pwn 0.4.734 → 0.4.736

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c5f460760589e0c081afe01205d7d24891656dbff6558679ac284487f84084bc
-  data.tar.gz: 56de2d97a21b51bf923510b3f58f28496655bdd371828fda5d0c1fe7fe106d6e
+  metadata.gz: 7fa87d4cde380f39c1615a4a34496608c6634cb4971a8d0c1b94972669a5ed24
+  data.tar.gz: ad164d84cf4d4b929af8fc32f01a255a753073060cad5d5f66c039a508221e0e
 SHA512:
-  metadata.gz: 7b6a29b4149b52f3b2341b4c85eff17280eb13739a4cb8ff4fa58286b1331d199711e03a8b63d89100581135b38e9271ed4e099c0305f28e1a129b3fc9a4cd6a
-  data.tar.gz: 9347646e9f559feb861627144722b2eb34ead3ed71d5f62a4ae88d1187d31aa5f3306188662eea797ee2cfc224573692d08e3f50159bb3076bb4717697c628a7
+  metadata.gz: 950ddc535f1a67c26e3fe805734da25982d743b025bd22c63fb368c4f48296c16e40520ebb8a8a53532a48039103b230b02f00b5796c5631d963796bd7e0352c
+  data.tar.gz: e523580ad64849eb87f4da01ee96565a45fba96c976d4ad091bec5a9010aad324ba8a50fe2e7a745ba43a4282d095ba4609ed6c840efcb343b499a79ac18d94a

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.734]:001 >>> PWN.help
+pwn[v0.4.736]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.734]:001 >>> PWN.help
+pwn[v0.4.736]:001 >>> PWN.help
 ```
 
 

data/lib/pwn/plugins/black_duck_binary_analysis.rb

@@ -29,6 +29,13 @@ module PWN
                       end
         rest_call = opts[:rest_call].to_s.scrub
         params = opts[:params]
+
+        headers = opts[:http_headers]
+        headers ||= {
+          content_type: content_type,
+          authorization: "Bearer #{token}"
+        }
+
         http_body = opts[:http_body]
         base_bd_bin_analysis_api_uri = 'https://protecode-sc.com/api'
         token = opts[:token]
@@ -43,12 +50,7 @@ module PWN
 
         case http_method
         when :delete, :get
-          headers = opts[:http_headers]
-          headers ||= {
-            content_type: content_type,
-            authorization: "Bearer #{token}",
-            params: params
-          }
+          headers[:params] = params
           response = rest_client.execute(
             method: http_method,
             url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
@@ -57,17 +59,25 @@ module PWN
           )
 
         when :post, :put
-          headers = opts[:http_headers]
-          headers ||= {
-            authorization: "Bearer #{token}"
-          }
-          response = rest_client.execute(
-            method: :post,
-            url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
-            headers: headers,
-            payload: http_body,
-            verify_ssl: false
-          )
+          if http_body.key?(:multipart)
+            headers[:content_type] = 'multipart/form-data'
+
+            response = rest_client.execute(
+              method: :post,
+              url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
+              headers: headers,
+              payload: http_body,
+              verify_ssl: false
+            )
+          else
+            response = rest_client.execute(
+              method: :post,
+              url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
+              headers: headers,
+              payload: http_body.to_json,
+              verify_ssl: false
+            )
+          end
         else
           raise @@logger.error("Unsupported HTTP Method #{http_method} for #{self} Plugin")
         end
@@ -124,7 +134,16 @@ module PWN
       # Supported Method Parameters::
       # response = PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
       #   token: 'required - Bearer token',
-      #   file: 'required - file to upload'
+      #   file: 'required - path of file to upload',
+      #   group_id: 'optional - group id',
+      #   delete_binary: 'optional - delete binary after upload (defaults to false)',
+      #   force_scan: 'optional - force scan (defaults to false)',
+      #   callback_url: 'optional - callback url',
+      #   scan_infoleak: 'optional - scan infoleak (defaults to true)',
+      #   code_analysis: 'optional - code analysis (defaults to true)',
+      #   scan_code_familiarity: 'optional - scan code familiarity (defaults to true)',
+      #   version: 'optional - version',
+      #   product_id: 'optional - product id'
       # )
 
       public_class_method def self.upload_file(opts = {})
@@ -132,8 +151,29 @@ module PWN
         file = opts[:file]
         raise "ERROR: #{file} not found." unless File.exist?(file)
 
+        file_name = File.basename(file)
+
+        group_id = opts[:group_id]
+        delete_binary = true if opts[:delete_binary] ||= false
+        force_scan = true if opts[:force_scan] ||= false
+        callback_url = opts[:callback_url]
+        scan_infoleak = false if opts[:scan_infoleak] ||= true
+        code_analysis = false if opts[:code_analysis] ||= true
+        scan_code_familiarity = false if opts[:scan_code_familiarity] ||= true
+        version = opts[:version]
+        product_id = opts[:product_id]
+
         http_headers = {
-          authorization: "Bearer #{token}"
+          authorization: "Bearer #{token}",
+          delete_binary: delete_binary,
+          force_scan: force_scan,
+          group: group_id,
+          callback: callback_url,
+          scan_infoleak: scan_infoleak,
+          code_analysis: code_analysis,
+          scan_code_familiarity: scan_code_familiarity,
+          version: version,
+          replace: product_id
         }
 
         http_body = {
@@ -142,9 +182,9 @@ module PWN
         }
 
         response = bd_bin_analysis_rest_call(
