pwn 0.5.441 → 0.5.443

data/lib/pwn/sast/token.rb

@@ -19,100 +19,20 @@ module PWN
       public_class_method def self.scan(opts = {})
         dir_path = opts[:dir_path]
         git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
-        result_arr = []
-        ai_introspection = PWN::Env[:ai][:introspection]
-        logger_results = "AI Introspection => #{ai_introspection} => "
 
-        PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
-            line_no_and_contents_arr = []
-            entry_beautified = false
-
-            if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
-              js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED 2> /dev/null`.to_s.scrub
-              entry = "#{entry}.JS-BEAUTIFIED"
-              entry_beautified = true
-            end
-
-            test_case_filter = "
-              grep -Fin \
-              -e 'token' \
-              -e 'oauth' \
-              -e 'decodeAndVerify' #{entry} 2> /dev/null
-            "
-
-            str = `#{test_case_filter}`.to_s.scrub
-
-            if str.to_s.empty?
-              # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
-              logger_results = "#{logger_results}~" # Catching bugs is good :)
-            else
-              str = "1:Result larger than 64KB -> Size: #{str.to_s.length}.  Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
-
-              hash_line = {
-                timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                security_references: security_references,
-                filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
-                line_no_and_contents: '',
-                raw_content: str,
-                test_case_filter: test_case_filter
-              }
-
-              # COMMMENT: Must be a better way to implement this (regex is kinda funky)
-              line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
-              line_no_count = line_contents_split.length # This should always be an even number
-              current_count = 0
-              while line_no_count > current_count
-                line_no = line_contents_split[current_count]
-                contents = line_contents_split[current_count + 1]
-                if Dir.exist?('.git')
-                  repo_root = '.'
-
-                  author = PWN::Plugins::Git.get_author(
-                    repo_root: repo_root,
-                    from_line: line_no,
-                    to_line: line_no,
-                    target_file: entry,
-                    entry_beautified: entry_beautified
-                  )
-                end
-                author ||= 'N/A'
-
-                ai_analysis = nil
-                if ai_introspection
-                  request = {
-                    scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
-                    line_no: line_no,
-                    source_code_snippet: contents
-                  }.to_json
-                  response = PWN::AI::Introspection.reflect(request: request)
-                  if response.is_a?(Hash)
-                    ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
-                    ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
-                  end
-                end
-
-                hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
-                  line_no: line_no,
-                  contents: contents,
-                  author: author,
-                  ai_analysis: ai_analysis
-                )
+        test_case_filter = "
+          grep -Fin \
+          -e 'token' \
+          -e 'oauth' \
+          -e 'decodeAndVerify' {PWN_SAST_SRC_TARGET} 2> /dev/null
+        "
 
-                current_count += 2
-              end
-              result_arr.push(hash_line)
-              logger_results = "#{logger_results}x" # Seeing progress is good :)
-            end
-          end
-        end
-        logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
-        if logger_results.empty?
-          @@logger.info("#{logger_banner}: No files applicable to this test case.\n")
-        else
-          @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
-        end
-        result_arr
+        PWN::SAST::TestCaseEngine.execute(
+          test_case_filter: test_case_filter,
+          security_references: security_references,
+          dir_path: dir_path,
+          git_repo_root_uri: git_repo_root_uri
+        )
       rescue StandardError => e
         raise e
       end

data/lib/pwn/sast/type_script_type_juggling.rb

@@ -19,102 +19,22 @@ module PWN
       public_class_method def self.scan(opts = {})
         dir_path = opts[:dir_path]
         git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
-        result_arr = []
-        ai_introspection = PWN::Env[:ai][:introspection]
-        logger_results = "AI Introspection => #{ai_introspection} => "
 
