pwn 0.5.378 → 0.5.380
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/bin/pwn_sast +11 -10
- data/lib/pwn/plugins/file_fu.rb +27 -6
- data/lib/pwn/plugins/git.rb +2 -5
- data/lib/pwn/reports/sast.rb +2 -2
- data/lib/pwn/sast/amqp_connect_as_guest.rb +5 -8
- data/lib/pwn/sast/apache_file_system_util_api.rb +5 -8
- data/lib/pwn/sast/aws.rb +5 -8
- data/lib/pwn/sast/banned_function_calls_c.rb +5 -8
- data/lib/pwn/sast/base64.rb +5 -8
- data/lib/pwn/sast/beef_hook.rb +3 -6
- data/lib/pwn/sast/cmd_execution_java.rb +3 -6
- data/lib/pwn/sast/cmd_execution_python.rb +3 -6
- data/lib/pwn/sast/cmd_execution_ruby.rb +3 -6
- data/lib/pwn/sast/cmd_execution_scala.rb +3 -6
- data/lib/pwn/sast/csrf.rb +3 -6
- data/lib/pwn/sast/deserial_java.rb +3 -6
- data/lib/pwn/sast/emoticon.rb +3 -6
- data/lib/pwn/sast/eval.rb +3 -6
- data/lib/pwn/sast/factory.rb +3 -6
- data/lib/pwn/sast/http_authorization_header.rb +3 -6
- data/lib/pwn/sast/inner_html.rb +3 -6
- data/lib/pwn/sast/keystore.rb +3 -6
- data/lib/pwn/sast/local_storage.rb +3 -6
- data/lib/pwn/sast/location_hash.rb +3 -6
- data/lib/pwn/sast/log4j.rb +3 -6
- data/lib/pwn/sast/logger.rb +3 -6
- data/lib/pwn/sast/md5.rb +3 -6
- data/lib/pwn/sast/outer_html.rb +3 -6
- data/lib/pwn/sast/padding_oracle.rb +3 -6
- data/lib/pwn/sast/password.rb +3 -6
- data/lib/pwn/sast/php_input_mechanisms.rb +3 -6
- data/lib/pwn/sast/php_type_juggling.rb +3 -6
- data/lib/pwn/sast/pom_version.rb +3 -6
- data/lib/pwn/sast/port.rb +3 -6
- data/lib/pwn/sast/post_message.rb +3 -6
- data/lib/pwn/sast/private_key.rb +3 -6
- data/lib/pwn/sast/redirect.rb +3 -6
- data/lib/pwn/sast/redos.rb +3 -6
- data/lib/pwn/sast/shell.rb +3 -6
- data/lib/pwn/sast/signature.rb +3 -6
- data/lib/pwn/sast/sql.rb +3 -6
- data/lib/pwn/sast/ssl.rb +3 -6
- data/lib/pwn/sast/sudo.rb +3 -6
- data/lib/pwn/sast/task_tag.rb +3 -6
- data/lib/pwn/sast/throw_errors.rb +3 -6
- data/lib/pwn/sast/token.rb +3 -6
- data/lib/pwn/sast/type_script_type_juggling.rb +3 -6
- data/lib/pwn/sast/version.rb +3 -6
- data/lib/pwn/sast/window_location_hash.rb +3 -6
- data/lib/pwn/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2e7b6ee84c6d1db20d149b280c6fcd80f2f99b4cc2351ad68f522d099cce28d0
|
|
4
|
+
data.tar.gz: c94cdc3b832b629977921387b8074595171dc39abf241c30bd7eaae4b4fdc355
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6d1126929afb0fff17d04010855842ac5777d0173dd34af1872432547d07e80e7ded44ece36d3d69b54f172be812539b15974c6cf17f714d5dd3f9aac94ced87
|
|
7
|
+
data.tar.gz: 5a331c6e4323a9971b3b702ec82efdf159d9190df4f1ecc6138a6a46525411328ed4330bb147ce81adfa5886928dfbd91ab4ad56a08a54a799732a1e449ec319
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.380]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.380]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.380]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
data/bin/pwn_sast
CHANGED
|
@@ -43,7 +43,7 @@ OptionParser.new do |options|
|
|
|
43
43
|
opts[:ai_fqdn] = f
|
|
44
44
|
end
|
|
45
45
|
|
|
46
|
-
options.on('-mMODEL', '--ai-model=MODEL', '<Optional AI Model to Use for Respective AI Engine (e.g., grok-
|
|
46
|
+
options.on('-mMODEL', '--ai-model=MODEL', '<Optional AI Model to Use for Respective AI Engine (e.g., grok-4-0709, grok-3-mini-fast, gpt5-chat-latest, chargpt-4o-latest, llama-3.1, etc.)>') do |m|
|
|
47
47
|
opts[:ai_model] = m
|
|
48
48
|
end
|
|
49
49
|
|
|
@@ -70,6 +70,7 @@ if opts.empty?
