pwn 0.5.300 → 0.5.302

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 29a28418243b69187a691144f02e98af2035b5677a97d695e6d754647e690bfa
-  data.tar.gz: 2b051a9224368f45365850f9ca63db4a14877551fd5e1311462bc6a243e4f2dc
+  metadata.gz: f1fbd47d7c9374e09b1e1d6478921b0e06074db6ba2a9397d4cc4c2ce002dc37
+  data.tar.gz: 7439dd249821d50724cd0170bf12aad128e7fef806a7ff690edcbfec9cb21534
 SHA512:
-  metadata.gz: 8639069688fd8690d32087827d7e07267a773fa1e3fa52d5ed31b606261fa566e19b78a32e6a080ce3f26da49e59acac4e6046451177091e11dbc0c23f3f4caa
-  data.tar.gz: f428cb4e47d8a4c6335ac4cebca99b0fb9206a12b62e60c11ac5de5b3ff62010356ac649f7e50b20d73e7e05efd9e6aea14513651a9d3ac0030230cef06cdf2d
+  metadata.gz: b53a71b82e5693e00de4ab453594e46c405cff6ff55eff71962ad6ea25f8d0dec2ec27706ca6826d215e15aa62fb9a268b6fba53aeff5961fc3d488222c388e8
+  data.tar.gz: 4a4719c806c9637161d7dfcbade0e0d7a4366525b9224b00217a5527d55cbff32fad3aa96b9576aa0ceeda392cf58db542f71d49fd9168ad95533db8af0f1eb6

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.300]:001 >>> PWN.help
+pwn[v0.5.302]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.300]:001 >>> PWN.help
+pwn[v0.5.302]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.300]:001 >>> PWN.help
+pwn[v0.5.302]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/jira_server.rb

@@ -82,10 +82,15 @@ module PWN
           raise @@logger.error("Unsupported HTTP Method #{http_method} for #{self} Plugin")
         end
 
-        jira_response = response if response.is_a?(RestClient::Response) && response.code == 204
-        jira_response = JSON.parse(response, symbolize_names: true) if response.is_a?(RestClient::Response) && response.code != 204
+        case response.code
+        when 201, 204
+          response = { http_response_code: response.code }
+        else
+          response = JSON.parse(response, symbolize_names: true) if response.is_a?(RestClient::Response)
+          response[:http_response_code] = response.code if response.is_a?(RestClient::Response)
+        end
 
-        jira_response
+        response
       rescue RestClient::ExceptionWithResponse => e
         if e.response
           puts "HTTP BASE URL: #{base_api_uri}"
@@ -219,7 +224,8 @@ module PWN
       #   description: 'optional - description of the issue',
       #   epic_name: 'optional - name of the epic',
       #   additional_fields: 'optional - additional fields to set in the issue (e.g. labels, components, custom fields, etc.)'
-      #   attachment: 'optional - attachment path to upload to the issue (e.g. "/path/to/file1.txt")'
+      #   attachments: 'optional - array of attachment paths to upload to the issue (e.g. ["/tmp/file1.txt", "/tmp/file2.txt"])',
+      #   comment: 'optional - comment to add to the issue (e.g. "This is a comment")'
       # )
 
       public_class_method def self.create_issue(opts = {})
@@ -243,8 +249,10 @@ module PWN
         additional_fields = opts[:additional_fields] ||= { fields: {} }
         raise 'ERROR: additional_fields Hash must contain a :fields key that is also a Hash.' unless additional_fields.is_a?(Hash) && additional_fields.key?(:fields) && additional_fields[:fields].is_a?(Hash)
 
-        attachment = opts[:attachment]
-        raise "ERROR: #{attachment} not found." unless attachment.nil? || File.exist?(attachment)
+        attachments = opts[:attachments] ||= []
+        raise 'ERROR: attachments must be an Array.' unless attachments.is_a?(Array)
+
+        comment = opts[:comment]
 
         all_fields = get_all_fields(base_api_uri: base_api_uri, token: token)
         epic_name_field_key = all_fields.find { |field| field[:name] == 'Epic Name' }[:id]
@@ -275,19 +283,39 @@ module PWN
           http_body: http_body
         )
 
