pwn 0.5.436 → 0.5.438
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/lib/pwn/ai/introspection.rb +0 -1
- data/lib/pwn/reports/sast.rb +50 -58
- data/lib/pwn/sast/amqp_connect_as_guest.rb +19 -2
- data/lib/pwn/sast/apache_file_system_util_api.rb +19 -2
- data/lib/pwn/sast/aws.rb +19 -2
- data/lib/pwn/sast/banned_function_calls_c.rb +19 -2
- data/lib/pwn/sast/base64.rb +19 -2
- data/lib/pwn/sast/beef_hook.rb +19 -2
- data/lib/pwn/sast/cmd_execution_java.rb +19 -2
- data/lib/pwn/sast/cmd_execution_python.rb +19 -2
- data/lib/pwn/sast/cmd_execution_ruby.rb +19 -2
- data/lib/pwn/sast/cmd_execution_scala.rb +19 -2
- data/lib/pwn/sast/csrf.rb +19 -2
- data/lib/pwn/sast/deserial_java.rb +19 -2
- data/lib/pwn/sast/emoticon.rb +19 -2
- data/lib/pwn/sast/eval.rb +19 -2
- data/lib/pwn/sast/factory.rb +19 -2
- data/lib/pwn/sast/http_authorization_header.rb +19 -2
- data/lib/pwn/sast/inner_html.rb +19 -2
- data/lib/pwn/sast/keystore.rb +19 -2
- data/lib/pwn/sast/local_storage.rb +19 -2
- data/lib/pwn/sast/location_hash.rb +19 -2
- data/lib/pwn/sast/log4j.rb +19 -2
- data/lib/pwn/sast/logger.rb +19 -2
- data/lib/pwn/sast/md5.rb +19 -2
- data/lib/pwn/sast/outer_html.rb +19 -2
- data/lib/pwn/sast/padding_oracle.rb +19 -2
- data/lib/pwn/sast/password.rb +19 -2
- data/lib/pwn/sast/php_input_mechanisms.rb +19 -2
- data/lib/pwn/sast/php_type_juggling.rb +19 -2
- data/lib/pwn/sast/pom_version.rb +19 -2
- data/lib/pwn/sast/port.rb +19 -2
- data/lib/pwn/sast/post_message.rb +19 -2
- data/lib/pwn/sast/private_key.rb +19 -2
- data/lib/pwn/sast/redirect.rb +19 -2
- data/lib/pwn/sast/redos.rb +19 -2
- data/lib/pwn/sast/shell.rb +19 -2
- data/lib/pwn/sast/signature.rb +19 -2
- data/lib/pwn/sast/sql.rb +19 -2
- data/lib/pwn/sast/ssl.rb +19 -2
- data/lib/pwn/sast/sudo.rb +19 -2
- data/lib/pwn/sast/task_tag.rb +19 -2
- data/lib/pwn/sast/throw_errors.rb +19 -2
- data/lib/pwn/sast/token.rb +19 -2
- data/lib/pwn/sast/type_script_type_juggling.rb +19 -2
- data/lib/pwn/sast/version.rb +19 -2
- data/lib/pwn/sast/window_location_hash.rb +19 -2
- data/lib/pwn/version.rb +1 -1
- metadata +1 -1
data/lib/pwn/sast/token.rb
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: false
|
|
2
2
|
|
|
3
|
+
require 'json'
|
|
3
4
|
require 'socket'
|
|
4
5
|
|
|
5
6
|
module PWN
|
|
@@ -19,7 +20,8 @@ module PWN
|
|
|
19
20
|
dir_path = opts[:dir_path]
|
|
20
21
|
git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
|
|
21
22
|
result_arr = []
|
|
22
|
-
|
|
23
|
+
ai_introspection = PWN::Env[:ai][:introspection]
|
|
24
|
+
logger_results = "AI Introspection => #{ai_introspection} => "
|
|
23
25
|
|
|
24
26
|
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
25
27
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
|
|
@@ -76,10 +78,25 @@ module PWN
|
|
|
76
78
|
end
|
|
77
79
|
author ||= 'N/A'
|
|
78
80
|
|
|
81
|
+
ai_analysis = nil
|
|
82
|
+
if ai_introspection
|
|
83
|
+
request = {
|
|
84
|
+
scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
|
|
85
|
+
line_no: line_no,
|
|
86
|
+
source_code_snippet: contents
|
|
87
|
+
}.to_json
|
|
88
|
+
response = PWN::AI::Introspection.reflect(request: request)
|
|
89
|
+
if response.is_a?(Hash)
|
|
90
|
+
ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
|
|
91
|
+
ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
|
|
79
95
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
80
96
|
line_no: line_no,
|
|
81
97
|
contents: contents,
|
|
82
|
-
author: author
|
|
98
|
+
author: author,
|
|
99
|
+
ai_analysis: ai_analysis
|
|
83
100
|
)
|
|
84
101
|
|
|
85
102
|
current_count += 2
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: false
|
|
2
2
|
|
|
3
|
+
require 'json'
|
|
3
4
|
require 'socket'
|
|
4
5
|
|
|
5
6
|
module PWN
|
|
@@ -19,7 +20,8 @@ module PWN
|
|
|
19
20
|
dir_path = opts[:dir_path]
|
|
20
21
|
git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
|
|
21
22
|
result_arr = []
|
|
22
|
-
|
|
23
|
+
ai_introspection = PWN::Env[:ai][:introspection]
|
|
24
|
+
logger_results = "AI Introspection => #{ai_introspection} => "
|
|
23
25
|
|
|
24
26
|
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
25
27
|
if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && File.extname(entry).include?('.ts') && entry !~ /test/i
|
|
@@ -78,10 +80,25 @@ module PWN
|
|
|
78
80
|
end
|
|
79
81
|
author ||= 'N/A'
|
|
80
82
|
|
|
83
|
+
ai_analysis = nil
|
|
84
|
+
if ai_introspection
|
|
85
|
+
request = {
|
|
86
|
+
scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
|
|
87
|
+
line_no: line_no,
|
|
88
|
+
source_code_snippet: contents
|
|
89
|
+
}.to_json
|
|
90
|
+
response = PWN::AI::Introspection.reflect(request: request)
|
|
91
|
+
if response.is_a?(Hash)
|
|
92
|
+
ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
|
|
93
|
+
ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
|
|
94
|
+
end
|
|
95
|
+
end
|
|
96
|
+
|
|
81
97
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
82
98
|
line_no: line_no,
|
|
83
99
|
contents: contents,
|
|
84
|
-
author: author
|
|
100
|
+
author: author,
|
|
101
|
+
ai_analysis: ai_analysis
|
|
85
102
|
)
|
|
86
103
|
|
|
87
104
|
current_count += 2
|
data/lib/pwn/sast/version.rb
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: false
|
|
2
2
|
|
|
3
|
+
require 'json'
|
|
3
4
|
require 'socket'
|
|
4
5
|
|
|
5
6
|
module PWN
|
|
@@ -19,7 +20,8 @@ module PWN
|
|
|
19
20
|
dir_path = opts[:dir_path]
|
|
20
21
|
git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
|
|
21
22
|
result_arr = []
|
|
22
|
-
|
|
23
|
+
ai_introspection = PWN::Env[:ai][:introspection]
|
|
24
|
+
logger_results = "AI Introspection => #{ai_introspection} => "
|
|
23
25
|
|
|
24
26
|
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
25
27
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
|
|
@@ -75,10 +77,25 @@ module PWN
|
|
|
75
77
|
end
|
|
76
78
|
author ||= 'N/A'
|
|
77
79
|
|
|
80
|
+
ai_analysis = nil
|
|
81
|
+
if ai_introspection
|
|
82
|
+
request = {
|
|
83
|
+
scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
|
|
84
|
+
line_no: line_no,
|
|
85
|
+
source_code_snippet: contents
|
|
86
|
+
}.to_json
|
|
87
|
+
response = PWN::AI::Introspection.reflect(request: request)
|
|
88
|
+
if response.is_a?(Hash)
|
|
89
|
+
ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
|
|
90
|
+
ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
|
|
78
94
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
79
95
|
line_no: line_no,
|
|
80
96
|
contents: contents,
|
|
81
|
-
author: author
|
|
97
|
+
author: author,
|
|
98
|
+
ai_analysis: ai_analysis
|
|
82
99
|
)
|
|
83
100
|
|
|
84
101
|
current_count += 2
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: false
|
|
2
2
|
|
|
3
|
+
require 'json'
|
|
3
4
|
require 'socket'
|
|
4
5
|
|
|
5
6
|
module PWN
|
|
@@ -19,7 +20,8 @@ module PWN
|
|
|
19
20
|
dir_path = opts[:dir_path]
|
|
20
21
|
git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
|
|
21
22
|
result_arr = []
|
|
22
|
-
|
|
23
|
+
ai_introspection = PWN::Env[:ai][:introspection]
|
|
24
|
+
logger_results = "AI Introspection => #{ai_introspection} => "
|
|
23
25
|
|
|
24
26
|
PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
|
|
25
27
|
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
|
|
@@ -74,10 +76,25 @@ module PWN
|
|
|
74
76
|
end
|
|
75
77
|
author ||= 'N/A'
|
|
76
78
|
|
|
79
|
+
ai_analysis = nil
|
|
80
|
+
if ai_introspection
|
|
81
|
+
request = {
|
|
82
|
+
scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
|
|
83
|
+
line_no: line_no,
|
|
84
|
+
source_code_snippet: contents
|
|
85
|
+
}.to_json
|
|
86
|
+
response = PWN::AI::Introspection.reflect(request: request)
|
|
87
|
+
if response.is_a?(Hash)
|
|
88
|
+
ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
|
|
89
|
+
ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
|
|
77
93
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
78
94
|
line_no: line_no,
|
|
79
95
|
contents: contents,
|
|
80
|
-
author: author
|
|
96
|
+
author: author,
|
|
97
|
+
ai_analysis: ai_analysis
|
|
81
98
|
)
|
|
82
99
|
|
|
83
100
|
current_count += 2
|
data/lib/pwn/version.rb
CHANGED