|
|
|
70
70
|
end
|
|
71
71
|
|
|
72
72
|
begin
|
|
73
|
+
timestamp = Time.now.strftime('%Y-%m-%d.%H:%M:%S%z')
|
|
73
74
|
pwn_provider = 'ruby-gem'
|
|
74
75
|
# pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.keys.select { |s| s == 'PWN_PROVIDER' }.any?
|
|
75
76
|
pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.keys.any? { |s| s == 'PWN_PROVIDER' }
|
|
@@ -78,6 +79,8 @@ begin
|
|
|
78
79
|
end_of_color = "\e[0m"
|
|
79
80
|
|
|
80
81
|
dir_path = opts[:dir_path] ||= '.'
|
|
82
|
+
previous_dir = Dir.pwd
|
|
83
|
+
Dir.chdir(dir_path) unless dir_path == '.'
|
|
81
84
|
|
|
82
85
|
uri_source_root = opts[:uri_source_root].to_s.scrub
|
|
83
86
|
|
|
@@ -88,7 +91,8 @@ begin
|
|
|
88
91
|
list_test_cases = opts[:list_test_cases]
|
|
89
92
|
|
|
90
93
|
report_name = opts[:report_name]
|
|
91
|
-
report_name ||= File.basename(Dir.pwd)
|
|
94
|
+
report_name ||= "#{File.basename(Dir.pwd)}-#{timestamp}" if dir_path == '.'
|
|
95
|
+
report_name ||= "#{File.basename(dir_path)}-#{timestamp}" unless dir_path == '.'
|
|
92
96
|
|
|
93
97
|
ai_engine = opts[:ai_engine]
|
|
94
98
|
if ai_engine
|
|
@@ -209,16 +213,11 @@ begin
|
|
|
209
213
|
|
|
210
214
|
# Start Simple HTTP Server (If Requested)
|
|
211
215
|
if start_reporting_server
|
|
216
|
+
listen_ip = '127.0.0.1'
|
|
217
|
+
listen_ip = '0.0.0.0' if pwn_provider == 'docker'
|
|
212
218
|
listen_port = PWN::Plugins::Sock.get_random_unused_port.to_s
|
|
213
|
-
|
|
214
|
-
if pwn_provider == 'docker'
|
|
215
|
-
listen_ip = '0.0.0.0'
|
|
216
|
-
else
|
|
217
|
-
listen_ip = '127.0.0.1'
|
|
218
|
-
end
|
|
219
|
-
|
|
220
219
|
puts "For Scan Results Navigate to: http://127.0.0.1:#{listen_port}/#{report_name}.html"
|
|
221
|
-
|
|
220
|
+
|
|
222
221
|
system(
|
|
223
222
|
'pwn_simple_http_server',
|
|
224
223
|
'-i',
|
|
@@ -229,4 +228,6 @@ begin
|
|
|
229
228
|
end
|
|
230
229
|
rescue SystemExit, Interrupt
|
|
231
230
|
puts "\nGoodbye."
|
|
231
|
+
ensure
|
|
232
|
+
Dir.chdir(previous_dir) unless dir_path == '.'
|
|
232
233
|
end
|
data/lib/pwn/plugins/file_fu.rb
CHANGED
|
@@ -12,18 +12,37 @@ module PWN
|
|
|
12
12
|
# built-in ruby classes (e.g. contains an easy to use recursion method that
|
|
13
13
|
# uses yield to interact with each entry on the fly).
|
|
14
14
|
module FileFu
|
|
15
|
+
# Supported Method Parameters::
|
|
16
|
+
# PWN::Plugins::FileFu.recurse_in_dir(
|
|
17
|
+
# dir_path: 'optional path to dir defaults to .'
|
|
18
|
+
# )
|
|
19
|
+
|
|
20
|
+
public_class_method def self.recurse_in_dir(opts = {})
|
|
21
|
+
dir_path = opts[:dir_path] ||= '.'