-        if attachment.any?
+        if attachments.any?
+          issue = issue_resp[:key]
+
+          attachments.each do |attachment|
+            raise "ERROR: #{attachment} not found." unless File.exist?(attachment)
+
+            http_body = {
+              multipart: true,
+              file: File.new(attachment, 'rb')
+            }
+
+            rest_call(
+              http_method: :post,
+              base_api_uri: base_api_uri,
+              token: token,
+              rest_call: "issue/#{issue}/attachments",
+              http_body: http_body
+            )
+          end
+        end
+
+        if comment
           issue = issue_resp[:key]
 
           http_body = {
-            multipart: true,
-            file: File.new(attachment, 'rb')
+            body: comment
           }
 
           rest_call(
             http_method: :post,
             base_api_uri: base_api_uri,
             token: token,
-            rest_call: "issue/#{issue}/attachments",
+            rest_call: "issue/#{issue}/comment",
             http_body: http_body
           )
         end
@@ -302,7 +330,7 @@ module PWN
       #   base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
       #   token: 'required - personal access token',
       #   fields: 'required - fields to update in the issue (e.g. summary, description, labels, components, custom fields, etc.)',
-      #   attachment: 'optional - attachment path to upload to the issue (e.g. "/path/to/file1.txt")'
+      #   attachments: 'optional - array of attachment paths to upload to the issue (e.g. ["/tmp/file1.txt", "/tmp/file2.txt"])',
       # )
 
       public_class_method def self.update_issue(opts = {})
@@ -318,8 +346,8 @@ module PWN
         fields = opts[:fields] ||= { fields: {} }
         raise 'ERROR: fields Hash must contain a :fields key that is also a Hash.' unless fields.is_a?(Hash) && fields.key?(:fields) && fields[:fields].is_a?(Hash)
 
-        attachment = opts[:attachment]
-        raise "ERROR: #{attachment} not found." unless File.exist?(attachment) || attachment.nil?
+        attachments = opts[:attachments] ||= []
+        raise 'ERROR: attachments must be an Array.' unless attachments.is_a?(Array)
 
         http_body = fields
 
@@ -331,19 +359,23 @@ module PWN
           http_body: http_body
         )
 
-        if attachment.any?
-          http_body = {
-            multipart: true,
-            file: File.new(attachment, 'rb')
-          }
-
-          rest_call(
-            http_method: :post,
-            base_api_uri: base_api_uri,
-            token: token,
-            rest_call: "issue/#{issue}/attachments",
-            http_body: http_body
-          )
+        if attachments.any?
+          attachments.each do |attachment|
+            raise "ERROR: #{attachment} not found." unless File.exist?(attachment)
+
+            http_body = {
+              multipart: true,
+              file: File.new(attachment, 'rb')
+            }
+
+            rest_call(
+              http_method: :post,
+              base_api_uri: base_api_uri,
+              token: token,
+              rest_call: "issue/#{issue}/attachments",
+              http_body: http_body
+            )
+          end
         end
 