-        PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
-          if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && File.extname(entry).include?('.ts') && entry !~ /test/i
-            line_no_and_contents_arr = []
-            entry_beautified = false
-
-            if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
-              js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED 2> /dev/null`.to_s.scrub
-              entry = "#{entry}.JS-BEAUTIFIED"
-              entry_beautified = true
-            end
-
-            test_case_filter = "
-              grep -Fn \
-              -e '==' \
-              -e '!=' #{entry} 2>/dev/null | \
-              grep -v \
-                -e '===' \
-                -e '!=='
-            "
-
-            str = `#{test_case_filter}`.to_s.scrub
-
-            if str.to_s.empty?
-              # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
-              logger_results = "#{logger_results}~" # Catching bugs is good :)
-            else
-              str = "1:Result larger than 64KB -> Size: #{str.to_s.length}.  Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
-
-              hash_line = {
-                timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                security_references: security_references,
-                filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
-                line_no_and_contents: '',
-                raw_content: str,
-                test_case_filter: test_case_filter
-              }
-
-              # COMMMENT: Must be a better way to implement this (regex is kinda funky)
-              line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
-              line_no_count = line_contents_split.length # This should always be an even number
-              current_count = 0
-              while line_no_count > current_count
-                line_no = line_contents_split[current_count]
-                contents = line_contents_split[current_count + 1]
-                if Dir.exist?('.git')
-                  repo_root = '.'
-
-                  author = PWN::Plugins::Git.get_author(
-                    repo_root: repo_root,
-                    from_line: line_no,
-                    to_line: line_no,
-                    target_file: entry,
-                    entry_beautified: entry_beautified
-                  )
-                end
-                author ||= 'N/A'
-
-                ai_analysis = nil
-                if ai_introspection
-                  request = {
-                    scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
-                    line_no: line_no,
-                    source_code_snippet: contents
-                  }.to_json
-                  response = PWN::AI::Introspection.reflect(request: request)
-                  if response.is_a?(Hash)
-                    ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
-                    ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
-                  end
-                end
-
-                hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
-                  line_no: line_no,
-                  contents: contents,
-                  author: author,
-                  ai_analysis: ai_analysis
-                )
+        test_case_filter = "
+          grep -Fn \
+          -e '==' \
+          -e '!=' {PWN_SAST_SRC_TARGET} 2>/dev/null | \
+          grep -v \
+            -e '===' \
+            -e '!=='
+        "
 
-                current_count += 2
-              end
-              result_arr.push(hash_line)
-              logger_results = "#{logger_results}x" # Seeing progress is good :)
-            end
-          end
-        end
-        logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
-        if logger_results.empty?
-          @@logger.info("#{logger_banner}: No files applicable to this test case.\n")
-        else
-          @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
-        end
-        result_arr
+        PWN::SAST::TestCaseEngine.execute(
+          test_case_filter: test_case_filter,
+          security_references: security_references,
+          dir_path: dir_path,
+          git_repo_root_uri: git_repo_root_uri
+        )
       rescue StandardError => e
         raise e
       end

data/lib/pwn/sast/version.rb

@@ -19,99 +19,19 @@ module PWN
       public_class_method def self.scan(opts = {})
         dir_path = opts[:dir_path]
         git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
-        result_arr = []
-        ai_introspection = PWN::Env[:ai][:introspection]
-        logger_results = "AI Introspection => #{ai_introspection} => "
 
-        PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
-            line_no_and_contents_arr = []
-            entry_beautified = false
-
-            if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
-              js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED 2> /dev/null`.to_s.scrub
-              entry = "#{entry}.JS-BEAUTIFIED"
-              entry_beautified = true
-            end
-
-            test_case_filter = %(
-              grep -in \
-              -e "version\\s=\\s" #{entry} 2> /dev/null | \
-              grep -F '"'
-            )
-
-            str = `#{test_case_filter}`.to_s.scrub
-
-            if str.to_s.empty?
-              # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
-              logger_results = "#{logger_results}~" # Catching bugs is good :)
-            else
-              str = "1:Result larger than 64KB -> Size: #{str.to_s.length}.  Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
-
-              hash_line = {
-                timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                security_references: security_references,
-                filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
-                line_no_and_contents: '',
-                raw_content: str,
-                test_case_filter: test_case_filter
-              }
-
-              # COMMMENT: Must be a better way to implement this (regex is kinda funky)
-              line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
-              line_no_count = line_contents_split.length # This should always be an even number
-              current_count = 0
-              while line_no_count > current_count
-                line_no = line_contents_split[current_count]
-                contents = line_contents_split[current_count + 1]
-                if Dir.exist?('.git')
-                  repo_root = '.'
-
-                  author = PWN::Plugins::Git.get_author(
-                    repo_root: repo_root,
-                    from_line: line_no,
-                    to_line: line_no,
-                    target_file: entry,
-                    entry_beautified: entry_beautified
-                  )
-                end
-                author ||= 'N/A'
-
-                ai_analysis = nil
-                if ai_introspection
-                  request = {
-                    scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
-                    line_no: line_no,
-                    source_code_snippet: contents
-                  }.to_json
-                  response = PWN::AI::Introspection.reflect(request: request)
-                  if response.is_a?(Hash)
-                    ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
-                    ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
-                  end
-                end
-
-                hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
-                  line_no: line_no,
-                  contents: contents,
-                  author: author,
-                  ai_analysis: ai_analysis
-                )
-
-                current_count += 2
-              end
-              result_arr.push(hash_line)
-              logger_results = "#{logger_results}x" # Seeing progress is good :)
-            end
-          end
-        end
-        logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
-        if logger_results.empty?
-          @@logger.info("#{logger_banner}: No files applicable to this test case.\n")
-        else
-          @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
-        end
-        result_arr
+        test_case_filter = %(
+          grep -in \
+          -e "version\\s=\\s" {PWN_SAST_SRC_TARGET} 2> /dev/null | \
+          grep -F '"'
+        )
+
+        PWN::SAST::TestCaseEngine.execute(
+          test_case_filter: test_case_filter,
+          security_references: security_references,
+          dir_path: dir_path,
+          git_repo_root_uri: git_repo_root_uri
+        )
       rescue StandardError => e
         raise e
       end

