pwn 0.5.294 → 0.5.296

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ceafe0b454fd9c71a3f1fa0cfd17eea562bf2bec920e455098d349539c6eb359
-  data.tar.gz: 92becb6c401010f224ed010bcc28c9800cccacbf1c6fba80010b211ac635de54
+  metadata.gz: 6084ce4228a703b5a63932418579de97831aef2fd80901f1a6d08d344a5e65a6
+  data.tar.gz: '09e4abc2b15e4568409e48f5354f1e7481ef6f498a85a6da4607ab47e613c510'
 SHA512:
-  metadata.gz: f3590c9ca8a67466e1db5e41025860f060615a9e232312df4906ca48d02eb664c7fb7b7f8e87adb6b8f5b9e7506dc40b97248b33fa6c2835e45ab8222ffebeae
-  data.tar.gz: e2df1bdf36cfe2f3494f7f18c7767cea1fc18c2dd7859f3a31ff07a999d640f14710c45026c1a26097d3e5fc0f1bc872a91700a4c320db6e02ce966ac0b24f11
+  metadata.gz: da596264507cc6fcf3a33e7a76296bc6cc7057cb4d2d739d702a80a50fa42f1956da53c6ff6ec9e428342caa204d03a0c42f916a0c514fe860aede361f1cc6ed
+  data.tar.gz: d7dacf9451bc8c44e3872bddbbafb32a113476fba5ac6199526b9993f2edff6bf6958ceb51687cf4f284b5c01d525b91e752a615539b080adea20b462bb61dea

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.294]:001 >>> PWN.help
+pwn[v0.5.296]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.294]:001 >>> PWN.help
+pwn[v0.5.296]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.294]:001 >>> PWN.help
+pwn[v0.5.296]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/jira_server.rb

@@ -22,6 +22,7 @@ module PWN
       # )
 
       private_class_method def self.rest_call(opts = {})
+        token = opts[:token]
         http_method = if opts[:http_method].nil?
                         :get
                       else
@@ -29,44 +30,54 @@ module PWN
                       end
         rest_call = opts[:rest_call].to_s.scrub
         params = opts[:params]
+        headers = opts[:http_headers] ||= {
+          content_type: 'application/json; charset=UTF-8',
+          authorization: "Bearer #{token}"
+        }
+
         http_body = opts[:http_body]
         base_api_uri = opts[:base_api_uri]
 
         raise 'ERROR: base_api_uri cannot be nil.' if base_api_uri.nil?
 
-        token = opts[:token]
-
         browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
         rest_client = browser_obj[:browser]::Request
 
         spinner = TTY::Spinner.new
         spinner.auto_spin
 
+        max_request_attempts = 3
+        tot_request_attempts ||= 1
+
         case http_method
-        when :get
+        when :delete, :get
+          headers[:params] = params
           response = rest_client.execute(
-            method: :get,
+            method: http_method,
             url: "#{base_api_uri}/#{rest_call}",
-            headers: {
-              content_type: 'application/json; charset=UTF-8',
-              authorization: "Bearer #{token}",
-              params: params
-            },
-            verify_ssl: false
+            headers: headers,
+            verify_ssl: false,
+            timeout: 180
           )
 
-        when :post
+        when :post, :put
+          if http_body.is_a?(Hash)
+            if http_body.key?(:multipart)
+              headers[:content_type] = 'multipart/form-data'
+              headers[:x_atlassian_token] => 'no-check'
+            else
+              http_body = http_body.to_json
+            end
+          end
+
           response = rest_client.execute(
-            method: :post,
+            method: http_method,
             url: "#{base_api_uri}/#{rest_call}",
-            headers: {
-              content_type: 'application/json; charset=UTF-8',
-              authorization: "Bearer #{token}"
-            },
-            payload: http_body.to_json,
-            verify_ssl: false
+            headers: headers,
+            payload: http_body,
+            verify_ssl: false,
+            timeout: 180
           )
-
         else
           raise @@logger.error("Unsupported HTTP Method #{http_method} for #{self} Plugin")
         end
@@ -80,10 +91,31 @@ module PWN
           puts "HTTP RESPONSE HEADERS: #{e.response.headers}"
           puts "HTTP RESPONSE BODY:\n#{e.response.body}\n\n\n"
         end
+
+        raise e
+      rescue IO::TimeoutError => e
+        raise e if tot_request_attempts == max_request_attempts
+
+        tot_request_attempts += 1
+        @@logger.warn("Timeout Error: Retrying request (Attempt #{tot_request_attempts}/#{max_request_attempts})")
+        sleep(2)
+        retry
+      rescue Errno::ECONNREFUSED => e
+        raise e if tot_request_attempts == max_request_attempts
+
+        puts "\nTCP Connection Unavailable."
+        puts "Attempt (#{tot_request_attempts} of #{max_request_attempts}) in 60s"
+        60.downto(1) do
+          print '.'
+          sleep 1
+        end
+        tot_request_attempts += 1
+
+        retry
       rescue StandardError => e
         raise e
       ensure
-        spinner.stop
+        spinner.stop unless spinner.nil?
       end
 