         issue_resp
@@ -351,6 +383,61 @@ module PWN
         raise e
       end
 
+      # Supported Method Parameters::
+      # issue_resp = PWN::Plugins::JiraServer.issue_comment(
+      #   base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
+      #   token: 'required - personal access token',
+      #   issue: 'required - issue to delete (e.g. Bug, Issue, Story, or Epic ID)',
+      #   comment_action: 'required - action to perform on the issue comment (e.g. :delete, :add, :update - Defaults to :add)',
+      #   comment_id: 'optional - comment ID to delete or update (e.g. 10000)',
+      #   comment: 'optional - comment to add or update in the issue (e.g. "This is a comment")'
+      # )
+
+      public_class_method def self.issue_comment(opts = {})
+        base_api_uri = opts[:base_api_uri]
+
+        token = opts[:token]
+        token ||= PWN::Plugins::AuthenticationHelper.mask_password(
+          prompt: 'Personal Access Token'
+        )
+
+        issue = opts[:issue]
+        raise 'ERROR: issue cannot be nil.' if issue.nil?
+
+        comment_action = opts[:comment_action] ||= :add
+        raise 'ERROR: comment_action must be one of :delete, :add, or :update.' unless %i[delete add update].include?(comment_action)
+
+        comment_id = opts[:comment_id]
+        raise 'ERROR: comment_id cannot be nil when comment_action is :delete or :update.' unless %i[delete update].include?(comment_action) || comment_id.nil?
+
+        comment = opts[:comment].to_s.scrub
+
+        case comment_action
+        when :add
+          http_method = :post
+          rest_call = "issue/#{issue}/comment"
+          http_body = { body: comment }
+        when :delete
+          http_method = :delete
+          rest_call = "issue/#{issue}/comment/#{comment_id}"
+          http_body = nil
+        when :update
+          http_method = :put
+          rest_call = "issue/#{issue}/comment/#{comment_id}"
+          http_body = { body: comment }
+        end
+
+        rest_call(
+          http_method: http_method,
+          base_api_uri: base_api_uri,
+          token: token,
+          rest_call: rest_call,
+          http_body: http_body
+        )
+      rescue StandardError => e
+        raise e
+      end
+
       # Supported Method Parameters::
       # issue_resp = PWN::Plugins::JiraServer.delete_issue(
       #   base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
@@ -367,7 +454,6 @@ module PWN
         )
 
         issue = opts[:issue]
-
         raise 'ERROR: issue cannot be nil.' if issue.nil?
 
         rest_call(
@@ -380,6 +466,34 @@ module PWN
         raise e
       end
 
+      # Supported Method Parameters::
+      # issue_resp = PWN::Plugins::JiraServer.delete_attachment(
+      #   base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
+      #   token: 'required - personal access token',
+      #   id: 'required - attachment ID to delete (e.g. 10000) found in #get_issue method'
+      # )
+
+      public_class_method def self.delete_attachment(opts = {})
+        base_api_uri = opts[:base_api_uri]
+
+        token = opts[:token]
+        token ||= PWN::Plugins::AuthenticationHelper.mask_password(
+          prompt: 'Personal Access Token'
+        )
+
+        id = opts[:id]
+        raise 'ERROR: attachment_id cannot be nil.' if id.nil?
+
+        rest_call(
+          http_method: :delete,
+          base_api_uri: base_api_uri,
+          token: token,
+          rest_call: "attachment/#{id}"
+        )
+      rescue StandardError => e
+        raise e
+      end
+
       # Author(s):: 0day Inc. <support@0dayinc.com>
 
       public_class_method def self.authors
@@ -431,12 +545,27 @@ module PWN
             attachment: 'optional - attachment path to upload to the issue (e.g. \"/path/to/file1.txt\")'
           )
 
+          issue_resp = #{self}.issue_comment(
+            base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
+            token: 'required - personal access token',
+            issue: 'required - issue to comment on (e.g. Bug, Issue, Story, or Epic ID)',
+            comment_action: 'required - action to perform on the issue comment (e.g. :delete, :add, :update - Defaults to :add)',
+            comment_id: 'optional - comment ID to delete or update (e.g. 10000)',
+            comment: 'optional - comment to add or update in the issue (e.g. \"This is a comment\")'
+          )
+
           issue_resp = #{self}.delete_issue(
             base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
             token: 'required - personal access token',
             issue: 'required - issue to delete (e.g. Bug, Issue, Story, or Epic ID)'
           )
 
+          issue_resp = #{self}.delete_attachment(
+            base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
+            token: 'required - personal access token',
+            id: 'required - attachment ID to delete (e.g. 10000) found in #get_issue method'
+          )
+
           **********************************************************************
           * For more information on the Jira Server REST API, see:
           * https://developer.atlassian.com/server/jira/platform/rest-apis/

