RubyGems - pwn - Versions diffs - 0.4.540 → 0.4.541 - Mend

pwn 0.4.540 → 0.4.541

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/Gemfile +9 -9
data/README.md +2 -2
data/lib/pwn/sast/php_type_juggling.rb +143 -0
data/lib/pwn/sast.rb +1 -0
data/lib/pwn/version.rb +1 -1
data/spec/lib/pwn/sast/php_type_juggling_spec.rb +25 -0
metadata +22 -20

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0013bdf78e9fd0fd9e7edf7a328dd40e44f3f796bc371701614ffe2ebe123853
-  data.tar.gz: 9dfe4aa9953df1b5afc20fc7c9cab44a78e4557474dbf47498d7bfbe28fba09c
+  metadata.gz: 427d55a42fb2791829b056ebd93f52c6b36f0153ad706442a66f060bc03bd4fd
+  data.tar.gz: a95cfb0e5370c88577e6f2b46ea4960814ba66ba280ec9cc7902aa29f9511e0f
 SHA512:
-  metadata.gz: 9fe61829cbf3d58a9a895e0d084705bee3e54180885321b6def4f06f8b1e9160cfe20799086a28218051d14c2ced302d84209844d5eaa4952ab03ba160e34e89
-  data.tar.gz: 81e98057c2a6e4004424fac4b74160baf9e60b88625b454f318498de4241c2fb52726b35fd3d14efb41def3fb2b474a98c5a03272dd7379f8c65a01f39cc8847
+  metadata.gz: f3e7cdc76580919f076e85d6f4dc96c1816876b2377c70f30a8986398891e64565cff706133af49af4378305658032b4705ad0987ad0cfe48fe60345f521b154
+  data.tar.gz: 879b4b6bd0b954c28c06795c498db211263494d29553b8330a145151f61d18a765121334b6329d92eec6f2c48dc0e37460b567b879be74b0049b598e6cb8d5f9

data/Gemfile CHANGED Viewed

@@ -11,18 +11,18 @@ gemspec
 # In some circumstances custom flags are passed to gems in order
 # to build appropriately.  Defer to ./reinstall_pwn_gemset.sh
 # to review these custom flags (e.g. pg, serialport, etc).
-gem 'activesupport', '7.0.3.1'
+gem 'activesupport', '7.0.4'
 gem 'anemone', '0.7.2'
 gem 'authy', '3.0.1'
 gem 'aws-sdk', '3.1.0'
 gem 'bettercap', '1.6.2'
 gem 'brakeman', '5.3.1'
 gem 'bson', '4.15.0'
-gem 'bundler', '>=2.3.21'
+gem 'bundler', '>=2.3.22'
 gem 'bundler-audit', '0.9.1'
 gem 'bunny', '2.19.0'
 gem 'colorize', '0.8.1'
-gem 'credit_card_validations', '5.0.0'
+gem 'credit_card_validations', '6.0.0'
 gem 'eventmachine', '1.2.7'
 gem 'faye-websocket', '0.11.1'
 gem 'fftw3', '0.3'
@@ -60,27 +60,27 @@ gem 'rex', '2.0.13'
 gem 'rmagick', '4.2.6'
 gem 'rspec', '3.11.0'
 gem 'rtesseract', '3.1.2'
-gem 'rubocop', '1.35.1'
+gem 'rubocop', '1.36.0'
 gem 'rubocop-rake', '0.6.0'
-gem 'rubocop-rspec', '2.12.1'
+gem 'rubocop-rspec', '2.13.1'
 gem 'ruby-audio', '1.6.1'
 gem 'ruby-nmap', '0.10.0'
 gem 'ruby-saml', '1.14.0'
 gem 'rvm', '1.11.3.9'
-gem 'savon', '2.13.0'
-gem 'selenium-devtools', '0.104.0'
+gem 'savon', '2.13.1'
+gem 'selenium-devtools', '0.105.0'
 gem 'serialport', '1.3.2'
 gem 'sinatra', '2.2.2'
 gem 'slack-ruby-client', '1.1.0'
 gem 'socksify', '1.7.1'
 gem 'spreadsheet', '1.3.0'
-gem 'sqlite3', '1.4.4'
+gem 'sqlite3', '1.5.0'
 gem 'thin', '1.8.1'
 gem 'tty-prompt', '0.23.1'
 gem 'watir', '7.1.0'
 gem 'waveform', '0.1.2'
 gem 'webrick', '1.7.0'
 gem 'whois', '5.1.0'
-gem 'whois-parser', '1.2.0'
+gem 'whois-parser', '2.0.0'
 gem 'wicked_pdf', '2.6.3'
 gem 'yard', '0.9.28'