data/lib/pwn/sast/window_location_hash.rb

@@ -19,98 +19,18 @@ module PWN
       public_class_method def self.scan(opts = {})
         dir_path = opts[:dir_path]
         git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
-        result_arr = []
-        ai_introspection = PWN::Env[:ai][:introspection]
-        logger_results = "AI Introspection => #{ai_introspection} => "
 
-        PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
-            line_no_and_contents_arr = []
-            entry_beautified = false
-
-            if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
-              js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED 2> /dev/null`.to_s.scrub
-              entry = "#{entry}.JS-BEAUTIFIED"
-              entry_beautified = true
-            end
-
-            test_case_filter = "
-              grep -n \
-              -e 'window.location.hash' #{entry} 2> /dev/null
-            "
-
-            str = `#{test_case_filter}`.to_s.scrub
-
-            if str.to_s.empty?
-              # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
-              logger_results = "#{logger_results}~" # Catching bugs is good :)
-            else
-              str = "1:Result larger than 64KB -> Size: #{str.to_s.length}.  Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
-
-              hash_line = {
-                timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                security_references: security_references,
-                filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
-                line_no_and_contents: '',
-                raw_content: str,
-                test_case_filter: test_case_filter
-              }
-
-              # COMMMENT: Must be a better way to implement this (regex is kinda funky)
-              line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
-              line_no_count = line_contents_split.length # This should always be an even number
-              current_count = 0
-              while line_no_count > current_count
-                line_no = line_contents_split[current_count]
-                contents = line_contents_split[current_count + 1]
-                if Dir.exist?('.git')
-                  repo_root = '.'
-
-                  author = PWN::Plugins::Git.get_author(
-                    repo_root: repo_root,
-                    from_line: line_no,
-                    to_line: line_no,
-                    target_file: entry,
-                    entry_beautified: entry_beautified
-                  )
-                end
-                author ||= 'N/A'
-
-                ai_analysis = nil
-                if ai_introspection
-                  request = {
-                    scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
-                    line_no: line_no,
-                    source_code_snippet: contents
-                  }.to_json
-                  response = PWN::AI::Introspection.reflect(request: request)
-                  if response.is_a?(Hash)
-                    ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
-                    ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
-                  end
-                end
-
-                hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
-                  line_no: line_no,
-                  contents: contents,
-                  author: author,
-                  ai_analysis: ai_analysis
-                )
+        test_case_filter = "
+          grep -n \
+          -e 'window.location.hash' {PWN_SAST_SRC_TARGET} 2> /dev/null
+        "
 