|
|
22
|
+
dir_path = dir_path.to_s.scrub unless dir_path.is_a?(String)
|
|
23
|
+
raise "PWN Error: Invalid Directory #{dir_path}" unless Dir.exist?(dir_path)
|
|
24
|
+
|
|
25
|
+
previous_dir = Dir.pwd
|
|
26
|
+
Dir.chdir(dir_path)
|
|
27
|
+
# Execute this like this:
|
|
28
|
+
# recurse_in_dir(:dir_path => 'path to dir') {|entry| puts entry}
|
|
29
|
+
Dir.glob('**/*').each { |entry| yield Shellwords.escape(entry) }
|
|
30
|
+
rescue StandardError => e
|
|
31
|
+
raise e
|
|
32
|
+
ensure
|
|
33
|
+
Dir.chdir(previous_dir) if Dir.exist?(previous_dir)
|
|
34
|
+
end
|
|
35
|
+
|
|
15
36
|
# Supported Method Parameters::
|
|
16
37
|
# PWN::Plugins::FileFu.recurse_dir(
|
|
17
38
|
# dir_path: 'optional path to dir defaults to .'
|
|
18
39
|
# )
|
|
19
40
|
|
|
20
41
|
public_class_method def self.recurse_dir(opts = {})
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
raise "PWN Error: Invalid Directory #{dir_path}" if dir_path.nil?
|
|
26
|
-
end
|
|
42
|
+
dir_path = opts[:dir_path] ||= '.'
|
|
43
|
+
dir_path = dir_path.to_s.scrub unless dir_path.is_a?(String)
|
|
44
|
+
raise "PWN Error: Invalid Directory #{dir_path}" unless Dir.exist?(dir_path)
|
|
45
|
+
|
|
27
46
|
# Execute this like this:
|
|
28
47
|
# recurse_dir(:dir_path => 'path to dir') {|entry| puts entry}
|
|
29
48
|
Dir.glob("#{dir_path}/**/*").each { |entry| yield Shellwords.escape(entry) }
|
|
@@ -59,6 +78,8 @@ module PWN
|
|
|
59
78
|
|
|
60
79
|
public_class_method def self.help
|
|
61
80
|
puts "USAGE:
|
|
81
|
+
#{self}.recurse_in_dir(dir_path: 'optional path to dir defaults to .') {|entry| puts entry}
|
|
82
|
+
|
|
62
83
|
#{self}.recurse_dir(dir_path: 'optional path to dir defaults to .') {|entry| puts entry}
|
|
63
84
|
|
|
64
85
|
#{self}.untar_gz_file(
|
data/lib/pwn/plugins/git.rb
CHANGED
|
@@ -49,11 +49,8 @@ module PWN
|
|
|
49
49
|
# )
|
|
50
50
|
|
|
51
51
|
private_class_method def self.get_author_by_line_range(opts = {})
|
|
52
|
-
repo_root =
|
|
53
|
-
|
|
54
|
-
else
|
|
55
|
-
opts[:repo_root].to_s
|
|
56
|
-
end
|
|
52
|
+
repo_root = opts[:repo_root] ||= '.'
|
|
53
|
+
repo_root = opts[:repo_root].to_s unless repor_root.is_a?(String)
|
|
57
54
|
from_line = opts[:from_line].to_i
|
|
58
55
|
to_line = opts[:to_line].to_i
|
|
59
56
|
target_file = opts[:target_file].to_s
|
data/lib/pwn/reports/sast.rb
CHANGED
|
@@ -44,7 +44,7 @@ module PWN
|
|
|
44
44
|
raise 'ERROR: AI Model is required for AI engine ollama.' if ai_engine == :ollama && ai_model.nil?
|
|
45
45
|
|
|
46
46
|
ai_key = opts[:ai_key] ||= PWN::Plugins::AuthenticationHelper.mask_password(prompt: "#{ai_engine} Token")
|
|
47
|
-
ai_system_role_content = opts[:ai_system_role_content] ||= 'Is this code vulnerable or a false positive? Valid responses are only: "VULNERABLE" or "FALSE+".
|
|
47
|
+
ai_system_role_content = opts[:ai_system_role_content] ||= 'Is this code vulnerable or a false positive? Valid responses are only: "VULNERABLE" or "FALSE+". If this code is VULNERABLE, why?'