data/README.md CHANGED Viewed

@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.540]:001 >>> PWN.help
+pwn[v0.4.541]:001 >>> PWN.help
 ```
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.540]:001 >>> PWN.help
+pwn[v0.4.541]:001 >>> PWN.help
 ```

data/lib/pwn/sast/php_type_juggling.rb ADDED Viewed

@@ -0,0 +1,143 @@
+# frozen_string_literal: false
+require 'socket'
+module PWN
+  module SAST
+    # SAST Module used to identify command
+    # execution residing within Java source code.
+    module PHPTypeJuggling
+      @@logger = PWN::Plugins::PWNLogger.create
+      # Supported Method Parameters::
+      # PWN::SAST::Log4J.scan(
+      #   dir_path: 'optional path to dir defaults to .'
+      #   git_repo_root_uri: 'optional http uri of git repo scanned'
+      # )
+      public_class_method def self.scan(opts = {})
+        dir_path = opts[:dir_path]
+        git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
+        result_arr = []
+        logger_results = ''
+        PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
+          if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && File.extname(entry).include?('.php') && entry !~ /test/i
+            line_no_and_contents_arr = []
+            entry_beautified = false
+            if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
+              js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED`.to_s.scrub
+              entry = "#{entry}.JS-BEAUTIFIED"
+              entry_beautified = true
+            end
+            test_case_filter = "
+              grep -Fn \
+              -e '==' #{entry}
+            "
+            str = `#{test_case_filter}`.to_s.scrub
+            if str.to_s.empty?
+              # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
+              logger_results = "#{logger_results}~" # Catching bugs is good :)
+            else
+              str = "1:Result larger than 64KB -> Size: #{str.to_s.length}.  Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
+              hash_line = {
+                timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
+                security_references: security_references,
+                filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
+                line_no_and_contents: '',
+                raw_content: str,
+                test_case_filter: test_case_filter
+              }
+              # COMMMENT: Must be a better way to implement this (regex is kinda funky)
+              line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
+              line_no_count = line_contents_split.length # This should always be an even number
+              current_count = 0
+              while line_no_count > current_count
+                line_no = line_contents_split[current_count]
+                contents = line_contents_split[current_count + 1]
+                if Dir.exist?("#{dir_path}/.git") ||
+                   Dir.exist?('.git')
+                  repo_root = dir_path
+                  repo_root = '.' if Dir.exist?('.git')
+                  author = PWN::Plugins::Git.get_author(
+                    repo_root: repo_root,
+                    from_line: line_no,
+                    to_line: line_no,
+                    target_file: entry,
+                    entry_beautified: entry_beautified
+                  )
+                else
+                  author = 'N/A'
+                end
+                hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
+                  line_no: line_no,
+                  contents: contents,
+                  author: author
+                )
+                current_count += 2
+              end
+              result_arr.push(hash_line)
+              logger_results = "#{logger_results}x" # Seeing progress is good :)
+            end
+          end
+        end
+        logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
+        if logger_results.empty?
+          @@logger.info("#{logger_banner}: No files applicable to this test case.\n")
+        else
+          @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
+        end
+        result_arr
+      rescue StandardError => e
+        raise e
+      end
+      # Used primarily to map NIST 800-53 Revision 4 Security Controls
+      # https://web.nvd.nist.gov/view/800-53/Rev4/impact?impactName=HIGH
+      # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
+      # Determine the level of Testing Coverage w/ PWN.
+      public_class_method def self.security_references
+        {
+          sast_module: self,
+          section: 'DEVELOPER SECURITY AND PRIVACY ARCHITECTURE AND DESIGN',
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-17',
+          cwe_id: '661',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/661.html'
+        }
+      rescue StandardError => e
+        raise e
+      end
+      # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
+      public_class_method def self.authors
+        "AUTHOR(S):
+          0day Inc. <request.pentest@0dayinc.com>
+        "
+      end
+      # Display Usage for this Module
+      public_class_method def self.help
+        puts "USAGE:
+          sast_arr = #{self}.scan(
+            :dir_path => 'optional path to dir defaults to .',
+            :git_repo_root_uri => 'optional http uri of git repo scanned'
+          )
+          #{self}.authors
+        "
+      end
+    end
+  end
+end

