pwn 0.5.435 → 0.5.437

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +3 -3
  3. data/lib/pwn/config.rb +101 -3
  4. data/lib/pwn/plugins/repl.rb +2 -2
  5. data/lib/pwn/plugins/vault.rb +15 -6
  6. data/lib/pwn/reports/sast.rb +50 -57
  7. data/lib/pwn/sast/amqp_connect_as_guest.rb +17 -1
  8. data/lib/pwn/sast/apache_file_system_util_api.rb +17 -1
  9. data/lib/pwn/sast/aws.rb +17 -1
  10. data/lib/pwn/sast/banned_function_calls_c.rb +17 -1
  11. data/lib/pwn/sast/base64.rb +17 -1
  12. data/lib/pwn/sast/beef_hook.rb +17 -1
  13. data/lib/pwn/sast/cmd_execution_java.rb +17 -1
  14. data/lib/pwn/sast/cmd_execution_python.rb +17 -1
  15. data/lib/pwn/sast/cmd_execution_ruby.rb +17 -1
  16. data/lib/pwn/sast/cmd_execution_scala.rb +17 -1
  17. data/lib/pwn/sast/csrf.rb +17 -1
  18. data/lib/pwn/sast/deserial_java.rb +17 -1
  19. data/lib/pwn/sast/emoticon.rb +17 -1
  20. data/lib/pwn/sast/eval.rb +17 -1
  21. data/lib/pwn/sast/factory.rb +17 -1
  22. data/lib/pwn/sast/http_authorization_header.rb +17 -1
  23. data/lib/pwn/sast/inner_html.rb +17 -1
  24. data/lib/pwn/sast/keystore.rb +17 -1
  25. data/lib/pwn/sast/local_storage.rb +17 -1
  26. data/lib/pwn/sast/location_hash.rb +17 -1
  27. data/lib/pwn/sast/log4j.rb +17 -1
  28. data/lib/pwn/sast/logger.rb +17 -1
  29. data/lib/pwn/sast/md5.rb +17 -1
  30. data/lib/pwn/sast/outer_html.rb +17 -1
  31. data/lib/pwn/sast/padding_oracle.rb +17 -1
  32. data/lib/pwn/sast/password.rb +17 -1
  33. data/lib/pwn/sast/php_input_mechanisms.rb +17 -1
  34. data/lib/pwn/sast/php_type_juggling.rb +17 -1
  35. data/lib/pwn/sast/pom_version.rb +17 -1
  36. data/lib/pwn/sast/port.rb +17 -1
  37. data/lib/pwn/sast/post_message.rb +17 -1
  38. data/lib/pwn/sast/private_key.rb +17 -1
  39. data/lib/pwn/sast/redirect.rb +17 -1
  40. data/lib/pwn/sast/redos.rb +17 -1
  41. data/lib/pwn/sast/shell.rb +17 -1
  42. data/lib/pwn/sast/signature.rb +17 -1
  43. data/lib/pwn/sast/sql.rb +17 -1
  44. data/lib/pwn/sast/ssl.rb +17 -1
  45. data/lib/pwn/sast/sudo.rb +17 -1
  46. data/lib/pwn/sast/task_tag.rb +17 -1
  47. data/lib/pwn/sast/throw_errors.rb +17 -1
  48. data/lib/pwn/sast/token.rb +17 -1
  49. data/lib/pwn/sast/type_script_type_juggling.rb +17 -1
  50. data/lib/pwn/sast/version.rb +17 -1
  51. data/lib/pwn/sast/window_location_hash.rb +17 -1
  52. data/lib/pwn/version.rb +1 -1
  53. data/lib/pwn.rb +3 -1
  54. data/spec/lib/pwn/config_spec.rb +0 -5
  55. metadata +1 -1
data/lib/pwn/sast/redos.rb CHANGED
@@ -81,10 +81,26 @@ module PWN
81
81
  end
82
82
  author ||= 'N/A'
83
83
 
