pwn 0.5.301 → 0.5.303

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ccbfcfff8dc15fb9976418982c7d3f0c302fc210c57019587ad20b7c5f5dfe54
-  data.tar.gz: 602f258ba2304490e060fb36927164278680da8dfcd381ade3bb121277349b1a
+  metadata.gz: c05b6705a2d4cb4d1e2fbccc6eff8e9752df2660610d577bc62397d116e4164a
+  data.tar.gz: 8d9f9ec925222a6c8650ebb9e637a71264f258581e138ee650199699fbd81751
 SHA512:
-  metadata.gz: 0bb149c10dd9dd0d27051d05aef4493f66413f2e0a0641112158d4a4808f24a930224dd0fc42598a8cbaa846f3d0064351a2a5791632db1d5413d9afcb37659c
-  data.tar.gz: c2f60d489791334c2914a7e4ae122b623ef2e96de2bc9e9db7d025b381f612f3f8e5f8ecbf8f70835a12d19236f28a78c689df90cfdd03da2bbf924662276cc9
+  metadata.gz: 5f0aa077f65377bc75d46a4fc5a60eb200b142075f0d4d1c3eb78caa05d54c8abdf50f1f64855ff86ef993c178e415f8865fbdb2a26086a2a5dff73ea67248dc
+  data.tar.gz: c02c7cdc07bda2ecd0790af222f6e5eccff0219c87e61edd66d596c53817f23a6e07b3dae2e959fe0028b866a8f10ae4a478b825dbb98899ff0e9051541df5d3

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.301]:001 >>> PWN.help
+pwn[v0.5.303]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.301]:001 >>> PWN.help
+pwn[v0.5.303]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.301]:001 >>> PWN.help
+pwn[v0.5.303]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/git_commit_test_reinit_gem.sh

@@ -43,7 +43,7 @@ if (( $# == 3 )); then
   latest_gem=$(ls pkg/*.gem)
   if [[ $latest_gem != "" ]]; then
     echo "Pushing ${latest_gem} to RubyGems.org..."
-    rvmsudo gem push $latest_gem --debug
+    rvmsudo gem push $latest_gem
   fi
 
   if [[ $tag_this_version_bool == 'true' ]]; then

data/lib/pwn/plugins/jira_server.rb

@@ -82,10 +82,15 @@ module PWN
           raise @@logger.error("Unsupported HTTP Method #{http_method} for #{self} Plugin")
         end
 
-        jira_response = response if response.is_a?(RestClient::Response) && response.code == 204
-        jira_response = JSON.parse(response, symbolize_names: true) if response.is_a?(RestClient::Response) && response.code != 204
+        case response.code
+        when 201, 204
+          response = { http_response_code: response.code }
+        else
+          response = JSON.parse(response, symbolize_names: true) if response.is_a?(RestClient::Response)
+          response[:http_response_code] = response.code if response.is_a?(RestClient::Response)
+        end
 
-        jira_response
+        response
       rescue RestClient::ExceptionWithResponse => e
         if e.response
           puts "HTTP BASE URL: #{base_api_uri}"
@@ -219,7 +224,8 @@ module PWN
       #   description: 'optional - description of the issue',
       #   epic_name: 'optional - name of the epic',
       #   additional_fields: 'optional - additional fields to set in the issue (e.g. labels, components, custom fields, etc.)'
-      #   attachment: 'optional - attachment path to upload to the issue (e.g. "/path/to/file1.txt")'
+      #   attachments: 'optional - array of attachment paths to upload to the issue (e.g. ["/tmp/file1.txt", "/tmp/file2.txt"])',
+      #   comment: 'optional - comment to add to the issue (e.g. "This is a comment")'
       # )
 
       public_class_method def self.create_issue(opts = {})
@@ -243,7 +249,10 @@ module PWN
         additional_fields = opts[:additional_fields] ||= { fields: {} }
         raise 'ERROR: additional_fields Hash must contain a :fields key that is also a Hash.' unless additional_fields.is_a?(Hash) && additional_fields.key?(:fields) && additional_fields[:fields].is_a?(Hash)
 
-        attachment = opts[:attachment]
+        attachments = opts[:attachments] ||= []
+        raise 'ERROR: attachments must be an Array.' unless attachments.is_a?(Array)
+
+        comment = opts[:comment]
 
         all_fields = get_all_fields(base_api_uri: base_api_uri, token: token)
         epic_name_field_key = all_fields.find { |field| field[:name] == 'Epic Name' }[:id]
@@ -273,27 +282,42 @@ module PWN
           rest_call: 'issue',
           http_body: http_body
         )
+        issue = issue_resp[:key]
+
+        if attachments.any?
+          attachments.each do |attachment|
+            raise "ERROR: #{attachment} not found." unless File.exist?(attachment)
+
+            http_body = {
+              multipart: true,
+              file: File.new(attachment, 'rb')
+            }
+
+            rest_call(
+              http_method: :post,
+              base_api_uri: base_api_uri,
+              token: token,
+              rest_call: "issue/#{issue}/attachments",
+              http_body: http_body
+            )
+          end
+        end
 
