pwn 0.4.729 → 0.4.730

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 342b2e93bde34396f0881a3ca94d5940a83e397b1c2e129944d9cb4e1761b38d
-  data.tar.gz: 9f608f6bacfd4ebb42516f3594b74140c6b07055d5500d14959a1b3e13083e08
+  metadata.gz: e7ccbfda03fe5f76d3a1c43c7bd628330c0e9c4d757ab402beb87aa1f6237c95
+  data.tar.gz: 07762b592179600911181ba24343235292eb879cd6b0690b77cc22d75e27c9e8
 SHA512:
-  metadata.gz: 2bfe0361b99bcea9fe446f7f3df17654a8b0128c6fcce8ae6c11028d41cd3f0ca59452fb6363aba58fe37c05262d59e27f45c3e1967a2fa9f9c92d87019b076f
-  data.tar.gz: 4572649902d6fac50fc7b87504893c530368b106e6c086fd8756109aecb13eec5a6d710d79c827b816c009478c5667e2d9fbc26f2b2226c6020783f62e8654ad
+  metadata.gz: 999906828628de7f537713a86a33a182897e1850762619c013d34cbda799af3eba0b14d27c257dbf8d13b10796431ea1afe78bc72ac385164c124ff12bc9ce78
+  data.tar.gz: 4f64da54f1a20cffb3c1fa2af71bb1c79c85a47073a7cdd0d6a49be7ae79bdc19fc8deb7aaab90ce9ac6b4986fe15df3dfff5f5bc6fce2a1d3eed01599cf609d

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.729]:001 >>> PWN.help
+pwn[v0.4.730]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.729]:001 >>> PWN.help
+pwn[v0.4.730]:001 >>> PWN.help
 ```
 
 

data/lib/pwn/plugins/black_duck_binary_analysis.rb

@@ -17,6 +17,7 @@ module PWN
       #   http_method: 'optional HTTP method (defaults to GET)
       #   rest_call: 'required rest call to make per the schema',
       #   params: 'optional params passed in the URI or HTTP Headers',
+      #   http_headers: 'optional HTTP headers sent in HTTP methods that support it e.g. POST'
       #   http_body: 'optional HTTP body sent in HTTP methods that support it e.g. POST'
       # )
 
@@ -42,78 +43,46 @@ module PWN
         spinner.auto_spin
 
         case http_method
-        when :delete
+        when :delete, :get
+          headers = opts[:http_headers]
+          headers ||= {
+            content_type: content_type,
+            authorization: "Bearer #{token}",
+            params: params
+          }
           response = rest_client.execute(
-            method: :delete,
+            method: http_method,
             url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
-            headers: {
-              content_type: content_type,
-              authorization: "Bearer #{token}",
-              params: params
-            },
+            headers: headers,
             verify_ssl: false
           )
 
-        when :get
-          response = rest_client.execute(
-            method: :get,
-            url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
-            headers: {
-              content_type: content_type,
-              authorization: "Bearer #{token}",
-              params: params
-            },
-            verify_ssl: false
-          )
-
-        when :post
+        when :post, :put
+          headers = opts[:http_headers]
           if http_body.key?(:multipart)
+            headers ||= {
+              authorization: "Bearer #{token}"
+            }
             response = rest_client.execute(
               method: :post,
               url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
-              headers: {
-                authorization: "Bearer #{token}"
-              },
-              payload: http_body,
-              verify_ssl: false
-            )
-          else
-            response = rest_client.execute(
-              method: :post,
-              url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
-              headers: {
-                content_type: content_type,
-                authorization: "Bearer #{token}"
-              },
-              payload: http_body.to_json,
-              verify_ssl: false
-            )
-          end
-
-        when :put
-          if http_body.key?(:multipart)
-            response = rest_client.execute(
-              method: :put,
-              url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
-              headers: {
-                authorization: "Bearer #{token}"
-              },
+              headers: headers,
               payload: http_body,
               verify_ssl: false
             )
           else
+            headers ||= {
+              content_type: content_type,
+              authorization: "Bearer #{token}"
+            }
             response = rest_client.execute(
-              method: :post,
+              method: http2_method,
               url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
-              headers: {
-                content_type: content_type,
-                authorization: "Bearer #{token}"
-              },
+              headers: headers,
               payload: http_body.to_json,
               verify_ssl: false
             )
           end
-
         else
           raise @@logger.error("Unsupported HTTP Method #{http_method} for #{self} Plugin")
         end
@@ -147,6 +116,77 @@ module PWN
         raise e
       end
 
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_apps_by_group(
+      #   token: 'required - Bearer token',
+      #   group_id: 'required - group id'
+      # )
+
+      public_class_method def self.get_apps_by_group(opts = {})
+        token = opts[:token]
+        group_id = opts[:group_id]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: "apps/#{group_id}"
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
+      #   token: 'required - Bearer token',
+      #   file: 'required - file to upload'
+      # )
+
+      public_class_method def self.upload_file(opts = {})
+        token = opts[:token]
+        file = opts[:file]
+        raise "ERROR: #{file} not found." unless File.exist?(file)
+
+        http_headers = {
+          authorization: "Bearer #{token}"
+        }
+
+        http_body = {
+          multipart: true,
+          file: File.new(file, 'rb')
+        }
+
+        response = bd_bin_analysis_rest_call(
+          http_method: :post,
+          token: token,
+          rest_call: 'files',
+          http_headers: http_headers,
+          http_body: http_body
