pwn 0.4.946 → 0.4.948

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f3a65a4e72f31051e5ec333f1efc58e21bc8650d15ef29bdf38eccf805474cfc
-  data.tar.gz: def1ec22da82dbb03d436fa0dc36b42763665cf876b6075c47f4ed672f2a88b4
+  metadata.gz: 3cb997e0e92cf072ea55948720785a4c72683d4cf09dfe8967c3c86fa898660e
+  data.tar.gz: cd175882aa77aad5d0850bf031dbca59ca3447076856cf5da7bc06fb1825111b
 SHA512:
-  metadata.gz: d42f0e7255ee7d001abe6f4f91d5bd2c37ab4930d16eeb93eda64bc70ffc64c8193855d26c6589aa1dfd4b3df6eb52f04f683a0af88a129de249b0109c6fde32
-  data.tar.gz: 130e9b478e59c7f15822600f6de4bfe78c4e4720ed27174e185731b1d2d2cc897183e4a2ba5db103315beb16df270790307e42d2c4b107221f3052ed504b110c
+  metadata.gz: 2a9e2bb004a9c984532e6bf59e406753d8e3f99a009fb7fbbd413ae9b18385be1e2cdda2eec3d51ca44f6a1783a8d6ab6ca1f83044dcd2c717a82924278ae0e0
+  data.tar.gz: '09c9a97349e0bcbe14ba10af211063a8c8169f4b71134d7502c7d89e3485269922e5f35782229773dc90b075e6223116c39c691e56100fb8daa8203695753d0c'

data/.ruby-version

@@ -1 +1 @@
-3.2.2
+3.3.0

data/Gemfile

@@ -17,9 +17,9 @@ gem 'authy', '3.0.1'
 gem 'aws-sdk', '3.2.0'
 # gem 'bettercap', '1.6.2'
 gem 'barby', '0.6.9'
-gem 'brakeman', '6.1.0'
+gem 'brakeman', '6.1.1'
 gem 'bson', '4.15.0'
-gem 'bundler', '>=2.5.1'
+gem 'bundler', '>=2.5.3'
 gem 'bundler-audit', '0.9.1'
 gem 'bunny', '2.22.0'
 gem 'colorize', '1.1.0'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.4.946]:001 >>> PWN.help
+pwn[v0.4.948]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -48,21 +48,21 @@ pwn[v0.4.946]:001 >>> PWN.help
 It's wise to update pwn often as numerous versions are released/week:
 ```
 $ rvm list gemsets
-$ rvm use ruby-3.2.2@pwn
+$ rvm use ruby-3.3.0@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.946]:001 >>> PWN.help
+pwn[v0.4.948]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
 ```
 $ rvm list gemsets
-$ rvm use ruby-3.2.2@pwn
+$ rvm use ruby-3.3.0@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.4.946]:001 >>> PWN.help
+pwn[v0.4.948]:001 >>> PWN.help
 ```
 
 

data/lib/pwn/plugins/defect_dojo.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'json'
+require 'securerandom'
 
 module PWN
   module Plugins
@@ -76,11 +77,12 @@ module PWN
           )
         end
 
-        rest_client = browser_obj[:browser]::Request
+        rest_client = browser_obj[:browser]
+        rest_request = rest_client::Request
 
         case http_method
         when :get
-          response = rest_client.execute(
+          response = rest_request.execute(
             method: :get,
             url: "#{base_dd_api_uri}/#{rest_call}",
             headers: {
@@ -95,13 +97,21 @@ module PWN
 
         when :post
           if http_body.key?(:multipart)
-            content_type = 'multipart/form-data'
-            payload = http_body
+            # Hack to fix name="tags[]" to name="tags" to allow for multi-tag submission
+            # otherwise we could just used payload = http_body
+            multipart = rest_client::Payload::Multipart.new(http_body)
+            content_type = multipart.headers['Content-Type']
+            multipart_massaged = multipart.to_s.gsub(
+              'Content-Disposition: form-data; name="tags[]"',
+              'Content-Disposition: form-data; name="tags"'
+            )
+            base = rest_client::Payload::Base.new(multipart_massaged)
+            payload = base.to_s
           else
             payload = http_body.to_json
           end
 
-          response = rest_client.execute(
+          response = rest_request.execute(
             method: :post,
             url: "#{base_dd_api_uri}/#{rest_call}",
             headers: {

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.946'
+  VERSION = '0.4.948'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.946
+  version: 0.4.948
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-12-19 00:00:00.000000000 Z
+date: 2023-12-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.0
+        version: 6.1.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.0
+        version: 6.1.1
 - !ruby/object:Gem::Dependency
   name: bson
   requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.5.1
+        version: 2.5.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.5.1
+        version: 2.5.3
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
@@ -2219,14 +2219,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.2.2
+      version: 3.3.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.1
+rubygems_version: 3.5.3
 signing_key:
 specification_version: 4
 summary: Automated Security Testing for CI/CD Pipelines & Beyond