|
|
48
48
|
ai_temp = opts[:ai_temp] ||= 0.9
|
|
49
49
|
|
|
50
50
|
puts "Analyzing source code using AI engine: #{ai_engine}\nModel: #{ai_model}\nSystem Role Content: #{ai_system_role_content}\nTemperature: #{ai_temp}"
|
|
@@ -327,7 +327,7 @@ module PWN
|
|
|
327
327
|
to_line_number = line_entry_uri + '#L' + data[i]['line_no'];
|
|
328
328
|
}
|
|
329
329
|
|
|
330
|
-
pwn_rows = pwn_rows.concat('<tr class="' + tr_class + '"><td style="width:90px" align="left"><a href="' + htmlEntityEncode(to_line_number) + '" target="_blank">' + htmlEntityEncode(data[i]['line_no']) + '</a>: </td><td style="width:300px" align="left">' + htmlEntityEncode(data[i]['contents']) + '</td><td style="width:
|
|
330
|
+
pwn_rows = pwn_rows.concat('<tr class="' + tr_class + '"><td style="width:90px" align="left"><a href="' + htmlEntityEncode(to_line_number) + '" target="_blank">' + htmlEntityEncode(data[i]['line_no']) + '</a>: </td><td style="width:300px" align="left">' + htmlEntityEncode(data[i]['contents']) + '</td><td style="width:300px" align=:left">' + htmlEntityEncode(data[i]['ai_analysis']) + '</td><td style="width:200px" align="right"><a href="mailto:' + canned_email + '">' + htmlEntityEncode(data[i]['author']) + '</a></td></tr>');
|
|
331
331
|
}
|
|
332
332
|
pwn_rows = pwn_rows.concat('</tbody></table>');
|
|
333
333
|
return pwn_rows;
|
|
@@ -22,7 +22,7 @@ module PWN
|
|
|
22
22
|
result_arr = []
|
|
23
23
|
logger_results = ''
|
|
24
24
|
|
|
25
|
-
PWN::Plugins::FileFu.
|
|
25
|
+
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
26
26
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
|
|
27
27
|
line_no_and_contents_arr = []
|
|
28
28
|
entry_beautified = false
|
|
@@ -63,11 +63,8 @@ module PWN
|
|
|
63
63
|
while line_no_count > current_count
|
|
64
64
|
line_no = line_contents_split[current_count]
|
|
65
65
|
contents = line_contents_split[current_count + 1]
|
|
66
|
-
if Dir.exist?(
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
repo_root = dir_path
|
|
70
|
-
repo_root = '.' if Dir.exist?('.git')
|
|
66
|
+
if Dir.exist?('.git')
|
|
67
|
+
repo_root = '.'
|
|
71
68
|
author = PWN::Plugins::Git.get_author(
|
|
72
69
|
repo_root: repo_root,
|
|
73
70
|
from_line: line_no,
|
|
@@ -75,9 +72,9 @@ module PWN
|
|
|
75
72
|
target_file: entry,
|
|
76
73
|
entry_beautified: entry_beautified
|
|
77
74
|
)
|
|
78
|
-
else
|
|
79
|
-
author = 'N/A'
|
|
80
75
|
end
|
|
76
|
+
author ||= 'N/A'
|
|
77
|
+
|
|
81
78
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
82
79
|
line_no: line_no,
|
|
83
80
|
contents: contents,
|
|
@@ -21,7 +21,7 @@ module PWN
|
|
|
21
21
|
result_arr = []
|
|
22
22
|
logger_results = ''
|
|
23
23
|
|
|
24
|
-
PWN::Plugins::FileFu.
|
|
24
|
+
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
25
25
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
|
|
26
26
|
line_no_and_contents_arr = []
|
|
27
27
|
entry_beautified = false
|
|
@@ -62,11 +62,8 @@ module PWN
|
|
|
62
62
|
while line_no_count > current_count
|
|
63
63
|
line_no = line_contents_split[current_count]
|
|
64
64
|
contents = line_contents_split[current_count + 1]
|
|
65
|
-
if Dir.exist?(
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
repo_root = dir_path
|
|
69
|
-
repo_root = '.' if Dir.exist?('.git')
|
|
65
|
+
if Dir.exist?('.git')
|
|
66
|
+
repo_root = '.'
|
|
70
67
|
|
|
71
68
|
author = PWN::Plugins::Git.get_author(
|
|
72
69
|
repo_root: repo_root,
|
|
@@ -75,9 +72,9 @@ module PWN
|
|
|
75
72
|
target_file: entry,
|
|
76
73
|
entry_beautified: entry_beautified
|
|
77
74
|
)
|
|
78
|
-
else
|
|
79
|
-
author = 'N/A'
|
|
80
75
|
end
|
|
76
|
+
author ||= 'N/A'
|
|
77
|
+
|
|
81
78
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
82
79
|
line_no: line_no,
|
|
83
80
|
contents: contents,
|
data/lib/pwn/sast/aws.rb
CHANGED
|
@@ -20,7 +20,7 @@ module PWN
|
|
|
20
20
|
result_arr = []
|
|
21
21
|
logger_results = ''
|
|
22
22
|
|
|
23
|
-
PWN::Plugins::FileFu.