84
+ ai_instrospection = PWN::Env[:ai][:introspection]
85
+ ai_analysis = nil
86
+ if ai_instrospection
87
+ request = {
88
+ scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
89
+ line_no: line_no,
90
+ source_code_snippet: contents
91
+ }.to_json
92
+ response = PWN::AI::Introspection.reflect(request: request)
93
+ if response.is_a?(Hash)
94
+ ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
95
+ ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
96
+ end
97
+ end
98
+
84
99
  hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
85
100
  line_no: line_no,
86
101
  contents: contents,
87
- author: author
102
+ author: author,
103
+ ai_analysis: ai_analysis
88
104
  )
89
105
 
90
106
  current_count += 2
data/lib/pwn/sast/shell.rb CHANGED
@@ -82,10 +82,26 @@ module PWN
82
82
  end
83
83
  author ||= 'N/A'
84
84
 
85
+ ai_instrospection = PWN::Env[:ai][:introspection]
86
+ ai_analysis = nil
87
+ if ai_instrospection
88
+ request = {
89
+ scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
90
+ line_no: line_no,
91
+ source_code_snippet: contents
92
+ }.to_json
93
+ response = PWN::AI::Introspection.reflect(request: request)
94
+ if response.is_a?(Hash)
95
+ ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
96
+ ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
97
+ end
98
+ end
99
+
85
100
  hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
86
101
  line_no: line_no,
87
102
  contents: contents,
88
- author: author
103
+ author: author,
104
+ ai_analysis: ai_analysis
89
105
  )
90
106
 
91
107
  current_count += 2
data/lib/pwn/sast/signature.rb CHANGED
@@ -74,10 +74,26 @@ module PWN
74
74
  end
75
75
  author ||= 'N/A'
76
76
 
77
+ ai_instrospection = PWN::Env[:ai][:introspection]
78
+ ai_analysis = nil
79
+ if ai_instrospection
80
+ request = {
81
+ scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
82
+ line_no: line_no,
83
+ source_code_snippet: contents
84
+ }.to_json
85
+ response = PWN::AI::Introspection.reflect(request: request)
86
+ if response.is_a?(Hash)
87
+ ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
88
+ ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
89
+ end
90
+ end
91
+
77
92
  hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
78
93
  line_no: line_no,
79
94
  contents: contents,
80
- author: author
95
+ author: author,
96
+ ai_analysis: ai_analysis
81
97
  )
82
98
 
83
99
  current_count += 2
data/lib/pwn/sast/sql.rb CHANGED
@@ -78,10 +78,26 @@ module PWN
78
78
  end
79
79
  author ||= 'N/A'
80
80
 
81
+ ai_instrospection = PWN::Env[:ai][:introspection]
82
+ ai_analysis = nil
83
+ if ai_instrospection
84
+ request = {
85
+ scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
86
+ line_no: line_no,
87
+ source_code_snippet: contents
88
+ }.to_json
89
+ response = PWN::AI::Introspection.reflect(request: request)
90
+ if response.is_a?(Hash)
91
+ ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
92
+ ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
93
+ end
94
+ end
95
+
81
96
  hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
82
97
  line_no: line_no,
83
98
  contents: contents,
84
- author: author
99
+ author: author,
100
+ ai_analysis: ai_analysis
85
101
  )
86
102
 
87
103
  current_count += 2
data/lib/pwn/sast/ssl.rb CHANGED
@@ -78,10 +78,26 @@ module PWN
78
78
  end
79
79
  author ||= 'N/A'
80
80
 