       # Supported Method Parameters::
@@ -150,6 +182,7 @@ module PWN
       #   description: 'optional - description of the issue',
       #   epic_name: 'optional - name of the epic',
       #   additional_fields: 'optional - additional fields to set in the issue (e.g. labels, components, custom fields, etc.)'
+      #   attachments: 'optional - array of attachment paths to upload to the issue (e.g. ["/path/to/file1.txt", "/path/to/file2.png"])'
       # )
 
       public_class_method def self.create_issue(opts = {})
@@ -171,7 +204,10 @@ module PWN
         description = opts[:description].to_s.scrub
 
         additional_fields = opts[:additional_fields] ||= { fields: {} }
-        raise 'ERROR: additional_fields Hash must contain a :fields key.' unless additional_fields.is_a?(Hash) && additional_fields.key?(:fields)
+        raise 'ERROR: additional_fields Hash must contain a :fields key that is also a Hash.' unless additional_fields.is_a?(Hash) && additional_fields.key?(:fields) && additional_fields[:fields].is_a?(Hash)
+
+        attachments = opts[:attachments] ||= []
+        raise 'ERROR: attachments must be an Array.' unless attachments.is_a?(Array)
 
         all_fields = get_all_fields(base_api_uri: base_api_uri, token: token)
         epic_name_field_key = all_fields.find { |field| field[:name] == 'Epic Name' }[:id]
@@ -194,13 +230,94 @@ module PWN
 
         http_body[:fields].merge!(additional_fields[:fields])
 
-        rest_call(
+        issue_resp = rest_call(
           http_method: :post,
           base_api_uri: base_api_uri,
           token: token,
           rest_call: 'issue',
           http_body: http_body
         )
+
+        if attachments.any?
+          issue = issue_resp[:key]
+
+          http_body = {
+            multipart: true,
+            file: attachments.map { |attachment| File.new(attachment, 'rb') }
+          }
+
+          rest_call(
+            http_method: :post,
+            base_api_uri: base_api_uri,
+            token: token,
+            rest_call: "issue/#{issue}/attachments",
+            http_body: http_body
+          )
+        end
+
+        issue_resp
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # issue_resp = PWN::Plugins::JiraServer.update_issue(
+      #   base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
+      #   token: 'required - bearer token',
+      #   fields: 'required - fields to update in the issue (e.g. summary, description, labels, components, custom fields, etc.)'
+      # )
+
+      public_class_method def self.update_issue(opts = {})
+        base_api_uri = opts[:base_api_uri]
+
+        token = opts[:token]
+        token ||= PWN::Plugins::AuthenticationHelper.mask_password(
+          prompt: 'Personal Access Token'
+        )
+        issue = opts[:issue]
+        raise 'ERROR: project_key cannot be nil.' if issue.nil?
+
+        fields = opts[:fields] ||= { fields: {} }
+        raise 'ERROR: fields Hash must contain a :fields key that is also a Hash.' unless fields.is_a?(Hash) && fields.key?(:fields) && fields[:fields].is_a?(Hash)
+
+        http_body = fields
+
+        rest_call(
+          http_method: :put,
+          base_api_uri: base_api_uri,
+          token: token,
+          rest_call: "issue/#{issue}",
+          http_body: http_body
+        )
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # issue_resp = PWN::Plugins::JiraServer.delete_issue(
+      #   base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
+      #   token: 'required - bearer token',
+      #   issue: 'required - issue to delete (e.g. Bug, Issue, Story, or Epic ID)'
+      # )
+
+      public_class_method def self.delete_issue(opts = {})
+        base_api_uri = opts[:base_api_uri]
+
+        token = opts[:token]
+        token ||= PWN::Plugins::AuthenticationHelper.mask_password(
+          prompt: 'Personal Access Token'
+        )
+
+        issue = opts[:issue]
+
+        raise 'ERROR: issue cannot be nil.' if issue.nil?
+
+        rest_call(
+          http_method: :delete,
+          base_api_uri: base_api_uri,
+          token: token,
+          rest_call: "issue/#{issue}"
+        )
       rescue StandardError => e
         raise e
       end
@@ -237,7 +354,21 @@ module PWN
             issue_type: 'required - issue type (e.g. :epic, :story, :bug)',
             description: 'optional - description of the issue',
             epic_name: 'optional - name of the epic',
-            additional_fields: 'optional - additional fields to set in the issue (e.g. labels, components, custom fields, etc.)'
+            additional_fields: 'optional - additional fields to set in the issue (e.g. labels, components, custom fields, etc.)',
+            attachments: 'optional - array of attachment paths to upload to the issue (e.g. ['/path/to/file1.txt', '/path/to/file2.png'])'
+          )
+
+          issue_resp = #{self}.update_issue(
+            base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
+            token: 'required - bearer token',
+            issue: 'required - issue to update (e.g. Bug, Issue, Story, or Epic ID)',
+            fields: 'required - fields to update in the issue (e.g. summary, description, labels, components, custom fields, etc.)'
+          )
+
+          issue_resp = #{self}.delete_issue(
+            base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
+            token: 'required - bearer token',
+            issue: 'required - issue to delete (e.g. Bug, Issue, Story, or Epic ID)'
           )
 
           **********************************************************************

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.294'
+  VERSION = '0.5.296'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.294
+  version: 0.5.296
 platform: ruby
 authors:
 - 0day Inc.