pwn 0.4.956 → 0.4.958

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 917e0143e5b82f95bd54f567ec76b72d1ad5a819a95416438d2dc6bf39ea3ec8
-  data.tar.gz: ae03eeb3bfd8d4d6e68056181eea50f8ce62abee838e2b4d93563ca1a8769214
+  metadata.gz: c6b7d3647903d295b3b512ea781c69cc886b9fd5ba48d8dfd707171be61f4b33
+  data.tar.gz: a22b4e9e3954391f93ce25e6d0f6f59b814e36d0fb62b24c3c42c8e380d88016
 SHA512:
-  metadata.gz: 9c25d99b6d76ce1f098c87e9767e45037fc64cde90cbd5087386b167239a59a4a4c0618b808cfe55765ec9f27dfad0939ada1eb2706917342efabc7e04ceec23
-  data.tar.gz: '08a67b4821bcd551c43c74be96bb6fab5a8734ac13147efcecc3d24137c67a61a6f07d7f0542bf287ab8f4465c1c1c1f44b965df85eea1f6c86fc353b8c71164'
+  metadata.gz: 887c0e9ec4cd32ffd8fcbe6f5db832b88261ba3e8f51c382d0e7d01e72a38b66969608dd1286bb784b2db1d0135b2a30ddb31c0b90675eb5756e346edc0483d1
+  data.tar.gz: 19e71a82ede71aa0d4d5dbf1e4b2a999d3b9401ffe5eaf8203f0df65ac7f55627b5dd70a47158b620648328d8d442a9948e034168b65079383e51cb238aac0b3

data/Gemfile

@@ -11,7 +11,7 @@ gemspec
 # In some circumstances custom flags are passed to gems in order
 # to build appropriately.  Defer to ./reinstall_pwn_gemset.sh
 # to review these custom flags (e.g. pg, serialport, etc).
-gem 'activesupport', '7.1.2'
+gem 'activesupport', '7.1.3'
 gem 'anemone', '0.7.2'
 gem 'authy', '3.0.1'
 gem 'aws-sdk', '3.2.0'
@@ -26,7 +26,7 @@ gem 'colorize', '1.1.0'
 gem 'credit_card_validations', '6.1.0'
 gem 'eventmachine', '1.2.7'
 gem 'executable-hooks', '1.7.1'
-gem 'faker', '3.2.2'
+gem 'faker', '3.2.3'
 gem 'faye-websocket', '0.11.3'
 gem 'ffi', '1.16.3'
 gem 'fftw3', '0.3'
@@ -72,7 +72,7 @@ gem 'rmagick', '5.3.0'
 gem 'rqrcode', '2.2.0'
 gem 'rspec', '3.12.0'
 gem 'rtesseract', '3.1.3'
-gem 'rubocop', '1.59.0'
+gem 'rubocop', '1.60.1'
 gem 'rubocop-rake', '0.6.0'
 gem 'rubocop-rspec', '2.26.1'
 gem 'ruby-audio', '1.6.1'
@@ -85,7 +85,7 @@ gem 'serialport', '1.3.2'
 gem 'sinatra', '3.2.0'
 gem 'slack-ruby-client', '2.2.0'
 gem 'socksify', '1.7.1'
-gem 'spreadsheet', '1.3.0'
+gem 'spreadsheet', '1.3.1'
 gem 'sqlite3', '1.7.0'
 gem 'thin', '1.8.2'
 gem 'tty-prompt', '0.23.1'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.4.956]:001 >>> PWN.help
+pwn[v0.4.958]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.956]:001 >>> PWN.help
+pwn[v0.4.958]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.4.956]:001 >>> PWN.help
+pwn[v0.4.958]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn_bdba_scan

@@ -111,6 +111,10 @@ begin
       group_id: parent_group_id
     )
 
+    # Break out of infinite loop if status is anything other than 'B' (i.e. 'Busy')
+    # Possible status other than 'B' is:
+    # 'R' (i.e. 'Ready') or
+    # 'F' (i.e. 'Fail')
     break if scan_progress_resp[:products].none? { |p| p[:status] == 'B' } || report_only
 
     # Cancel queued scan if it's been queued for more than 90 minutes
@@ -134,9 +138,32 @@ begin
     scan_progress_busy_duration += 10
   end
 
-  find_product = scan_progress_resp[:products].find { |p| p[:name] == CGI.escape(File.basename(target_file)) }
+  raise 'ERROR: BDBA Scan Failed - Check BDBA Logs for More Info...' if scan_progress_resp[:products].any? { |p| p[:status] == 'F' }
 