81
+ ai_instrospection = PWN::Env[:ai][:introspection]
82
+ ai_analysis = nil
83
+ if ai_instrospection
84
+ request = {
85
+ scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
86
+ line_no: line_no,
87
+ source_code_snippet: contents
88
+ }.to_json
89
+ response = PWN::AI::Introspection.reflect(request: request)
90
+ if response.is_a?(Hash)
91
+ ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
92
+ ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
93
+ end
94
+ end
95
+
81
96
  hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
82
97
  line_no: line_no,
83
98
  contents: contents,
84
- author: author
99
+ author: author,
100
+ ai_analysis: ai_analysis
85
101
  )
86
102
 
87
103
  current_count += 2
data/lib/pwn/sast/sudo.rb CHANGED
@@ -74,10 +74,26 @@ module PWN
74
74
  end
75
75
  author ||= 'N/A'
76
76
 
77
+ ai_instrospection = PWN::Env[:ai][:introspection]
78
+ ai_analysis = nil
79
+ if ai_instrospection
80
+ request = {
81
+ scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
82
+ line_no: line_no,
83
+ source_code_snippet: contents
84
+ }.to_json
85
+ response = PWN::AI::Introspection.reflect(request: request)
86
+ if response.is_a?(Hash)
87
+ ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
88
+ ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
89
+ end
90
+ end
91
+
77
92
  hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
78
93
  line_no: line_no,
79
94
  contents: contents,
80
- author: author
95
+ author: author,
96
+ ai_analysis: ai_analysis
81
97
  )
82
98
 
83
99
  current_count += 2
data/lib/pwn/sast/task_tag.rb CHANGED
@@ -88,10 +88,26 @@ module PWN
88
88
  end
89
89
  author ||= 'N/A'
90
90
 
91
+ ai_instrospection = PWN::Env[:ai][:introspection]
92
+ ai_analysis = nil
93
+ if ai_instrospection
94
+ request = {
95
+ scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
96
+ line_no: line_no,
97
+ source_code_snippet: contents
98
+ }.to_json
99
+ response = PWN::AI::Introspection.reflect(request: request)
100
+ if response.is_a?(Hash)
101
+ ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
102
+ ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
103
+ end
104
+ end
105
+
91
106
  hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
92
107
  line_no: line_no,
93
108
  contents: contents,
94
- author: author
109
+ author: author,
110
+ ai_analysis: ai_analysis
95
111
  )
96
112
 
97
113
  current_count += 2
data/lib/pwn/sast/throw_errors.rb CHANGED
@@ -77,10 +77,26 @@ module PWN
77
77
  end
78
78
  author ||= 'N/A'
79
79
 
80
+ ai_instrospection = PWN::Env[:ai][:introspection]
81
+ ai_analysis = nil
82
+ if ai_instrospection
83
+ request = {
84
+ scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
85
+ line_no: line_no,
86
+ source_code_snippet: contents
87
+ }.to_json
88
+ response = PWN::AI::Introspection.reflect(request: request)
89
+ if response.is_a?(Hash)
90
+ ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
91
+ ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
92
+ end
93
+ end
94
+
80
95
  hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
81
96
  line_no: line_no,
82
97
  contents: contents,
83
- author: author
98
+ author: author,
99
+ ai_analysis: ai_analysis
84
100
  )
85
101
 
86
102
  current_count += 2
data/lib/pwn/sast/token.rb CHANGED
@@ -76,10 +76,26 @@ module PWN
76
76
  end
77
77
  author ||= 'N/A'
78
78
 
79
+ ai_instrospection = PWN::Env[:ai][:introspection]
80
+ ai_analysis = nil
81
+ if ai_instrospection
82
+ request = {
83
+ scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
84
+ line_no: line_no,
85
+ source_code_snippet: contents
86
+ }.to_json
87
+ response = PWN::AI::Introspection.reflect(request: request)
88
+ if response.is_a?(Hash)
89
+ ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
90
+ ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
91
+ end
92
+ end
93
+
79
94
  hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
80
95
  line_no: line_no,
81
96
  contents: contents,
82
- author: author
97
+ author: author,
98
+ ai_analysis: ai_analysis
83
99
  )
84
100
 