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.300'
+  VERSION = '0.5.302'
 end

data/third_party/pwn_rdoc.jsonl

@@ -665,13 +665,14 @@
 {"messages":[{"role":"user","content":"PWN::Plugins::Jenkins.list_nested_jobs Usage"},{"role":"assistant","content":"`PWN::Plugins::Jenkins.list_nested_jobs`: Supported Method Parameters\n\nPWN::Plugins::Jenkins.list_nested_jobs(\n\njenkins_obj: 'required jenkins_obj returned from #connect method',\nview_path: 'required view path to list jobs'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::Jenkins.list_nested_views Usage"},{"role":"assistant","content":"`PWN::Plugins::Jenkins.list_nested_views`: Supported Method Parameters\n\nPWN::Plugins::Jenkins.list_nested_views(\n\njenkins_obj: 'required jenkins_obj returned from #connect method',\nview_path: 'required view path list sub-views'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::JiraServer.authors Usage"},{"role":"assistant","content":"`PWN::Plugins::JiraServer.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::JiraServer.create_issue Usage"},{"role":"assistant","content":"`PWN::Plugins::JiraServer.create_issue`: Supported Method Parameters\n\nissue_resp = PWN::Plugins::JiraServer.create_issue(\n\nbase_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',\ntoken: 'required - bearer token',\nproject_key: 'required - project key (e.g. PWN)',\nsummary: 'required - summary of the issue (e.g. Epic for PWN-1337)',\nissue_type: 'required - issue type (e.g. :epic, :story, :bug)',\ndescription: 'optional - description of the issue',\nepic_name: 'optional - name of the epic',\nadditional_fields: 'optional - additional fields to set in the issue (e.g. labels, components, custom fields, etc.)'\nattachments: 'optional - array of attachment paths to upload to the issue (e.g. [\"/path/to/file1.txt\", \"/path/to/file2.png\"])'\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::JiraServer.delete_issue Usage"},{"role":"assistant","content":"`PWN::Plugins::JiraServer.delete_issue`: Supported Method Parameters\n\nissue_resp = PWN::Plugins::JiraServer.delete_issue(\n\nbase_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',\ntoken: 'required - bearer token',\nissue: 'required - issue to delete (e.g. Bug, Issue, Story, or Epic ID)'\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::JiraServer.get_all_fields Usage"},{"role":"assistant","content":"`PWN::Plugins::JiraServer.get_all_fields`: Supported Method Parameters\n\nall_fields = PWN::Plugins::JiraServer.get_all_fields(\n\nbase_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',\ntoken: 'required - bearer token'\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::JiraServer.get_issue Usage"},{"role":"assistant","content":"`PWN::Plugins::JiraServer.get_issue`: Supported Method Parameters\n\nissue_resp = PWN::Plugins::JiraServer.get_issue(\n\nbase_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',\ntoken: 'required - bearer token',\nissue: 'required - issue to lookup (e.g. Bug, Issue, Story, or Epic ID)',\nparams: 'optional - additional parameters to pass in the URI (e.g. fields, expand, etc.)'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::JiraServer.create_issue Usage"},{"role":"assistant","content":"`PWN::Plugins::JiraServer.create_issue`: Supported Method Parameters\n\nissue_resp = PWN::Plugins::JiraServer.create_issue(\n\nbase_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',\ntoken: 'required - personal access token',\nproject_key: 'required - project key (e.g. PWN)',\nsummary: 'required - summary of the issue (e.g. Epic for PWN-1337)',\nissue_type: 'required - issue type (e.g. :epic, :story, :bug)',\ndescription: 'optional - description of the issue',\nepic_name: 'optional - name of the epic',\nadditional_fields: 'optional - additional fields to set in the issue (e.g. labels, components, custom fields, etc.)'