|
|
23
|
+
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
24
24
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
|
|
25
25
|
line_no_and_contents_arr = []
|
|
26
26
|
entry_beautified = false
|
|
@@ -63,11 +63,8 @@ module PWN
|
|
|
63
63
|
while line_no_count > current_count
|
|
64
64
|
line_no = line_contents_split[current_count]
|
|
65
65
|
contents = line_contents_split[current_count + 1]
|
|
66
|
-
if Dir.exist?(
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
repo_root = dir_path
|
|
70
|
-
repo_root = '.' if Dir.exist?('.git')
|
|
66
|
+
if Dir.exist?('.git')
|
|
67
|
+
repo_root = '.'
|
|
71
68
|
|
|
72
69
|
author = PWN::Plugins::Git.get_author(
|
|
73
70
|
repo_root: repo_root,
|
|
@@ -76,9 +73,9 @@ module PWN
|
|
|
76
73
|
target_file: entry,
|
|
77
74
|
entry_beautified: entry_beautified
|
|
78
75
|
)
|
|
79
|
-
else
|
|
80
|
-
author = 'N/A'
|
|
81
76
|
end
|
|
77
|
+
author ||= 'N/A'
|
|
78
|
+
|
|
82
79
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
83
80
|
line_no: line_no,
|
|
84
81
|
contents: contents,
|
|
@@ -22,7 +22,7 @@ module PWN
|
|
|
22
22
|
result_arr = []
|
|
23
23
|
logger_results = ''
|
|
24
24
|
|
|
25
|
-
PWN::Plugins::FileFu.
|
|
25
|
+
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
26
26
|
if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.c' || File.extname(entry) == '.cpp' || File.extname(entry) == '.c++' || File.extname(entry) == '.cxx' || File.extname(entry) == '.h' || File.extname(entry) == '.hpp' || File.extname(entry) == '.h++' || File.extname(entry) == '.hh' || File.extname(entry) == '.hxx' || File.extname(entry) == '.ii' || File.extname(entry) == '.ixx' || File.extname(entry) == '.ipp' || File.extname(entry) == '.inl' || File.extname(entry) == '.txx' || File.extname(entry) == '.tpp' || File.extname(entry) == '.tpl') && entry !~ /test/i
|
|
27
27
|
line_no_and_contents_arr = []
|
|
28
28
|
entry_beautified = false
|
|
@@ -190,11 +190,8 @@ module PWN
|
|
|
190
190
|
while line_no_count > current_count
|
|
191
191
|
line_no = line_contents_split[current_count]
|
|
192
192
|
contents = line_contents_split[current_count + 1]
|
|
193
|
-
if Dir.exist?(
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
repo_root = dir_path
|
|
197
|
-
repo_root = '.' if Dir.exist?('.git')
|
|
193
|
+
if Dir.exist?('.git')
|
|
194
|
+
repo_root = '.'
|
|
198
195
|
|
|
199
196
|
author = PWN::Plugins::Git.get_author(
|
|
200
197
|
repo_root: repo_root,
|
|
@@ -203,9 +200,9 @@ module PWN
|
|
|
203
200
|
target_file: entry,
|
|
204
201
|
entry_beautified: entry_beautified
|
|
205
202
|
)
|
|
206
|
-
else
|
|
207
|
-
author = 'N/A'
|
|
208
203
|
end
|
|
204
|
+
author ||= 'N/A'
|
|
205
|
+
|
|
209
206
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
210
207
|
line_no: line_no,
|
|
211
208
|
contents: contents,
|
data/lib/pwn/sast/base64.rb
CHANGED
|
@@ -21,7 +21,7 @@ module PWN
|
|
|
21
21
|
result_arr = []
|
|
22
22
|
logger_results = ''
|
|
23
23
|
|
|
24
|
-
PWN::Plugins::FileFu.
|
|
24
|
+
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
25
25
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
|
|
26
26
|
line_no_and_contents_arr = []
|
|
27
27
|
entry_beautified = false
|
|
@@ -62,11 +62,8 @@ module PWN
|
|
|
62
62
|
while line_no_count > current_count
|
|
63
63
|
line_no = line_contents_split[current_count]
|
|
64
64
|
contents = line_contents_split[current_count + 1]
|
|
65
|
-
if Dir.exist?(
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
repo_root = dir_path
|
|
69
|
-
repo_root = '.' if Dir.exist?('.git')
|
|
65
|
+
if Dir.exist?('.git')
|
|
66
|
+
repo_root = '.'
