pwn 0.4.724 → 0.4.725

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 773a40510fe4c7bc057eebfc33c63d701cda43b132f6149328fb33d580eef900
-  data.tar.gz: 53b90dbf1d2486c6181f538821b05c18390419b81dc7e64b729ec74c5a5679ba
+  metadata.gz: e2f835654147ae0a73af5bc51c98d922d10add0e5c4acc2541ad926b33634c9e
+  data.tar.gz: d32135289b046d1afd2532b572653fd65b4caa3143ed75ad0b5b07b5bac642e2
 SHA512:
-  metadata.gz: 878bae890dab8a8a53312498f92ff8c43e40cc7f6c29e4dba0b464b09c1de7c3c7c86b6bf88114db4b7d3655c38b4afc2f411de55bab8033173c575793bee38d
-  data.tar.gz: 506c58b5456d0dfc7183e345940e7f48279a13d299e45acbe6079f8421d49254c19496572e8e0f37bc2875ec859195fb87c2f7c982d15b27ba122c477f537df3
+  metadata.gz: 57a524eb2980d8719ed816e3635cebbe328e0539b8048c92e32da7e15bd8456ceaa8877acce5bec9da39ef9cc9621b8caedc4c41f9de0dfdd780e2437c6c4795
+  data.tar.gz: d3b9163c81c1db8d8a7cb802352f4a7e19d44716b075e033e8c1f561314fd044a3b93b8d8369df18880f1ae117f53ca39aac15dbbd589b9bfa7a79b5116f59fa

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.724]:001 >>> PWN.help
+pwn[v0.4.725]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.724]:001 >>> PWN.help
+pwn[v0.4.725]:001 >>> PWN.help
 ```
 
 

data/lib/pwn/plugins/black_duck_binary_analysis.rb

@@ -0,0 +1,209 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'securerandom'
+require 'tty-spinner'
+
+module PWN
+  module Plugins
+    # This plugin is used for interacting w/ the Black Duck Binary Analysis
+    # REST API using the 'rest' browser type of PWN::Plugins::TransparentBrowser.
+    # This is based on the following Black Duck Binary Analysis API Specification:
+    # https://protecode-sc.com/help/api
+    module BlackDuckBinaryAnalysis
+      # Supported Method Parameters::
+      # bd_bin_analysis_rest_call(
+      #   token: 'required - Black Duck Binary Analysis API token',
+      #   http_method: 'optional HTTP method (defaults to GET)
+      #   rest_call: 'required rest call to make per the schema',
+      #   params: 'optional params passed in the URI or HTTP Headers',
+      #   http_body: 'optional HTTP body sent in HTTP methods that support it e.g. POST'
+      # )
+
+      private_class_method def self.bd_bin_analysis_rest_call(opts = {})
+        http_method = if opts[:http_method].nil?
+                        :get
+                      else
+                        opts[:http_method].to_s.scrub.to_sym
+                      end
+        rest_call = opts[:rest_call].to_s.scrub
+        params = opts[:params]
+        http_body = opts[:http_body]
+        http_body ||= {}
+        base_bd_bin_analysis_api_uri = 'https://protocode-sc.com/api'
+        token = opts[:token]
+
+        content_type = 'application/json; charset=UTF-8'
+
+        browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
+        rest_client = browser_obj[:browser]::Request
+
+        spinner = TTY::Spinner.new
+        spinner.auto_spin
+
+        case http_method
+        when :delete
+          response = rest_client.execute(
+            method: :delete,
+            url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
+            headers: {
+              content_type: content_type,
+              authorization: "Bearer #{token}",
+              params: params
+            },
+            verify_ssl: false
+          )
+
+        when :get
+          response = rest_client.execute(
+            method: :get,
+            url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
+            headers: {
+              content_type: content_type,
+              authorization: "Bearer #{token}",
+              params: params
+            },
+            verify_ssl: false
+          )
+
+        when :post
+          if http_body.key?(:multipart)
+            response = rest_client.execute(
+              method: :post,
+              url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
+              headers: {
+                authorization: "Bearer #{token}"
+              },
+              payload: http_body,
+              verify_ssl: false
+            )
+          else
+            response = rest_client.execute(
+              method: :post,
+              url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
+              headers: {
+                content_type: content_type,
+                authorization: "Bearer #{token}"
+              },
+              payload: http_body.to_json,