data/lib/pwn/sast.rb CHANGED Viewed

@@ -29,6 +29,7 @@ module PWN
     autoload :Logger, 'pwn/sast/logger'
     autoload :OuterHTML, 'pwn/sast/outer_html'
     autoload :Password, 'pwn/sast/password'
+    autoload :PHPTypeJuggling, 'pwn/sast/php_type_juggling'
     autoload :PomVersion, 'pwn/sast/pom_version'
     autoload :Port, 'pwn/sast/port'
     autoload :PrivateKey, 'pwn/sast/private_key'

data/lib/pwn/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module PWN
-  VERSION = '0.4.540'
+  VERSION = '0.4.541'
 end

data/spec/lib/pwn/sast/php_type_juggling_spec.rb ADDED Viewed

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+require 'spec_helper'
+describe PWN::SAST::PHPTypeJuggling do
+  it 'scan method should exist' do
+    scan_response = PWN::SAST::PHPTypeJuggling
+    expect(scan_response).to respond_to :scan
+  end
+  it 'should display information for security_references' do
+    security_references_response = PWN::SAST::PHPTypeJuggling
+    expect(security_references_response).to respond_to :security_references
+  end
+  it 'should display information for authors' do
+    authors_response = PWN::SAST::PHPTypeJuggling
+    expect(authors_response).to respond_to :authors
+  end
+  it 'should display information for existing help method' do
+    help_response = PWN::SAST::PHPTypeJuggling
+    expect(help_response).to respond_to :help
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.540
+  version: 0.4.541
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-30 00:00:00.000000000 Z
+date: 2022-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.3.1
+        version: 7.0.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.3.1
+        version: 7.0.4
 - !ruby/object:Gem::Dependency
   name: anemone
   requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.3.21
+        version: 2.3.22
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.3.21
+        version: 2.3.22
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
@@ -170,14 +170,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.0.0
+        version: 6.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.0.0
+        version: 6.0.0
 - !ruby/object:Gem::Dependency
   name: eventmachine
   requirement: !ruby/object:Gem::Requirement
@@ -688,14 +688,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.35.1
+        version: 1.36.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.35.1
+        version: 1.36.0
 - !ruby/object:Gem::Dependency
   name: rubocop-rake
   requirement: !ruby/object:Gem::Requirement
@@ -716,14 +716,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.12.1
+        version: 2.13.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.12.1
+        version: 2.13.1
 - !ruby/object:Gem::Dependency
   name: ruby-audio
   requirement: !ruby/object:Gem::Requirement
@@ -786,28 +786,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.13.0
+        version: 2.13.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.13.0
+        version: 2.13.1
 - !ruby/object:Gem::Dependency
   name: selenium-devtools
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.104.0
+        version: 0.105.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.104.0
+        version: 0.105.0
 - !ruby/object:Gem::Dependency
   name: serialport
   requirement: !ruby/object:Gem::Requirement
@@ -884,14 +884,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.4.4
+        version: 1.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.4.4
+        version: 1.5.0
 - !ruby/object:Gem::Dependency
   name: thin
   requirement: !ruby/object:Gem::Requirement
@@ -982,14 +982,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.2.0
+        version: 2.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.2.0
+        version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: wicked_pdf
   requirement: !ruby/object:Gem::Requirement
@@ -1641,6 +1641,7 @@ files:
 - lib/pwn/sast/logger.rb
 - lib/pwn/sast/outer_html.rb
 - lib/pwn/sast/password.rb
+- lib/pwn/sast/php_type_juggling.rb
 - lib/pwn/sast/pom_version.rb
 - lib/pwn/sast/port.rb
 - lib/pwn/sast/private_key.rb
@@ -1938,6 +1939,7 @@ files:
 - spec/lib/pwn/sast/log4j_spec.rb
 - spec/lib/pwn/sast/logger_spec.rb
 - spec/lib/pwn/sast/password_spec.rb
+- spec/lib/pwn/sast/php_type_juggling_spec.rb
 - spec/lib/pwn/sast/pom_version_spec.rb
 - spec/lib/pwn/sast/port_spec.rb
 - spec/lib/pwn/sast/private_key_spec.rb