-        if attachment
-          raise "ERROR: #{attachment} not found." unless File.exist?(attachment)
-
-          issue = issue_resp[:key]
-
-          http_body = {
-            multipart: true,
-            file: File.new(attachment, 'rb')
-          }
-
-          rest_call(
-            http_method: :post,
+        if comment
+          issue_comment(
             base_api_uri: base_api_uri,
             token: token,
-            rest_call: "issue/#{issue}/attachments",
-            http_body: http_body
+            issue: issue,
+            comment_action: :add,
+            comment: comment
           )
         end
 
-        issue_resp
+        get_issue(
+          base_api_uri: base_api_uri,
+          token: token,
+          issue: issue
+        )
       rescue StandardError => e
         raise e
       end
@@ -303,7 +327,7 @@ module PWN
       #   base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
       #   token: 'required - personal access token',
       #   fields: 'required - fields to update in the issue (e.g. summary, description, labels, components, custom fields, etc.)',
-      #   attachment: 'optional - attachment path to upload to the issue (e.g. "/path/to/file1.txt")'
+      #   attachments: 'optional - array of attachment paths to upload to the issue (e.g. ["/tmp/file1.txt", "/tmp/file2.txt"])',
       # )
 
       public_class_method def self.update_issue(opts = {})
@@ -319,11 +343,12 @@ module PWN
         fields = opts[:fields] ||= { fields: {} }
         raise 'ERROR: fields Hash must contain a :fields key that is also a Hash.' unless fields.is_a?(Hash) && fields.key?(:fields) && fields[:fields].is_a?(Hash)
 
-        attachment = opts[:attachment]
+        attachments = opts[:attachments] ||= []
+        raise 'ERROR: attachments must be an Array.' unless attachments.is_a?(Array)
 
         http_body = fields
 
-        issue_resp = rest_call(
+        rest_call(
           http_method: :put,
           base_api_uri: base_api_uri,
           token: token,
@@ -331,24 +356,95 @@ module PWN
           http_body: http_body
         )
 
-        if attachment
-          raise "ERROR: #{attachment} not found." unless File.exist?(attachment)
+        if attachments.any?
+          attachments.each do |attachment|
+            raise "ERROR: #{attachment} not found." unless File.exist?(attachment)
+
+            http_body = {
+              multipart: true,
+              file: File.new(attachment, 'rb')
+            }
+
+            rest_call(
+              http_method: :post,
+              base_api_uri: base_api_uri,
+              token: token,
+              rest_call: "issue/#{issue}/attachments",
+              http_body: http_body
+            )
+          end
+        end
 
-          http_body = {
-            multipart: true,
-            file: File.new(attachment, 'rb')
-          }
+        get_issue(
+          base_api_uri: base_api_uri,
+          token: token,
+          issue: issue
+        )
+      rescue StandardError => e
+        raise e
+      end
 
-          rest_call(
-            http_method: :post,
-            base_api_uri: base_api_uri,
-            token: token,
-            rest_call: "issue/#{issue}/attachments",
-            http_body: http_body
-          )
+      # Supported Method Parameters::
+      # issue_resp = PWN::Plugins::JiraServer.issue_comment(
+      #   base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
+      #   token: 'required - personal access token',
+      #   issue: 'required - issue to delete (e.g. Bug, Issue, Story, or Epic ID)',
+      #   comment_action: 'required - action to perform on the issue comment (e.g. :delete, :add, :update - Defaults to :add)',
+      #   comment_id: 'optional - comment ID to delete or update (e.g. 10000)',
+      #   author: 'optional - author of the comment (e.g. "jane.doe")',
+      #   comment: 'optional - comment to add or update in the issue (e.g. "This is a comment")'
+      # )
+
+      public_class_method def self.issue_comment(opts = {})
+        base_api_uri = opts[:base_api_uri]
+
+        token = opts[:token]
+        token ||= PWN::Plugins::AuthenticationHelper.mask_password(
+          prompt: 'Personal Access Token'
+        )
+
+        issue = opts[:issue]
+        raise 'ERROR: issue cannot be nil.' if issue.nil?
+
+        comment_action = opts[:comment_action] ||= :add
+        raise 'ERROR: comment_action must be one of :delete, :add, or :update.' unless %i[delete add update].include?(comment_action)
+
+        comment_id = opts[:comment_id]
+        raise 'ERROR: comment_id cannot be nil when comment_action is :delete or :update.' unless %i[delete update].include?(comment_action) || comment_id.nil?
+
+        author = opts[:author]
+        comment = opts[:comment].to_s.scrub
+
+        case comment_action
+        when :add
+          http_method = :post
+          rest_call = "issue/#{issue}/comment"
+          http_body = { body: comment }
+          http_body[:author] = author if author
+        when :delete
+          http_method = :delete
+          rest_call = "issue/#{issue}/comment/#{comment_id}"
+          http_body = nil
+        when :update
+          http_method = :put
+          rest_call = "issue/#{issue}/comment/#{comment_id}"
+          http_body = { body: comment }
+          http_body[:author] = author if author
         end
 