85
101
  current_count += 2
data/lib/pwn/sast/type_script_type_juggling.rb CHANGED
@@ -78,10 +78,26 @@ module PWN
78
78
  end
79
79
  author ||= 'N/A'
80
80
 
81
+ ai_instrospection = PWN::Env[:ai][:introspection]
82
+ ai_analysis = nil
83
+ if ai_instrospection
84
+ request = {
85
+ scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
86
+ line_no: line_no,
87
+ source_code_snippet: contents
88
+ }.to_json
89
+ response = PWN::AI::Introspection.reflect(request: request)
90
+ if response.is_a?(Hash)
91
+ ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
92
+ ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
93
+ end
94
+ end
95
+
81
96
  hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
82
97
  line_no: line_no,
83
98
  contents: contents,
84
- author: author
99
+ author: author,
100
+ ai_analysis: ai_analysis
85
101
  )
86
102
 
87
103
  current_count += 2
data/lib/pwn/sast/version.rb CHANGED
@@ -75,10 +75,26 @@ module PWN
75
75
  end
76
76
  author ||= 'N/A'
77
77
 
78
+ ai_instrospection = PWN::Env[:ai][:introspection]
79
+ ai_analysis = nil
80
+ if ai_instrospection
81
+ request = {
82
+ scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
83
+ line_no: line_no,
84
+ source_code_snippet: contents
85
+ }.to_json
86
+ response = PWN::AI::Introspection.reflect(request: request)
87
+ if response.is_a?(Hash)
88
+ ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
89
+ ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
90
+ end
91
+ end
92
+
78
93
  hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
79
94
  line_no: line_no,
80
95
  contents: contents,
81
- author: author
96
+ author: author,
97
+ ai_analysis: ai_analysis
82
98
  )
83
99
 
84
100
  current_count += 2
data/lib/pwn/sast/window_location_hash.rb CHANGED
@@ -74,10 +74,26 @@ module PWN
74
74
  end
75
75
  author ||= 'N/A'
76
76
 
77
+ ai_instrospection = PWN::Env[:ai][:introspection]
78
+ ai_analysis = nil
79
+ if ai_instrospection
80
+ request = {
81
+ scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
82
+ line_no: line_no,
83
+ source_code_snippet: contents
84
+ }.to_json
85
+ response = PWN::AI::Introspection.reflect(request: request)
86
+ if response.is_a?(Hash)
87
+ ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
88
+ ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
89
+ end
90
+ end
91
+
77
92
  hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
78
93
  line_no: line_no,
79
94
  contents: contents,
80
- author: author
95
+ author: author,
96
+ ai_analysis: ai_analysis
81
97
  )
82
98
 
83
99
  current_count += 2
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.5.435'
4
+ VERSION = '0.5.437'
5
5
  end
data/lib/pwn.rb CHANGED
@@ -27,7 +27,9 @@ module PWN
27
27
 
28
28
  # Initialize PWN configuration file
29
29
  # PWN::Env is the constant that stores the configuration data
30
- PWN::Config.refresh_env
30
+ # Only call this if the program name is not pwn
31
+ driver = File.basename($PROGRAM_NAME)
32
+ PWN::Config.refresh_env unless driver == 'pwn'
31
33
  rescue StandardError => e
32
34
  puts e.backtrace
33
35
  raise e
data/spec/lib/pwn/config_spec.rb CHANGED
@@ -3,11 +3,6 @@
3
3
  require 'spec_helper'
4
4
 
5
5
  describe PWN::Config do
6
- it 'should return data for refresh method' do
7
- config_response = PWN::Config.refresh_env
8
- expect(config_response).not_to be_nil
9
- end
10
-
11
6
  it 'should display information for authors' do
12
7
  authors_response = PWN::Config
13
8
  expect(authors_response).to respond_to :authors
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.435
4
+ version: 0.5.437
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.