-                current_count += 2
-              end
-              result_arr.push(hash_line)
-              logger_results = "#{logger_results}x" # Seeing progress is good :)
-            end
-          end
-        end
-        logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
-        if logger_results.empty?
-          @@logger.info("#{logger_banner}: No files applicable to this test case.\n")
-        else
-          @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
-        end
-        result_arr
+        PWN::SAST::TestCaseEngine.execute(
+          test_case_filter: test_case_filter,
+          security_references: security_references,
+          dir_path: dir_path,
+          git_repo_root_uri: git_repo_root_uri
+        )
       rescue StandardError => e
         raise e
       end

data/lib/pwn/sast.rb

@@ -46,6 +46,10 @@ module PWN
     autoload :SSL, 'pwn/sast/ssl'
     autoload :Sudo, 'pwn/sast/sudo'
     autoload :TaskTag, 'pwn/sast/task_tag'
+
+    # This module executes all the other SAST modules
+    autoload :TestCaseEngine, 'pwn/sast/test_case_engine'
+
     autoload :ThrowErrors, 'pwn/sast/throw_errors'
     autoload :Token, 'pwn/sast/token'
     autoload :TypeScriptTypeJuggling, 'pwn/sast/type_script_type_juggling'

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.441'
+  VERSION = '0.5.443'
 end

data/lib/pwn.rb

@@ -30,8 +30,6 @@ module PWN
 
   # Initialize PWN configuration file
   # PWN::Env is the constant that stores the configuration data
-  # Only call this if the program name is not pwn
-  # driver = File.basename($PROGRAM_NAME)
   PWN::Config.refresh_env
 rescue StandardError => e
   puts e.backtrace

data/spec/lib/pwn/sast/test_case_engine_spec.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::SAST::TestCaseEngine do
+  it 'execute method should exist' do
+    execute_response = PWN::SAST::TestCaseEngine
+    expect(execute_response).to respond_to :execute
+  end
+
+  it 'should display information for authors' do
+    authors_response = PWN::SAST::TestCaseEngine
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::SAST::TestCaseEngine
+    expect(help_response).to respond_to :help
+  end
+end

data/third_party/pwn_rdoc.jsonl

@@ -894,7 +894,7 @@
 {"messages":[{"role":"user","content":"PWN::Plugins::Pony.standard_options Usage"},{"role":"assistant","content":"`PWN::Plugins::Pony.standard_options`: "}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::Pony.subject_prefix Usage"},{"role":"assistant","content":"`PWN::Plugins::Pony.subject_prefix`: "}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::REPL.add_commands Usage"},{"role":"assistant","content":"`PWN::Plugins::REPL.add_commands`: Supported Method Parameters\n\nPWN::Plugins::REPL.add_commands\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::REPL.add_hooks Usage"},{"role":"assistant","content":"`PWN::Plugins::REPL.add_hooks`: Supported Method Parameters\n\nPWN::Plugins::REPL.add_hooks(\n\nopts: 'required - Hash object passed in via pwn OptParser'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::REPL.add_hooks Usage"},{"role":"assistant","content":"`PWN::Plugins::REPL.add_hooks`: Supported Method Parameters\n\nPWN::Plugins::REPL.add_hooks\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::REPL.authors Usage"},{"role":"assistant","content":"`PWN::Plugins::REPL.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::REPL.help Usage"},{"role":"assistant","content":"`PWN::Plugins::REPL.help`: "}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::REPL.refresh_ps1_proc Usage"},{"role":"assistant","content":"`PWN::Plugins::REPL.refresh_ps1_proc`: Supported Method Parameters\n\nPWN::Plugins::REPL.refresh_ps1_proc(\n\nmode: 'required - :splat or nil'\n\n)\n"}]}

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.441
+  version: 0.5.443
 platform: ruby
 authors:
 - 0day Inc.
@@ -407,14 +407,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.15.0
+        version: 2.15.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.15.0
+        version: 2.15.1
 - !ruby/object:Gem::Dependency
   name: jsonpath
   requirement: !ruby/object:Gem::Requirement
@@ -1955,6 +1955,7 @@ files:
 - lib/pwn/sast/ssl.rb
 - lib/pwn/sast/sudo.rb
 - lib/pwn/sast/task_tag.rb
+- lib/pwn/sast/test_case_engine.rb
 - lib/pwn/sast/throw_errors.rb
 - lib/pwn/sast/token.rb
 - lib/pwn/sast/type_script_type_juggling.rb
@@ -2304,6 +2305,7 @@ files:
 - spec/lib/pwn/sast/ssl_spec.rb
 - spec/lib/pwn/sast/sudo_spec.rb
 - spec/lib/pwn/sast/task_tag_spec.rb
+- spec/lib/pwn/sast/test_case_engine_spec.rb
 - spec/lib/pwn/sast/throw_errors_spec.rb
 - spec/lib/pwn/sast/token_spec.rb
 - spec/lib/pwn/sast/type_script_type_juggling_spec.rb