-  raise NoMethodError if find_product.nil?
+  # Account for rare race condition scenario where get_apps_by_group may need to be called
+  # multiple times to find the product
+  find_product = nil
+  find_product_attempts = scan_attempts
+  print 'Looking for Product in Apps by Group...'
+  loop do
+    find_product = scan_progress_resp[:products].find { |p| p[:name] == CGI.escape(File.basename(target_file)) }
+    break unless find_product.nil?
+
+    find_product_attempts += 1
+
+    raise "ERROR: Cannot Find Product in Apps by Group:\n#{scan_progress_resp}" if find_product_attempts >= scan_attempts
+
+    10.times do
+      print '.'
+      sleep 1
+    end
+
+    scan_progress_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_apps_by_group(
+      token: token,
+      group_id: parent_group_id
+    )
+  end
+  puts 'complete.'
 
   product_id = find_product[:product_id]
 
@@ -149,7 +176,6 @@ begin
 
   puts "\nReport Saved to: #{report_path}"
 rescue IO::TimeoutError,
-       NoMethodError,
        RestClient::BadGateway,
        RestClient::BadRequest,
        RestClient::Exceptions::OpenTimeout,

data/bin/pwn_defectdojo_importscan

@@ -62,11 +62,11 @@ OptionParser.new do |options|
     opts[:create_finding_groups] = g
   end
 
-  options.on('-c', '--close-old-findings-product-scope', '<Optional - close old findings from the engagement (defaults to false)') do |c|
+  options.on('-c', '--close-old-findings-product-scope', '<Optional - Select if close_old_findings applies to all findings of the same type in the product (defaults to false)') do |c|
     opts[:close_old_findings_product_scope] = c
   end
 
-  options.on('-C', '--close-old-findings', '<Optional - close old findings, regardless of engagement (defaults to false)') do |c|
+  options.on('-C', '--close-old-findings', '<Optional - old findings no longer present in the report get closed as mitigated when importing (defaults to false)') do |c|
     opts[:close_old_findings] = c
   end
 

data/bin/pwn_defectdojo_reimportscan

@@ -62,11 +62,11 @@ OptionParser.new do |options|
     opts[:create_finding_groups] = g
   end
 
-  options.on('-c', '--close-old-findings-product-scope', '<Optional - close old findings from the engagement (defaults to false)') do |c|
+  options.on('-c', '--close-old-findings-product-scope', '<Optional - Select if close_old_findings applies to all findings of the same type in the product (defaults to false)') do |c|
     opts[:close_old_findings_product_scope] = c
   end
 
-  options.on('-C', '--close-old-findings', '<Optional - close old findings, regardless of engagement (defaults to false)') do |c|
+  options.on('-C', '--close-old-findings', '<Optional - old findings no longer present in the report get closed as mitigated when importing (defaults to false)') do |c|
     opts[:close_old_findings] = c
   end
 

data/lib/pwn/plugins/defect_dojo.rb

@@ -473,6 +473,8 @@ module PWN
 
         opts[:close_old_findings_product_scope] ? (http_body[:close_old_findings_product_scope] = true) : (http_body[:close_old_findings_product_scope] = false)
 
+        opts[:close_old_findings] = true if opts[:close_old_findings_product_scope]
+
         opts[:close_old_findings] ? (http_body[:close_old_findings] = true) : (http_body[:close_old_findings] = false)
 
         opts[:push_to_jira] ? (http_body[:push_to_jira] = true) : (http_body[:push_to_jira] = false)
@@ -581,6 +583,8 @@ module PWN
 
         opts[:close_old_findings_product_scope] ? (http_body[:close_old_findings_product_scope] = true) : (http_body[:close_old_findings_product_scope] = false)
 
+        opts[:close_old_findings] = true if opts[:close_old_findings_product_scope]
+
         opts[:close_old_findings] ? (http_body[:close_old_findings] = true) : (http_body[:close_old_findings] = false)
 
         opts[:push_to_jira] ? (http_body[:push_to_jira] = true) : (http_body[:push_to_jira] = false)

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.956'
+  VERSION = '0.4.958'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.956
+  version: 0.4.958
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-11 00:00:00.000000000 Z
+date: 2024-01-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.1.2
+        version: 7.1.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.1.2
+        version: 7.1.3
 - !ruby/object:Gem::Dependency
   name: anemone
   requirement: !ruby/object:Gem::Requirement
@@ -212,14 +212,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.2.2
+        version: 3.2.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.2.2
+        version: 3.2.3
 - !ruby/object:Gem::Dependency
   name: faye-websocket
   requirement: !ruby/object:Gem::Requirement
@@ -856,14 +856,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.59.0
+        version: 1.60.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.59.0
+        version: 1.60.1
 - !ruby/object:Gem::Dependency
   name: rubocop-rake
   requirement: !ruby/object:Gem::Requirement
@@ -1038,14 +1038,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: 1.3.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: 1.3.1
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement