Fin \
+              -e 'hook.js' #{entry}
+            "
 
             str = `#{test_case_filter}`.to_s.scrub
 

data/lib/pwn/sast/cmd_execution_java.rb

@@ -22,7 +22,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && File.extname(entry) == '.java'
+          if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && File.extname(entry) == '.java' && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 

data/lib/pwn/sast/cmd_execution_python.rb

@@ -22,7 +22,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.py' || File.extname(entry) == '.pyc' || File.extname(entry) == '.pyo' || File.extname(entry) == '.pyd')
+          if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.py' || File.extname(entry) == '.pyc' || File.extname(entry) == '.pyo' || File.extname(entry) == '.pyd') && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 

data/lib/pwn/sast/cmd_execution_ruby.rb

@@ -22,7 +22,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.rb' || File.extname(entry) == '.rbw')
+          if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.rb' || File.extname(entry) == '.rbw') && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 

data/lib/pwn/sast/cmd_execution_scala.rb

@@ -22,7 +22,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && File.extname(entry) == '.scala'
+          if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && File.extname(entry) == '.scala' && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 

data/lib/pwn/sast/csrf.rb

@@ -23,7 +23,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
+          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 
@@ -34,7 +34,8 @@ module PWN
             end
 
             test_case_filter = "
-              grep -ni 'csrf' #{entry}
+              grep -ni \
+              -e 'csrf' #{entry}
             "
 
             str = `#{test_case_filter}`.to_s.scrub

data/lib/pwn/sast/deserial_java.rb

@@ -24,7 +24,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.scala' || File.extname(entry) == '.java')
+          if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.scala' || File.extname(entry) == '.java') && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 
@@ -34,7 +34,17 @@ module PWN
               entry_beautified = true
             end
 
-            test_case_filter = "grep -in -e readObject -e XMLdecoder -e fromXML -e readObjectNodData -e readResolve -e readExternal -e readUnshared -e Serializable #{entry}"
+            test_case_filter = "
+              grep -in \
+              -e readObject \
+              -e XMLdecoder \
+              -e fromXML \
+              -e readObjectNodData \
+              -e readResolve \
+              -e readExternal \
+              -e readUnshared \
+              -e Serializable #{entry}
+            "
 
             str = `#{test_case_filter}`.to_s.scrub
 

data/lib/pwn/sast/emoticon.rb

@@ -22,7 +22,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
+          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 
@@ -38,6 +38,9 @@ module PWN
               -e ';-)' \
               -e ':-P' \
               -e ':-D' \
+              -e '\_o_/' \
+              -e '\_O_/' \
+              -e '\_0_/' \
               -e ':-O' #{entry}
             "
 

data/lib/pwn/sast/eval.rb

@@ -23,7 +23,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
+          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 
@@ -34,7 +34,8 @@ module PWN
             end
 
             test_case_filter = "
-              grep -n 'eval(' #{entry}
+              grep -n \
+              -e 'eval(' #{entry}
             "
 
             str = `#{test_case_filter}`.to_s.scrub

data/lib/pwn/sast/factory.rb

@@ -24,7 +24,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.scala' || File.extname(entry) == '.java')
+          if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.scala' || File.extname(entry) == '.java') && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 
@@ -34,7 +34,12 @@ module PWN
               entry_beautified = true
             end
 
-            test_case_filter = "grep -in -e DocumentBuilderFactory -e XMLInputFactory -e SAXParserFactory #{entry}"
+            test_case_filter = "
+              grep -in \
+              -e DocumentBuilderFactory \
+              -e XMLInputFactory \
+              -e SAXParserFactory #{entry}
+            "
 
             str = `#{test_case_filter}`.to_s.scrub
 

data/lib/pwn/sast/http_authorization_header.rb

@@ -22,7 +22,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
+          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 

data/lib/pwn/sast/inner_html.rb

@@ -23,7 +23,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
+          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 
@@ -34,7 +34,8 @@ module PWN
             end
 
             test_case_filter = "
-              grep -n 'innerHTML' #{entry}
+              grep -n \
+              -e 'innerHTML' #{entry}
             "
 
             str = `#{test_case_filter}`.to_s.scrub
@@ -112,7 +113,7 @@ module PWN
           section: 'MALICIOUS CODE PROTECTION',
           nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
           cwe_id: '79',
-          uri: 'https://cwe.mitre.org/data/definitions/79.html'
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/keystore.rb

@@ -22,7 +22,7 @@ module PWN
         logger_results = ''
 
         PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
+          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 
@@ -32,7 +32,10 @@ module PWN
               entry_beautified = true
             end
 
-            test_case_filter = "grep -Fin 'keystore' #{entry}"
+            test_case_filter = "
+              grep -Fin \
+              -e 'keystore' #{entry}
+            "
 
             str = `#{test_case_filter}`.to_s.scrub