+              verify_ssl: false
+            )
+          end
+
+        when :put
+          if http_body.key?(:multipart)
+            response = rest_client.execute(
+              method: :put,
+              url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
+              headers: {
+                authorization: "Bearer #{token}"
+              },
+              payload: http_body,
+              verify_ssl: false
+            )
+          else
+            response = rest_client.execute(
+              method: :post,
+              url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
+              headers: {
+                content_type: content_type,
+                authorization: "Bearer #{token}"
+              },
+              payload: http_body.to_json,
+              verify_ssl: false
+            )
+          end
+
+        else
+          raise @@logger.error("Unsupported HTTP Method #{http_method} for #{self} Plugin")
+        end
+        response
+      rescue StandardError => e
+        case e.message
+        when '400 Bad Request', '404 Resource Not Found'
+          "#{e.message}: #{e.response}"
+        else
+          raise e
+        end
+      ensure
+        spinner.stop
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_groups(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'groups'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
+      #   token: 'required - Bearer token',
+      #   file: 'required - file to upload',
+      #   purpose: 'optional - intended purpose of the uploaded documents (defaults to fine-tune'
+      # )
+
+      public_class_method def self.upload_file(opts = {})
+        token = opts[:token]
+        file = opts[:file]
+        raise "ERROR: #{file} not found." unless File.exist?(file)
+
+        purpose = opts[:purpose]
+        purpose ||= 'fine-tune'
+
+        http_body = {
+          multipart: true,
+          file: File.new(file, 'rb'),
+          purpose: purpose
+        }
+
+        response = bd_bin_analysis_rest_call(
+          http_method: :post,
+          token: token,
+          rest_call: 'files',
+          http_body: http_body
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
+
+      public_class_method def self.authors
+        "AUTHOR(S):
+          0day Inc. <request.pentest@0dayinc.com>
+        "
+      end
+
+      # Display Usage for this Module
+
+      public_class_method def self.help
+        puts "USAGE:
+          response = #{self}.get_groups(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.upload_file(
+            token: 'required - Black Duck Binary Analysis API token',
+            file: 'required - file to upload'
+          )
+
+          #{self}.authors
+        "
+      end
+    end
+  end
+end

data/lib/pwn/plugins.rb

@@ -11,6 +11,7 @@ module PWN
     autoload :BareSIP, 'pwn/plugins/baresip'
     autoload :BasicAuth, 'pwn/plugins/basic_auth'
     autoload :BeEF, 'pwn/plugins/beef'
+    autoload :BlackDuckBinaryAnalysis, 'pwn/plugins/black_duck_binary_analysis'
     autoload :BurpSuite, 'pwn/plugins/burp_suite'
     autoload :BusPirate, 'pwn/plugins/bus_pirate'
     autoload :Char, 'pwn/plugins/char'

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.724'
+  VERSION = '0.4.725'
 end

data/spec/lib/pwn/plugins/black_duck_binary_analysis_spec.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::Plugins::BlackDuckBinaryAnalysis do
+  it 'should display information for authors' do
+    authors_response = PWN::Plugins::BlackDuckBinaryAnalysis
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::Plugins::BlackDuckBinaryAnalysis
+    expect(help_response).to respond_to :help
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.724
+  version: 0.4.725
 platform: ruby
 authors:
 - 0day Inc.
@@ -1676,6 +1676,7 @@ files:
 - lib/pwn/plugins/baresip.rb
 - lib/pwn/plugins/basic_auth.rb
 - lib/pwn/plugins/beef.rb
+- lib/pwn/plugins/black_duck_binary_analysis.rb
 - lib/pwn/plugins/burp_suite.rb
 - lib/pwn/plugins/bus_pirate.rb
 - lib/pwn/plugins/char.rb
@@ -1986,6 +1987,7 @@ files:
 - spec/lib/pwn/plugins/baresip_spec.rb
 - spec/lib/pwn/plugins/basic_auth_spec.rb
 - spec/lib/pwn/plugins/beef_spec.rb
+- spec/lib/pwn/plugins/black_duck_binary_analysis_spec.rb
 - spec/lib/pwn/plugins/burp_suite_spec.rb
 - spec/lib/pwn/plugins/bus_pirate_spec.rb
 - spec/lib/pwn/plugins/char_spec.rb