|
|
70
67
|
|
|
71
68
|
author = PWN::Plugins::Git.get_author(
|
|
72
69
|
repo_root: repo_root,
|
|
@@ -75,9 +72,9 @@ module PWN
|
|
|
75
72
|
target_file: entry,
|
|
76
73
|
entry_beautified: entry_beautified
|
|
77
74
|
)
|
|
78
|
-
else
|
|
79
|
-
author = 'N/A'
|
|
80
75
|
end
|
|
76
|
+
author ||= 'N/A'
|
|
77
|
+
|
|
81
78
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
82
79
|
line_no: line_no,
|
|
83
80
|
contents: contents,
|
data/lib/pwn/sast/beef_hook.rb
CHANGED
|
@@ -21,7 +21,7 @@ module PWN
|
|
|
21
21
|
result_arr = []
|
|
22
22
|
logger_results = ''
|
|
23
23
|
|
|
24
|
-
PWN::Plugins::FileFu.
|
|
24
|
+
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
25
25
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
|
|
26
26
|
line_no_and_contents_arr = []
|
|
27
27
|
entry_beautified = false
|
|
@@ -61,11 +61,8 @@ module PWN
|
|
|
61
61
|
while line_no_count > current_count
|
|
62
62
|
line_no = line_contents_split[current_count]
|
|
63
63
|
contents = line_contents_split[current_count + 1]
|
|
64
|
-
if Dir.exist?(
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
repo_root = dir_path
|
|
68
|
-
repo_root = '.' if Dir.exist?('.git')
|
|
64
|
+
if Dir.exist?('.git')
|
|
65
|
+
repo_root = '.'
|
|
69
66
|
|
|
70
67
|
author = PWN::Plugins::Git.get_author(
|
|
71
68
|
repo_root: repo_root,
|
|
@@ -21,7 +21,7 @@ module PWN
|
|
|
21
21
|
result_arr = []
|
|
22
22
|
logger_results = ''
|
|
23
23
|
|
|
24
|
-
PWN::Plugins::FileFu.
|
|
24
|
+
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
25
25
|
if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && File.extname(entry) == '.java' && entry !~ /test/i
|
|
26
26
|
line_no_and_contents_arr = []
|
|
27
27
|
entry_beautified = false
|
|
@@ -63,11 +63,8 @@ module PWN
|
|
|
63
63
|
while line_no_count > current_count
|
|
64
64
|
line_no = line_contents_split[current_count]
|
|
65
65
|
contents = line_contents_split[current_count + 1]
|
|
66
|
-
if Dir.exist?(
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
repo_root = dir_path
|
|
70
|
-
repo_root = '.' if Dir.exist?('.git')
|
|
66
|
+
if Dir.exist?('.git')
|
|
67
|
+
repo_root = '.'
|
|
71
68
|
|
|
72
69
|
author = PWN::Plugins::Git.get_author(
|
|
73
70
|
repo_root: repo_root,
|
|
@@ -21,7 +21,7 @@ module PWN
|
|
|
21
21
|
result_arr = []
|
|
22
22
|
logger_results = ''
|
|
23
23
|
|
|
24
|
-
PWN::Plugins::FileFu.
|
|
24
|
+
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
25
25
|
if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.py' || File.extname(entry) == '.pyc' || File.extname(entry) == '.pyo' || File.extname(entry) == '.pyd') && entry !~ /test/i
|
|
26
26
|
line_no_and_contents_arr = []
|
|
27
27
|
entry_beautified = false
|
|
@@ -65,11 +65,8 @@ module PWN
|
|
|
65
65
|
while line_no_count > current_count
|
|
66
66
|
line_no = line_contents_split[current_count]
|
|
67
67
|
contents = line_contents_split[current_count + 1]
|
|
68
|
-
if Dir.exist?(
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
repo_root = dir_path
|
|
72
|
-
repo_root = '.' if Dir.exist?('.git')
|
|
68
|
+
if Dir.exist?('.git')
|
|
69
|
+
repo_root = '.'
|
|
73
70
|
|
|
74
71
|
author = PWN::Plugins::Git.get_author(
|
|
75
72
|
repo_root: repo_root,
|
|
@@ -21,7 +21,7 @@ module PWN
|
|
|
21
21
|
result_arr = []
|
|
22
22
|
logger_results = ''
|
|
23
23
|
|
|
24
|
-
PWN::Plugins::FileFu.