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_tasks(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_tasks(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'tasks'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
       # Supported Method Parameters::
       # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
       #   token: 'required - Bearer token'
@@ -166,18 +206,67 @@ module PWN
       end
 
       # Supported Method Parameters::
-      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_apps_by_group(
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.create_group(
       #   token: 'required - Bearer token',
-      #   group_id: 'required - group id'
+      #   name: 'required - group name',
+      #   desc: 'optional - group description',
+      #   parent: 'optional - parent group id',
+      #   delete_binary: 'optional - delete binary after analysis C|Y|N (Default: C== company default)',
+      #   binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 604_800 / 1 week)',
+      #   product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 604_800 / 1 week)',
+      #   file_download_enabled: 'optional - allow download of uploaded binaries from group (Default: false),
+      #   low_risk_tolerance: 'optional - low risk tolerance nil|true|false (Default: nil == company default)',
+      #   include_historical_vulns: 'optional - include historical vulns nil|true|false (Default: nil == company default)',
+      #   cvss3_fallback: 'optional - cvss3 fallback nil|true|false (Default: nil == company default)',
+      #   assume_unknown_version_as_latest: 'optional - assume unknown version as latest nil|true|false (Default: nil == company default)',
+      #   custom_data: 'optional - custom data hash (see group metadata for details)',
+      #   scan_infoleak: 'optional - scan infoleak nil|true|false (Default: nil == company default)',
+      #   code_analysis: 'optional - code analysis nil|true|false (Default: nil == company default)',
+      #   scan_code_similarity: 'optional - scan code similarity nil|true|false (Default: nil == company default)'
       # )
 
-      public_class_method def self.apps_by_group(opts = {})
+      public_class_method def self.create_group(opts = {})
         token = opts[:token]
-        group_id = opts[:group_id]
+        name = opts[:name]
+        desc = opts[:desc]
+        parent = opts[:parent]
+        delete_binary = opts[:delete_binary] ||= 'C'
+        binary_cleanup_age = opts[:binary_cleanup_age] ||= 604_800
+        product_cleanup_age = opts[:product_cleanup_age] ||= 604_800
+        file_download_enabled = opts[:file_download_enabled] ||= false
+        low_risk_tolerance = opts[:low_risk_tolerance]
+        include_historical_vulns = opts[:include_historical_vulns]
+        cvss3_fallback = opts[:cvss3_fallback]
+        assume_unknown_version_as_latest = opts[:assume_unknown_version_as_latest]
+        custom_data = opts[:custom_data]
+        scan_infoleak = opts[:scan_infoleak]
+        code_analysis = opts[:code_analysis]
+        scan_code_similarity = opts[:scan_code_similarity]
+
+        http_headers = {
+          authorization: "Bearer #{token}",
+          name: name,
+          description: desc,
+          parent: parent,
+          delete_binary_after_scan: delete_binary,
+          binary_cleanup_age: binary_cleanup_age,
+          product_cleanup_age: product_cleanup_age,
+          file_download_enabled: file_download_enabled,
+          low_risk_tolerance: low_risk_tolerance,
+          include_historical_vulnerabilities: include_historical_vulns,
+          cvss3_fallback: cvss3_fallback,
+          assume_unknown_version_as_latest: assume_unknown_version_as_latest,
+          custom_data: custom_data,
+          scan_infoleak: scan_infoleak,
+          code_analysis: code_analysis,
+          scan_code_similarity: scan_code_similarity
+        }
 
         response = bd_bin_analysis_rest_call(
+          http_method: :post,
           token: token,
-          rest_call: "apps/#{group_id}"
+          rest_call: 'groups',
+          http_headers: http_headers
         )
 
         JSON.parse(response, symbolize_names: true)
@@ -206,31 +295,178 @@ module PWN
       end
 
       # Supported Method Parameters::
-      # response = PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
-      #   token: 'required - Bearer token',
-      #   file: 'required - file to upload',
-      #   purpose: 'optional - intended purpose of the uploaded documents (defaults to fine-tune'
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_licenses(
+      #   token: 'required - Bearer token'
       # )
 
-      public_class_method def self.upload_file(opts = {})
+      public_class_method def self.get_licenses(opts = {})
         token = opts[:token]
-        file = opts[:file]
-        raise "ERROR: #{file} not found." unless File.exist?(file)
 
-        purpose = opts[:purpose]
-        purpose ||= 'fine-tune'
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'licenses'
+        )
 
-        http_body = {
-          multipart: true,
-          file: File.new(file, 'rb'),
-          purpose: purpose
-        }
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_component_licenses(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_component_licenses(opts = {})
+        token = opts[:token]
 
         response = bd_bin_analysis_rest_call(
-          http_method: :post,
           token: token,
-          rest_call: 'files',
-          http_body: http_body
+          rest_call: 'component-licenses'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_tags(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_tags(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'tags'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_vulnerabilities(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_vulnerabilities(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'vulnerabilities'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_components(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_components(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'components'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_vendor_vulns(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_vendor_vulns(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'teacher/api/vulns'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_audit_trail(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_audit_trail(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'audit-trail'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_status(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_status(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'status'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_service_info(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_service_info(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'service/info'
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_service_version(
+      #   token: 'required - Bearer token'
+      # )
+
+      public_class_method def self.get_service_version(opts = {})
+        token = opts[:token]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: 'service/version'
         )
 
         JSON.parse(response, symbolize_names: true)
@@ -254,23 +490,86 @@ module PWN
             token: 'required - Bearer token'
           )
 
-          response = #{self}.get_groups(
+          response = #{self}.upload_file(
+            token: 'required - Black Duck Binary Analysis API token',
+            file: 'required - file to upload'
+          )
+
+          response = #{self}.get_tasks(
             token: 'required - Bearer token'
           )
 
-          response = #{self}.get_group_details(
+          response = #{self}.get_apps_by_group(
             token: 'required - Bearer token',
             group_id: 'required - group id'
           )
 
-          response = #{self}.get_apps_by_group(
+          response = #{self}.get_groups(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.create_group(
+            token: 'required - Bearer token',
+            name: 'required - group name',
+            desc: 'optional - group description',
+            parent: 'optional - parent group id',
+            delete_binary: 'optional - delete binary after analysis C|Y|N (Default: C== company default)',
+            binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 604_800 / 1 week)',
+            product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 604_800 / 1 week)',
+            file_download_enabled: 'optional - allow download of uploaded binaries from group (Default: false),
+            low_risk_tolerance: 'optional - low risk tolerance nil|true|false (Default: nil == company default)',
+            include_historical_vulns: 'optional - include historical vulns nil|true|false (Default: nil == company default)',
+            cvss3_fallback: 'optional - cvss3 fallback nil|true|false (Default: nil == company default)',
+            assume_unknown_version_as_latest: 'optional - assume unknown version as latest nil|true|false (Default: nil == company default)',
+            custom_data: 'optional - custom data hash (see group metadata for details)',
+            scan_infoleak: 'optional - scan infoleak nil|true|false (Default: nil == company default)',
+            code_analysis: 'optional - code analysis nil|true|false (Default: nil == company default)',
+            scan_code_similarity: 'optional - scan code similarity nil|true|false (Default: nil == company default)'
+          )
+
+          response = #{self}.get_group_details(
             token: 'required - Bearer token',
             group_id: 'required - group id'
           )
 
-          response = #{self}.upload_file(
-            token: 'required - Black Duck Binary Analysis API token',
-            file: 'required - file to upload'
+          response = #{self}.get_licenses(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_component_licenses(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_tags(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_vulnerabilities(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_components(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_vendor_vulns(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_audit_trail(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_status(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_service_info(
+            token: 'required - Bearer token'
+          )
+
+          response = #{self}.get_service_version(
+            token: 'required - Bearer token'
           )
 
           #{self}.authors

data/lib/pwn/plugins/open_ai.rb

@@ -42,21 +42,9 @@ module PWN
         spinner.auto_spin
 
         case http_method
-        when :delete
+        when :delete, :get
           response = rest_client.execute(
-            method: :delete,
-            url: "#{base_open_ai_api_uri}/#{rest_call}",
-            headers: {
-              content_type: content_type,
-              authorization: "Bearer #{token}",
-              params: params
-            },
-            verify_ssl: false
-          )
-
-        when :get
-          response = rest_client.execute(
-            method: :get,
+            method: http2_method,
             url: "#{base_open_ai_api_uri}/#{rest_call}",
             headers: {
               content_type: content_type,
@@ -69,7 +57,7 @@ module PWN
         when :post
           if http_body.key?(:multipart)
             response = rest_client.execute(
-              method: :post,
+              method: http_method,
               url: "#{base_open_ai_api_uri}/#{rest_call}",
               headers: {
                 authorization: "Bearer #{token}"
@@ -79,7 +67,7 @@ module PWN
             )
           else
             response = rest_client.execute(
-              method: :post,
+              method: http_method,
               url: "#{base_open_ai_api_uri}/#{rest_call}",
               headers: {
                 content_type: content_type,

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.729'
+  VERSION = '0.4.730'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.729
+  version: 0.4.730
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-06-14 00:00:00.000000000 Z
+date: 2023-06-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport