pwn 0.4.735 → 0.4.737

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 91ea0aaa9a3d3f2f0e7e6a38c58a4199bd770cf7784486cc59e99e4add3ec9c3
-  data.tar.gz: c047b603b26553c23b13ac4e4c856a11556908f1020d3d6bd5b4160d380a0b9d
+  metadata.gz: '01249a06b7f5f3b1bcd331c75d9946a1f1aedfa947cb72ca492e97191229ad10'
+  data.tar.gz: cfbbfb84754859f5e9b2e2727bcc02c2c392682027d58764d1abb70f83334e7f
 SHA512:
-  metadata.gz: 45e128055e6a8bf97a62d2c9dae4cfe44589648ed297d677df52142bec308c83f0416a8ce19f500ab20113955a666bee8ebf56408770e3e83f6746f2f27654e6
-  data.tar.gz: 11cdcd0233d414543d90e85b6c78d51b9af6e1de24b6b1e8f95ba66d251d3d1448d66f3330f0f622b991b655625002e52c29491b6c26c33b7e25d5a4fab3dd3f
+  metadata.gz: b45b7cd565ddab92c10e5187b750f30533727b0ead8e94ee1e808c669b789ff4cd87122535eb424ad262496bb2f203822c89cb2808ff07b98985a1050496ed90
+  data.tar.gz: 8a56c95492231605c2bce0e2cf141655e2374b0810cc51ccb445781b5c77b01438ab5d50680b1646c2bdf0d3f2c48c42c86c3d046fbd50edc8f0b1e626566237

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.735]:001 >>> PWN.help
+pwn[v0.4.737]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.735]:001 >>> PWN.help
+pwn[v0.4.737]:001 >>> PWN.help
 ```
 
 

data/lib/pwn/plugins/black_duck_binary_analysis.rb

@@ -32,7 +32,7 @@ module PWN
 
         headers = opts[:http_headers]
         headers ||= {
-          content_type: content_type,
+          content_type: 'application/json; charset=UTF-8',
           authorization: "Bearer #{token}"
         }
 
@@ -40,8 +40,6 @@ module PWN
         base_bd_bin_analysis_api_uri = 'https://protecode-sc.com/api'
         token = opts[:token]
 
-        content_type = 'application/json; charset=UTF-8'
-
         browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
         rest_client = browser_obj[:browser]::Request
 
@@ -59,13 +57,25 @@ module PWN
           )
 
         when :post, :put
-          response = rest_client.execute(
-            method: :post,
-            url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
-            headers: headers,
-            payload: http_body,
-            verify_ssl: false
-          )
+          if http_body.key?(:multipart)
+            headers[:content_type] = 'multipart/form-data'
+
+            response = rest_client.execute(
+              method: :post,
+              url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
+              headers: headers,
+              payload: http_body,
+              verify_ssl: false
+            )
+          else
+            response = rest_client.execute(
+              method: :post,
+              url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
+              headers: headers,
+              payload: http_body.to_json,
+              verify_ssl: false
+            )
+          end
         else
           raise @@logger.error("Unsupported HTTP Method #{http_method} for #{self} Plugin")
         end
@@ -122,7 +132,16 @@ module PWN
       # Supported Method Parameters::
       # response = PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
       #   token: 'required - Bearer token',
-      #   file: 'required - file to upload'
+      #   file: 'required - path of file to upload',
+      #   group_id: 'optional - group id',
+      #   delete_binary: 'optional - delete binary after upload (defaults to false)',
+      #   force_scan: 'optional - force scan (defaults to false)',
+      #   callback_url: 'optional - callback url',
+      #   scan_infoleak: 'optional - scan infoleak (defaults to true)',
+      #   code_analysis: 'optional - code analysis (defaults to true)',
+      #   scan_code_familiarity: 'optional - scan code familiarity (defaults to true)',
+      #   version: 'optional - version',
+      #   product_id: 'optional - product id'
       # )
 
       public_class_method def self.upload_file(opts = {})
@@ -130,8 +149,29 @@ module PWN
         file = opts[:file]
         raise "ERROR: #{file} not found." unless File.exist?(file)
 
+        file_name = File.basename(file)
+
+        group_id = opts[:group_id]
+        delete_binary = true if opts[:delete_binary] ||= false
+        force_scan = true if opts[:force_scan] ||= false
+        callback_url = opts[:callback_url]
+        scan_infoleak = false if opts[:scan_infoleak] ||= true
+        code_analysis = false if opts[:code_analysis] ||= true
+        scan_code_familiarity = false if opts[:scan_code_familiarity] ||= true
+        version = opts[:version]
+        product_id = opts[:product_id]
+
         http_headers = {
-          authorization: "Bearer #{token}"
+          authorization: "Bearer #{token}",
+          delete_binary: delete_binary,
+          force_scan: force_scan,
+          group: group_id,
+          callback: callback_url,
+          scan_infoleak: scan_infoleak,
+          code_analysis: code_analysis,
+          scan_code_familiarity: scan_code_familiarity,
+          version: version,
+          replace: product_id
         }
 
         http_body = {
@@ -140,9 +180,9 @@ module PWN
         }
 
         response = bd_bin_analysis_rest_call(
-          http_method: :post,
+          http_method: :put,
           token: token,
-          rest_call: 'files',
+          rest_call: "upload/#{file_name}",
           http_headers: http_headers,
           http_body: http_body
         )
@@ -193,7 +233,7 @@ module PWN
       #   token: 'required - Bearer token',
       #   name: 'required - group name',
       #   desc: 'optional - group description',
-      #   parent: 'optional - parent group id',
+      #   parent_id: 'optional - parent group id',
       #   delete_binary: 'optional - delete binary after analysis C|Y|N (Default: C== company default)',
       #   binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 604_800 / 1 week)',
       #   product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 604_800 / 1 week)',
@@ -212,7 +252,7 @@ module PWN
         token = opts[:token]
         name = opts[:name]
         desc = opts[:desc]
-        parent = opts[:parent]
+        parent_id = opts[:parent_id]
         delete_binary = opts[:delete_binary] ||= 'C'
         binary_cleanup_age = opts[:binary_cleanup_age] ||= 604_800
         product_cleanup_age = opts[:product_cleanup_age] ||= 604_800
@@ -230,7 +270,7 @@ module PWN
           authorization: "Bearer #{token}",
           name: name,
           description: desc,
-          parent: parent,
+          parent: parent_id,
           delete_binary_after_scan: delete_binary,
           binary_cleanup_age: binary_cleanup_age,
           product_cleanup_age: product_cleanup_age,
@@ -473,9 +513,18 @@ module PWN
             token: 'required - Bearer token'
           )
 
-          response = #{self}.upload_file(
-            token: 'required - Black Duck Binary Analysis API token',
-            file: 'required - file to upload'
+          response = PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
+            token: 'required - Bearer token',
+            file: 'required - path of file to upload',
+            group_id: 'optional - group id',
+            delete_binary: 'optional - delete binary after upload (defaults to false)',
+            force_scan: 'optional - force scan (defaults to false)',
+            callback_url: 'optional - callback url',
+            scan_infoleak: 'optional - scan infoleak (defaults to true)',
+            code_analysis: 'optional - code analysis (defaults to true)',
+            scan_code_familiarity: 'optional - scan code familiarity (defaults to true)',
+            version: 'optional - version',
+            product_id: 'optional - product id'
           )
 
           response = #{self}.get_tasks(
@@ -495,7 +544,7 @@ module PWN
             token: 'required - Bearer token',
             name: 'required - group name',
             desc: 'optional - group description',
-            parent: 'optional - parent group id',
+            parent_id: 'optional - parent_id group id',
             delete_binary: 'optional - delete binary after analysis C|Y|N (Default: C== company default)',
             binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 604_800 / 1 week)',
             product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 604_800 / 1 week)',

data/lib/pwn/plugins/open_ai.rb

@@ -21,6 +21,7 @@ module PWN
       # )
 
       private_class_method def self.open_ai_rest_call(opts = {})
+        token = opts[:token]
         http_method = if opts[:http_method].nil?
                         :get
                       else
@@ -28,12 +29,14 @@ module PWN
                       end
         rest_call = opts[:rest_call].to_s.scrub
         params = opts[:params]
+        headers = {
+          content_type: 'application/json; charset=UTF-8',
+          authorization: "Bearer #{token}"
+        }
+
         http_body = opts[:http_body]
         http_body ||= {}
         base_open_ai_api_uri = 'https://api.openai.com/v1'
-        token = opts[:token]
-
-        content_type = 'application/json; charset=UTF-8'
 
         browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
         rest_client = browser_obj[:browser]::Request
@@ -43,25 +46,22 @@ module PWN
 
         case http_method
         when :delete, :get
+          headers[:params] = params
           response = rest_client.execute(
             method: http2_method,
             url: "#{base_open_ai_api_uri}/#{rest_call}",
-            headers: {
-              content_type: content_type,
-              authorization: "Bearer #{token}",
-              params: params
-            },
+            headers: headers,
             verify_ssl: false
           )
 
         when :post
           if http_body.key?(:multipart)
+            headers[:content_type] = 'multipart/form-data'
+
             response = rest_client.execute(
               method: http_method,
               url: "#{base_open_ai_api_uri}/#{rest_call}",
-              headers: {
-                authorization: "Bearer #{token}"
-              },
+              headers: headers,
               payload: http_body,
               verify_ssl: false
             )
@@ -69,10 +69,7 @@ module PWN
             response = rest_client.execute(
               method: http_method,
               url: "#{base_open_ai_api_uri}/#{rest_call}",
-              headers: {
-                content_type: content_type,
-                authorization: "Bearer #{token}"
-              },
+              headers: headers,
               payload: http_body.to_json,
               verify_ssl: false
             )

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.735'
+  VERSION = '0.4.737'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.735
+  version: 0.4.737
 platform: ruby
 authors:
 - 0day Inc.