|
|
24
|
+
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
25
25
|
if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.rb' || File.extname(entry) == '.rbw') && entry !~ /test/i
|
|
26
26
|
line_no_and_contents_arr = []
|
|
27
27
|
entry_beautified = false
|
|
@@ -73,11 +73,8 @@ module PWN
|
|
|
73
73
|
while line_no_count > current_count
|
|
74
74
|
line_no = line_contents_split[current_count]
|
|
75
75
|
contents = line_contents_split[current_count + 1]
|
|
76
|
-
if Dir.exist?(
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
repo_root = dir_path
|
|
80
|
-
repo_root = '.' if Dir.exist?('.git')
|
|
76
|
+
if Dir.exist?('.git')
|
|
77
|
+
repo_root = '.'
|
|
81
78
|
|
|
82
79
|
author = PWN::Plugins::Git.get_author(
|
|
83
80
|
repo_root: repo_root,
|
|
@@ -21,7 +21,7 @@ module PWN
|
|
|
21
21
|
result_arr = []
|
|
22
22
|
logger_results = ''
|
|
23
23
|
|
|
24
|
-
PWN::Plugins::FileFu.
|
|
24
|
+
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
25
25
|
if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && File.extname(entry) == '.scala' && entry !~ /test/i
|
|
26
26
|
line_no_and_contents_arr = []
|
|
27
27
|
entry_beautified = false
|
|
@@ -63,11 +63,8 @@ module PWN
|
|
|
63
63
|
while line_no_count > current_count
|
|
64
64
|
line_no = line_contents_split[current_count]
|
|
65
65
|
contents = line_contents_split[current_count + 1]
|
|
66
|
-
if Dir.exist?(
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
repo_root = dir_path
|
|
70
|
-
repo_root = '.' if Dir.exist?('.git')
|
|
66
|
+
if Dir.exist?('.git')
|
|
67
|
+
repo_root = '.'
|
|
71
68
|
|
|
72
69
|
author = PWN::Plugins::Git.get_author(
|
|
73
70
|
repo_root: repo_root,
|
data/lib/pwn/sast/csrf.rb
CHANGED
|
@@ -22,7 +22,7 @@ module PWN
|
|
|
22
22
|
result_arr = []
|
|
23
23
|
logger_results = ''
|
|
24
24
|
|
|
25
|
-
PWN::Plugins::FileFu.
|
|
25
|
+
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
26
26
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
|
|
27
27
|
line_no_and_contents_arr = []
|
|
28
28
|
entry_beautified = false
|
|
@@ -62,11 +62,8 @@ module PWN
|
|
|
62
62
|
while line_no_count > current_count
|
|
63
63
|
line_no = line_contents_split[current_count]
|
|
64
64
|
contents = line_contents_split[current_count + 1]
|
|
65
|
-
if Dir.exist?(
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
repo_root = dir_path
|
|
69
|
-
repo_root = '.' if Dir.exist?('.git')
|
|
65
|
+
if Dir.exist?('.git')
|
|
66
|
+
repo_root = '.'
|
|
70
67
|
|
|
71
68
|
author = PWN::Plugins::Git.get_author(
|
|
72
69
|
repo_root: repo_root,
|
|
@@ -23,7 +23,7 @@ module PWN
|
|
|
23
23
|
result_arr = []
|
|
24
24
|
logger_results = ''
|
|
25
25
|
|
|
26
|
-
PWN::Plugins::FileFu.
|
|
26
|
+
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
27
27
|
if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.scala' || File.extname(entry) == '.java') && entry !~ /test/i
|
|
28
28
|
line_no_and_contents_arr = []
|
|
29
29
|
entry_beautified = false
|
|
@@ -70,11 +70,8 @@ module PWN
|
|
|
70
70
|
while line_no_count > current_count
|
|
71
71
|
line_no = line_contents_split[current_count]
|
|
72
72
|
contents = line_contents_split[current_count + 1]
|
|
73
|
-
if Dir.exist?(
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
repo_root = dir_path
|
|
77
|
-
repo_root = '.' if Dir.exist?('.git')
|
|
73
|
+
if Dir.exist?('.git')
|
|
74
|
+
repo_root = '.'