-        issue_resp
+        rest_call(
+          http_method: http_method,
+          base_api_uri: base_api_uri,
+          token: token,
+          rest_call: rest_call,
+          http_body: http_body
+        )
+
+        get_issue(
+          base_api_uri: base_api_uri,
+          token: token,
+          issue: issue
+        )
       rescue StandardError => e
         raise e
       end
@@ -369,7 +465,6 @@ module PWN
         )
 
         issue = opts[:issue]
-
         raise 'ERROR: issue cannot be nil.' if issue.nil?
 
         rest_call(
@@ -382,6 +477,34 @@ module PWN
         raise e
       end
 
+      # Supported Method Parameters::
+      # issue_resp = PWN::Plugins::JiraServer.delete_attachment(
+      #   base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
+      #   token: 'required - personal access token',
+      #   id: 'required - attachment ID to delete (e.g. 10000) found in #get_issue method'
+      # )
+
+      public_class_method def self.delete_attachment(opts = {})
+        base_api_uri = opts[:base_api_uri]
+
+        token = opts[:token]
+        token ||= PWN::Plugins::AuthenticationHelper.mask_password(
+          prompt: 'Personal Access Token'
+        )
+
+        id = opts[:id]
+        raise 'ERROR: attachment_id cannot be nil.' if id.nil?
+
+        rest_call(
+          http_method: :delete,
+          base_api_uri: base_api_uri,
+          token: token,
+          rest_call: "attachment/#{id}"
+        )
+      rescue StandardError => e
+        raise e
+      end
+
       # Author(s):: 0day Inc. <support@0dayinc.com>
 
       public_class_method def self.authors
@@ -422,7 +545,8 @@ module PWN
             description: 'optional - description of the issue',
             epic_name: 'optional - name of the epic',
             additional_fields: 'optional - additional fields to set in the issue (e.g. labels, components, custom fields, etc.)',
-            attachment: 'optional - attachment path to upload to the issue (e.g. \"/path/to/file1.txt\")'
+            attachments: 'optional - array of attachment paths to upload to the issue (e.g. [\"/tmp/file1.txt\", \"/tmp/file2.txt\"])',
+            comment: 'optional - comment to add to the issue (e.g. \"This is a comment\")'
           )
 
           issue_resp = #{self}.update_issue(
@@ -430,7 +554,17 @@ module PWN
             token: 'required - personal access token',
             issue: 'required - issue to update (e.g. Bug, Issue, Story, or Epic ID)',
             fields: 'required - fields to update in the issue (e.g. summary, description, labels, components, custom fields, etc.)',
-            attachment: 'optional - attachment path to upload to the issue (e.g. \"/path/to/file1.txt\")'
+            attachments: 'optional - array of attachment paths to upload to the issue (e.g. [\"/tmp/file1.txt\", \"/tmp/file2.txt\"])'
+          )
+
+          issue_resp = #{self}.issue_comment(
+            base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
+            token: 'required - personal access token',
+            issue: 'required - issue to comment on (e.g. Bug, Issue, Story, or Epic ID)',
+            comment_action: 'required - action to perform on the issue comment (e.g. :delete, :add, :update - Defaults to :add)',
+            comment_id: 'optional - comment ID to delete or update (e.g. 10000)',
+            author: 'optional - author of the comment (e.g. \"jane.doe\")',
+            comment: 'optional - comment to add or update in the issue (e.g. \"This is a comment\")'
           )
 
           issue_resp = #{self}.delete_issue(
@@ -439,6 +573,12 @@ module PWN
             issue: 'required - issue to delete (e.g. Bug, Issue, Story, or Epic ID)'
           )
 
+          issue_resp = #{self}.delete_attachment(
+            base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
+            token: 'required - personal access token',
+            id: 'required - attachment ID to delete (e.g. 10000) found in #get_issue method'
+          )
+
           **********************************************************************
           * For more information on the Jira Server REST API, see:
           * https://developer.atlassian.com/server/jira/platform/rest-apis/

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.301'
+  VERSION = '0.5.303'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.301
+  version: 0.5.303
 platform: ruby
 authors:
 - 0day Inc.