pwn 0.4.728 → 0.4.730

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 51535ad690b0fbbba94bfff3e6cebb146d0ccd26b3a0a0d41188a8e8f81f3c27
-  data.tar.gz: 8f22af77373b7fc376c6c439cf9501257b61fc481c715bb12d46bac5f82358d6
+  metadata.gz: e7ccbfda03fe5f76d3a1c43c7bd628330c0e9c4d757ab402beb87aa1f6237c95
+  data.tar.gz: 07762b592179600911181ba24343235292eb879cd6b0690b77cc22d75e27c9e8
 SHA512:
-  metadata.gz: 110efb7bd81aaabf5b836116c0b61662e0c8f4730f42ffd75966d53321d67968ea2590541004269358e49b64214c8e90eeff5588afb71d5b8762b65eaa9ed9f6
-  data.tar.gz: 183096b0d977646abe88a441abb0e1474968b0d4bfb2f8c130a6d62f7a06c02a0cf576bc9d50c2845bf1c9bcdf5da88981812f5288643349c04c25634c29219a
+  metadata.gz: 999906828628de7f537713a86a33a182897e1850762619c013d34cbda799af3eba0b14d27c257dbf8d13b10796431ea1afe78bc72ac385164c124ff12bc9ce78
+  data.tar.gz: 4f64da54f1a20cffb3c1fa2af71bb1c79c85a47073a7cdd0d6a49be7ae79bdc19fc8deb7aaab90ce9ac6b4986fe15df3dfff5f5bc6fce2a1d3eed01599cf609d

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.728]:001 >>> PWN.help
+pwn[v0.4.730]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.728]:001 >>> PWN.help
+pwn[v0.4.730]:001 >>> PWN.help
 ```
 
 

data/lib/pwn/plugins/black_duck_binary_analysis.rb

@@ -17,6 +17,7 @@ module PWN
       #   http_method: 'optional HTTP method (defaults to GET)
       #   rest_call: 'required rest call to make per the schema',
       #   params: 'optional params passed in the URI or HTTP Headers',
+      #   http_headers: 'optional HTTP headers sent in HTTP methods that support it e.g. POST'
       #   http_body: 'optional HTTP body sent in HTTP methods that support it e.g. POST'
       # )
 
@@ -42,78 +43,46 @@ module PWN
         spinner.auto_spin
 
         case http_method
-        when :delete
+        when :delete, :get
+          headers = opts[:http_headers]
+          headers ||= {
+            content_type: content_type,
+            authorization: "Bearer #{token}",
+            params: params
+          }
           response = rest_client.execute(
-            method: :delete,
+            method: http_method,
             url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
-            headers: {
-              content_type: content_type,
-              authorization: "Bearer #{token}",
-              params: params
-            },
-            verify_ssl: false
-          )
-
-        when :get
-          response = rest_client.execute(
-            method: :get,
-            url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
-            headers: {
-              content_type: content_type,
-              authorization: "Bearer #{token}",
-              params: params
-            },
+            headers: headers,
             verify_ssl: false
           )
 
-        when :post
+        when :post, :put
+          headers = opts[:http_headers]
           if http_body.key?(:multipart)
+            headers ||= {
+              authorization: "Bearer #{token}"
+            }
             response = rest_client.execute(
               method: :post,
               url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
-              headers: {
-                authorization: "Bearer #{token}"
-              },
-              payload: http_body,
-              verify_ssl: false
-            )
-          else
-            response = rest_client.execute(
-              method: :post,
-              url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
-              headers: {
-                content_type: content_type,
-                authorization: "Bearer #{token}"
-              },
-              payload: http_body.to_json,
-              verify_ssl: false
-            )
-          end
-
-        when :put
-          if http_body.key?(:multipart)
-            response = rest_client.execute(
-              method: :put,
-              url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
-              headers: {
-                authorization: "Bearer #{token}"
-              },
+              headers: headers,
               payload: http_body,
               verify_ssl: false
             )
           else
+            headers ||= {
+              content_type: content_type,
+              authorization: "Bearer #{token}"
+            }
             response = rest_client.execute(
-              method: :post,
+              method: http2_method,
               url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
-              headers: {
-                content_type: content_type,
-                authorization: "Bearer #{token}"
-              },
+              headers: headers,
               payload: http_body.to_json,
               verify_ssl: false
             )
           end
-
         else
           raise @@logger.error("Unsupported HTTP Method #{http_method} for #{self} Plugin")
         end
@@ -130,16 +99,16 @@ module PWN
       end
 
       # Supported Method Parameters::
-      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_apps(
       #   token: 'required - Bearer token'
       # )
 
-      public_class_method def self.get_groups(opts = {})
+      public_class_method def self.get_apps(opts = {})
         token = opts[:token]
 
         response = bd_bin_analysis_rest_call(
           token: token,
-          rest_call: 'groups'
+          rest_call: 'apps'
         )
 
         JSON.parse(response, symbolize_names: true)
@@ -148,18 +117,18 @@ module PWN
       end
 
       # Supported Method Parameters::
-      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_group_details(
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_apps_by_group(
       #   token: 'required - Bearer token',
       #   group_id: 'required - group id'
       # )
 
-      public_class_method def self.get_group_details(opts = {})
+      public_class_method def self.get_apps_by_group(opts = {})
         token = opts[:token]
         group_id = opts[:group_id]
 
         response = bd_bin_analysis_rest_call(
           token: token,
-          rest_call: "groups/#{group_id}"
+          rest_call: "apps/#{group_id}"
         )
 
         JSON.parse(response, symbolize_names: true)