|
|
78
75
|
|
|
79
76
|
author = PWN::Plugins::Git.get_author(
|
|
80
77
|
repo_root: repo_root,
|
data/lib/pwn/sast/emoticon.rb
CHANGED
|
@@ -21,7 +21,7 @@ module PWN
|
|
|
21
21
|
result_arr = []
|
|
22
22
|
logger_results = ''
|
|
23
23
|
|
|
24
|
-
PWN::Plugins::FileFu.
|
|
24
|
+
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
25
25
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
|
|
26
26
|
line_no_and_contents_arr = []
|
|
27
27
|
entry_beautified = false
|
|
@@ -68,11 +68,8 @@ module PWN
|
|
|
68
68
|
while line_no_count > current_count
|
|
69
69
|
line_no = line_contents_split[current_count]
|
|
70
70
|
contents = line_contents_split[current_count + 1]
|
|
71
|
-
if Dir.exist?(
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
repo_root = dir_path
|
|
75
|
-
repo_root = '.' if Dir.exist?('.git')
|
|
71
|
+
if Dir.exist?('.git')
|
|
72
|
+
repo_root = '.'
|
|
76
73
|
|
|
77
74
|
author = PWN::Plugins::Git.get_author(
|
|
78
75
|
repo_root: repo_root,
|
data/lib/pwn/sast/eval.rb
CHANGED
|
@@ -22,7 +22,7 @@ module PWN
|
|
|
22
22
|
result_arr = []
|
|
23
23
|
logger_results = ''
|
|
24
24
|
|
|
25
|
-
PWN::Plugins::FileFu.
|
|
25
|
+
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
26
26
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
|
|
27
27
|
line_no_and_contents_arr = []
|
|
28
28
|
entry_beautified = false
|
|
@@ -62,11 +62,8 @@ module PWN
|
|
|
62
62
|
while line_no_count > current_count
|
|
63
63
|
line_no = line_contents_split[current_count]
|
|
64
64
|
contents = line_contents_split[current_count + 1]
|
|
65
|
-
if Dir.exist?(
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
repo_root = dir_path
|
|
69
|
-
repo_root = '.' if Dir.exist?('.git')
|
|
65
|
+
if Dir.exist?('.git')
|
|
66
|
+
repo_root = '.'
|
|
70
67
|
|
|
71
68
|
author = PWN::Plugins::Git.get_author(
|
|
72
69
|
repo_root: repo_root,
|
data/lib/pwn/sast/factory.rb
CHANGED
|
@@ -23,7 +23,7 @@ module PWN
|
|
|
23
23
|
result_arr = []
|
|
24
24
|
logger_results = ''
|
|
25
25
|
|
|
26
|
-
PWN::Plugins::FileFu.
|
|
26
|
+
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
27
27
|
if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.scala' || File.extname(entry) == '.java') && entry !~ /test/i
|
|
28
28
|
line_no_and_contents_arr = []
|
|
29
29
|
entry_beautified = false
|
|
@@ -65,11 +65,8 @@ module PWN
|
|
|
65
65
|
while line_no_count > current_count
|
|
66
66
|
line_no = line_contents_split[current_count]
|
|
67
67
|
contents = line_contents_split[current_count + 1]
|
|
68
|
-
if Dir.exist?(
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
repo_root = dir_path
|
|
72
|
-
repo_root = '.' if Dir.exist?('.git')
|
|
68
|
+
if Dir.exist?('.git')
|
|
69
|
+
repo_root = '.'
|
|
73
70
|
|
|
74
71
|
author = PWN::Plugins::Git.get_author(
|
|
75
72
|
repo_root: repo_root,
|
|
@@ -21,7 +21,7 @@ module PWN
|
|
|
21
21
|
result_arr = []
|
|
22
22
|
logger_results = ''
|
|
23
23
|
|
|
24
|
-
PWN::Plugins::FileFu.
|
|
24
|
+
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
25
25
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
|
|
26
26
|
line_no_and_contents_arr = []
|
|
27
27
|
entry_beautified = false
|
|
@@ -70,11 +70,8 @@ module PWN
|
|
|
70
70
|
while line_no_count > current_count
|
|
71
71
|
line_no = line_contents_split[current_count]
|
|
72
72
|
contents = line_contents_split[current_count + 1]
|
|
73
|
-
if Dir.exist?(
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
repo_root = dir_path
|
|
77
|
-
repo_root = '.' if Dir.exist?('.git')
|
|
73
|
+
if Dir.exist?('.git')
|
|
74
|
+
repo_root = '.'
|
|
78
75
|
|
|
79
76
|
author = PWN::Plugins::Git.get_author(
|
|
80
77
|
repo_root: repo_root,
|