\nattachment: 'optional - attachment path to upload to the issue (e.g. \"/path/to/file1.txt\")'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::JiraServer.delete_issue Usage"},{"role":"assistant","content":"`PWN::Plugins::JiraServer.delete_issue`: Supported Method Parameters\n\nissue_resp = PWN::Plugins::JiraServer.delete_issue(\n\nbase_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',\ntoken: 'required - personal access token',\nissue: 'required - issue to delete (e.g. Bug, Issue, Story, or Epic ID)'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::JiraServer.get_all_fields Usage"},{"role":"assistant","content":"`PWN::Plugins::JiraServer.get_all_fields`: Supported Method Parameters\n\nall_fields = PWN::Plugins::JiraServer.get_all_fields(\n\nbase_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',\ntoken: 'required - personal access token'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::JiraServer.get_issue Usage"},{"role":"assistant","content":"`PWN::Plugins::JiraServer.get_issue`: Supported Method Parameters\n\nissue_resp = PWN::Plugins::JiraServer.get_issue(\n\nbase_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',\ntoken: 'required - personal access token',\nissue: 'required - issue to lookup (e.g. Bug, Issue, Story, or Epic ID)',\nparams: 'optional - additional parameters to pass in the URI (e.g. fields, expand, etc.)'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::JiraServer.get_user Usage"},{"role":"assistant","content":"`PWN::Plugins::JiraServer.get_user`: Supported Method Parameters\n\nuser = PWN::Plugins::JiraServer.get_user(\n\nbase_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',\ntoken: 'required - personal access token',\nusername: 'required - username to lookup (e.g. jane.doe)',\nparams: 'optional - additional parameters to pass in the URI (e.g. expand, etc.)'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::JiraServer.help Usage"},{"role":"assistant","content":"`PWN::Plugins::JiraServer.help`: "}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::JiraServer.rest_call Usage"},{"role":"assistant","content":"`PWN::Plugins::JiraServer.rest_call`: Supported Method Parameters\n\nrest_call(\n\ntoken: 'required - bearer token',\nhttp_method: 'optional HTTP method (defaults to GET)',\nrest_call: 'required rest call to make per the schema',\nparams: 'optional params passed in the URI or HTTP Headers',\nhttp_body: 'optional HTTP body sent in HTTP methods that support it e.g. POST'\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::JiraServer.update_issue Usage"},{"role":"assistant","content":"`PWN::Plugins::JiraServer.update_issue`: Supported Method Parameters\n\nissue_resp = PWN::Plugins::JiraServer.update_issue(\n\nbase_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',\ntoken: 'required - bearer token',\nfields: 'required - fields to update in the issue (e.g. summary, description, labels, components, custom fields, etc.)'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::JiraServer.rest_call Usage"},{"role":"assistant","content":"`PWN::Plugins::JiraServer.rest_call`: Supported Method Parameters\n\nrest_call(\n\ntoken: 'required - personal access token',\nhttp_method: 'optional HTTP method (defaults to GET)',\nrest_call: 'required rest call to make per the schema',\nparams: 'optional params passed in the URI or HTTP Headers',\nhttp_body: 'optional HTTP body sent in HTTP methods that support it e.g. POST'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::JiraServer.update_issue Usage"},{"role":"assistant","content":"`PWN::Plugins::JiraServer.update_issue`: Supported Method Parameters\n\nissue_resp = PWN::Plugins::JiraServer.update_issue(\n\nbase_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',\ntoken: 'required - personal access token',\nfields: 'required - fields to update in the issue (e.g. summary, description, labels, components, custom fields, etc.)',\nattachment: 'optional - attachment path to upload to the issue (e.g. \"/path/to/file1.txt\")'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::Log.append Usage"},{"role":"assistant","content":"`PWN::Plugins::Log.append`: Supported Method Parameters\n\nPWN::Log.create( )\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::Log.authors Usage"},{"role":"assistant","content":"`PWN::Plugins::Log.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::Log.help Usage"},{"role":"assistant","content":"`PWN::Plugins::Log.help`: "}]}

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.300
+  version: 0.5.302
 platform: ruby
 authors:
 - 0day Inc.