-          http_method: :post,
+          http_method: :put,
           token: token,
-          rest_call: 'files',
+          rest_call: "upload/#{file_name}",
           http_headers: http_headers,
           http_body: http_body
         )
@@ -195,7 +235,7 @@ module PWN
       #   token: 'required - Bearer token',
       #   name: 'required - group name',
       #   desc: 'optional - group description',
-      #   parent: 'optional - parent group id',
+      #   parent_id: 'optional - parent group id',
       #   delete_binary: 'optional - delete binary after analysis C|Y|N (Default: C== company default)',
       #   binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 604_800 / 1 week)',
       #   product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 604_800 / 1 week)',
@@ -214,7 +254,7 @@ module PWN
         token = opts[:token]
         name = opts[:name]
         desc = opts[:desc]
-        parent = opts[:parent]
+        parent_id = opts[:parent_id]
         delete_binary = opts[:delete_binary] ||= 'C'
         binary_cleanup_age = opts[:binary_cleanup_age] ||= 604_800
         product_cleanup_age = opts[:product_cleanup_age] ||= 604_800
@@ -232,7 +272,7 @@ module PWN
           authorization: "Bearer #{token}",
           name: name,
           description: desc,
-          parent: parent,
+          parent: parent_id,
           delete_binary_after_scan: delete_binary,
           binary_cleanup_age: binary_cleanup_age,
           product_cleanup_age: product_cleanup_age,
@@ -475,9 +515,18 @@ module PWN
             token: 'required - Bearer token'
           )
 
-          response = #{self}.upload_file(
-            token: 'required - Black Duck Binary Analysis API token',
-            file: 'required - file to upload'
+          response = PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
+            token: 'required - Bearer token',
+            file: 'required - path of file to upload',
+            group_id: 'optional - group id',
+            delete_binary: 'optional - delete binary after upload (defaults to false)',
+            force_scan: 'optional - force scan (defaults to false)',
+            callback_url: 'optional - callback url',
+            scan_infoleak: 'optional - scan infoleak (defaults to true)',
+            code_analysis: 'optional - code analysis (defaults to true)',
+            scan_code_familiarity: 'optional - scan code familiarity (defaults to true)',
+            version: 'optional - version',
+            product_id: 'optional - product id'
           )
 
           response = #{self}.get_tasks(
@@ -497,7 +546,7 @@ module PWN
             token: 'required - Bearer token',
             name: 'required - group name',
             desc: 'optional - group description',
-            parent: 'optional - parent group id',
+            parent_id: 'optional - parent_id group id',
             delete_binary: 'optional - delete binary after analysis C|Y|N (Default: C== company default)',
             binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 604_800 / 1 week)',
             product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 604_800 / 1 week)',

data/lib/pwn/plugins/open_ai.rb

@@ -21,6 +21,7 @@ module PWN
       # )
 
       private_class_method def self.open_ai_rest_call(opts = {})
+        token = opts[:token]
         http_method = if opts[:http_method].nil?
                         :get
                       else
@@ -28,10 +29,14 @@ module PWN
                       end
         rest_call = opts[:rest_call].to_s.scrub
         params = opts[:params]
+        headers = {
+          content_type: content_type,
+          authorization: "Bearer #{token}"
+        }
+
         http_body = opts[:http_body]
         http_body ||= {}
         base_open_ai_api_uri = 'https://api.openai.com/v1'
-        token = opts[:token]
 
         content_type = 'application/json; charset=UTF-8'
 
@@ -43,25 +48,22 @@ module PWN
 
         case http_method
         when :delete, :get
+          headers[:params] = params
           response = rest_client.execute(
             method: http2_method,
             url: "#{base_open_ai_api_uri}/#{rest_call}",
-            headers: {
-              content_type: content_type,
-              authorization: "Bearer #{token}",
-              params: params
-            },
+            headers: headers,
             verify_ssl: false
           )
 
         when :post
           if http_body.key?(:multipart)
+            headers[:content_type] = 'multipart/form-data'
+
             response = rest_client.execute(
               method: http_method,
               url: "#{base_open_ai_api_uri}/#{rest_call}",
-              headers: {
-                authorization: "Bearer #{token}"
-              },
+              headers: headers,
               payload: http_body,
               verify_ssl: false
             )
@@ -69,10 +71,7 @@ module PWN
             response = rest_client.execute(
               method: http_method,
               url: "#{base_open_ai_api_uri}/#{rest_call}",
-              headers: {
-                content_type: content_type,
-                authorization: "Bearer #{token}"
-              },
+              headers: headers,
               payload: http_body.to_json,
               verify_ssl: false
             )

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.734'
+  VERSION = '0.4.736'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.734
+  version: 0.4.736
 platform: ruby
 authors:
 - 0day Inc.