@@ -170,8 +139,7 @@ module PWN
       # Supported Method Parameters::
       # response = PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
       #   token: 'required - Bearer token',
-      #   file: 'required - file to upload',
-      #   purpose: 'optional - intended purpose of the uploaded documents (defaults to fine-tune'
+      #   file: 'required - file to upload'
       # )
 
       public_class_method def self.upload_file(opts = {})
@@ -179,19 +147,20 @@ module PWN
         file = opts[:file]
         raise "ERROR: #{file} not found." unless File.exist?(file)
 
-        purpose = opts[:purpose]
-        purpose ||= 'fine-tune'
+        http_headers = {
+          authorization: "Bearer #{token}"
+        }
 
         http_body = {
           multipart: true,
-          file: File.new(file, 'rb'),
-          purpose: purpose
+          file: File.new(file, 'rb')
         }
 
         response = bd_bin_analysis_rest_call(
           http_method: :post,
           token: token,
           rest_call: 'files',
+          http_headers: http_headers,
           http_body: http_body
         )
 
@@ -200,6 +169,311 @@ module PWN
         raise e
       end
 
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_tasks(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_tasks(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'tasks'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_groups(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'groups'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.create_group(
+      #   token: 'required - Bearer token',
+      #   name: 'required - group name',
+      #   desc: 'optional - group description',
+      #   parent: 'optional - parent group id',
+      #   delete_binary: 'optional - delete binary after analysis C|Y|N (Default: C== company default)',
+      #   binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 604_800 / 1 week)',
+      #   product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 604_800 / 1 week)',
+      #   file_download_enabled: 'optional - allow download of uploaded binaries from group (Default: false),
+      #   low_risk_tolerance: 'optional - low risk tolerance nil|true|false (Default: nil == company default)',
+      #   include_historical_vulns: 'optional - include historical vulns nil|true|false (Default: nil == company default)',
+      #   cvss3_fallback: 'optional - cvss3 fallback nil|true|false (Default: nil == company default)',
+      #   assume_unknown_version_as_latest: 'optional - assume unknown version as latest nil|true|false (Default: nil == company default)',
+      #   custom_data: 'optional - custom data hash (see group metadata for details)',
+      #   scan_infoleak: 'optional - scan infoleak nil|true|false (Default: nil == company default)',
+      #   code_analysis: 'optional - code analysis nil|true|false (Default: nil == company default)',
+      #   scan_code_similarity: 'optional - scan code similarity nil|true|false (Default: nil == company default)'
+      # )
+
+      public_class_method def self.create_group(opts = {})
+        token = opts[:token]
+        name = opts[:name]
+        desc = opts[:desc]
+        parent = opts[:parent]
+        delete_binary = opts[:delete_binary] ||= 'C'
+        binary_cleanup_age = opts[:binary_cleanup_age] ||= 604_800
+        product_cleanup_age = opts[:product_cleanup_age] ||= 604_800
+        file_download_enabled = opts[:file_download_enabled] ||= false
+        low_risk_tolerance = opts[:low_risk_tolerance]
+        include_historical_vulns = opts[:include_historical_vulns]
+        cvss3_fallback = opts[:cvss3_fallback]
+        assume_unknown_version_as_latest = opts[:assume_unknown_version_as_latest]
+        custom_data = opts[:custom_data]
+        scan_infoleak = opts[:scan_infoleak]
+        code_analysis = opts[:code_analysis]
+        scan_code_similarity = opts[:scan_code_similarity]
+
+        http_headers = {
+          authorization: "Bearer #{token}",
+          name: name,
+          description: desc,
+          parent: parent,
+          delete_binary_after_scan: delete_binary,
+          binary_cleanup_age: binary_cleanup_age,
+          product_cleanup_age: product_cleanup_age,
+          file_download_enabled: file_download_enabled,
+          low_risk_tolerance: low_risk_tolerance,
+          include_historical_vulnerabilities: include_historical_vulns,
+          cvss3_fallback: cvss3_fallback,
+          assume_unknown_version_as_latest: assume_unknown_version_as_latest,
+          custom_data: custom_data,
+          scan_infoleak: scan_infoleak,
+          code_analysis: code_analysis,
+          scan_code_similarity: scan_code_similarity
+        }
+
+        response = bd_bin_analysis_rest_call(
+          http_method: :post,
+          token: token,
+          rest_call: 'groups',
+          http_headers: http_headers
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_group_details(
+      #   token: 'required - Bearer token',
+      #   group_id: 'required - group id'
+      # )
+
+      public_class_method def self.get_group_details(opts = {})
+        token = opts[:token]
+        group_id = opts[:group_id]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: "groups/#{group_id}"
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_licenses(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_licenses(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'licenses'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_component_licenses(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_component_licenses(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'component-licenses'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_tags(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_tags(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'tags'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_vulnerabilities(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_vulnerabilities(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'vulnerabilities'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_components(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_components(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'components'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_vendor_vulns(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_vendor_vulns(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'teacher/api/vulns'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_audit_trail(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_audit_trail(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'audit-trail'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_status(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_status(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'status'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_service_info(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_service_info(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'service/info'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_service_version(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_service_version(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'service/version'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
 
       public_class_method def self.authors
@@ -212,18 +486,90 @@ module PWN
 
       public_class_method def self.help
         puts "USAGE:
+          response = #{self}.get_apps(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.upload_file(
+            token: 'required - Black Duck Binary Analysis API token',
+            file: 'required - file to upload'
+          )
+
+          response = #{self}.get_tasks(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_apps_by_group(
+            token: 'required - Bearer token',
+            group_id: 'required - group id'
+          )
+
           response = #{self}.get_groups(
             token: 'required - Bearer token'
           )
 
+          response = #{self}.create_group(
+            token: 'required - Bearer token',
+            name: 'required - group name',
+            desc: 'optional - group description',
+            parent: 'optional - parent group id',
+            delete_binary: 'optional - delete binary after analysis C|Y|N (Default: C== company default)',
+            binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 604_800 / 1 week)',
+            product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 604_800 / 1 week)',
+            file_download_enabled: 'optional - allow download of uploaded binaries from group (Default: false),
+            low_risk_tolerance: 'optional - low risk tolerance nil|true|false (Default: nil == company default)',
+            include_historical_vulns: 'optional - include historical vulns nil|true|false (Default: nil == company default)',
+            cvss3_fallback: 'optional - cvss3 fallback nil|true|false (Default: nil == company default)',
+            assume_unknown_version_as_latest: 'optional - assume unknown version as latest nil|true|false (Default: nil == company default)',
+            custom_data: 'optional - custom data hash (see group metadata for details)',
+            scan_infoleak: 'optional - scan infoleak nil|true|false (Default: nil == company default)',
+            code_analysis: 'optional - code analysis nil|true|false (Default: nil == company default)',
+            scan_code_similarity: 'optional - scan code similarity nil|true|false (Default: nil == company default)'
+          )
+
           response = #{self}.get_group_details(
             token: 'required - Bearer token',
             group_id: 'required - group id'
           )
 
-          response = #{self}.upload_file(
-            token: 'required - Black Duck Binary Analysis API token',
-            file: 'required - file to upload'
+          response = #{self}.get_licenses(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_component_licenses(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_tags(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_vulnerabilities(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_components(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_vendor_vulns(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_audit_trail(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_status(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_service_info(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_service_version(
+            token: 'required - Bearer token'
           )
 
           #{self}.authors

data/lib/pwn/plugins/open_ai.rb

@@ -42,21 +42,9 @@ module PWN
         spinner.auto_spin
 
         case http_method
-        when :delete
+        when :delete, :get
           response = rest_client.execute(
-            method: :delete,
-            url: "#{base_open_ai_api_uri}/#{rest_call}",
-            headers: {
-              content_type: content_type,
-              authorization: "Bearer #{token}",
-              params: params
-            },
-            verify_ssl: false
-          )
-
-        when :get
-          response = rest_client.execute(
-            method: :get,
+            method: http2_method,
             url: "#{base_open_ai_api_uri}/#{rest_call}",
             headers: {
               content_type: content_type,
@@ -69,7 +57,7 @@ module PWN
         when :post
           if http_body.key?(:multipart)
             response = rest_client.execute(
-              method: :post,
+              method: http_method,
               url: "#{base_open_ai_api_uri}/#{rest_call}",
               headers: {
                 authorization: "Bearer #{token}"
@@ -79,7 +67,7 @@ module PWN
             )
           else
             response = rest_client.execute(
-              method: :post,
+              method: http_method,
               url: "#{base_open_ai_api_uri}/#{rest_call}",
               headers: {
                 content_type: content_type,

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.728'
+  VERSION = '0.4.730'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.728
+  version: 0.4.730
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-06-14 00:00:00.000000000 Z
+date: 2023-06-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport