pwn 0.5.441 → 0.5.443

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -1
  3. data/README.md +3 -3
  4. data/lib/pwn/plugins/repl.rb +3 -5
  5. data/lib/pwn/sast/amqp_connect_as_guest.rb +12 -89
  6. data/lib/pwn/sast/apache_file_system_util_api.rb +11 -91
  7. data/lib/pwn/sast/aws.rb +13 -93
  8. data/lib/pwn/sast/banned_function_calls_c.rb +138 -218
  9. data/lib/pwn/sast/base64.rb +12 -90
  10. data/lib/pwn/sast/beef_hook.rb +10 -90
  11. data/lib/pwn/sast/cmd_execution_java.rb +12 -92
  12. data/lib/pwn/sast/cmd_execution_python.rb +14 -94
  13. data/lib/pwn/sast/cmd_execution_ruby.rb +22 -102
  14. data/lib/pwn/sast/cmd_execution_scala.rb +12 -92
  15. data/lib/pwn/sast/csrf.rb +10 -90
  16. data/lib/pwn/sast/deserial_java.rb +17 -97
  17. data/lib/pwn/sast/emoticon.rb +17 -98
  18. data/lib/pwn/sast/eval.rb +10 -90
  19. data/lib/pwn/sast/factory.rb +12 -92
  20. data/lib/pwn/sast/http_authorization_header.rb +20 -100
  21. data/lib/pwn/sast/inner_html.rb +10 -90
  22. data/lib/pwn/sast/keystore.rb +10 -90
  23. data/lib/pwn/sast/local_storage.rb +11 -91
  24. data/lib/pwn/sast/location_hash.rb +10 -90
  25. data/lib/pwn/sast/log4j.rb +10 -90
  26. data/lib/pwn/sast/logger.rb +24 -104
  27. data/lib/pwn/sast/md5.rb +10 -90
  28. data/lib/pwn/sast/outer_html.rb +10 -90
  29. data/lib/pwn/sast/padding_oracle.rb +11 -91
  30. data/lib/pwn/sast/password.rb +15 -95
  31. data/lib/pwn/sast/php_input_mechanisms.rb +16 -96
  32. data/lib/pwn/sast/php_type_juggling.rb +14 -94
  33. data/lib/pwn/sast/pom_version.rb +1 -1
  34. data/lib/pwn/sast/port.rb +16 -96
  35. data/lib/pwn/sast/post_message.rb +10 -90
  36. data/lib/pwn/sast/private_key.rb +10 -90
  37. data/lib/pwn/sast/redirect.rb +13 -93
  38. data/lib/pwn/sast/redos.rb +16 -96
  39. data/lib/pwn/sast/shell.rb +18 -98
  40. data/lib/pwn/sast/signature.rb +10 -90
  41. data/lib/pwn/sast/sql.rb +19 -93
  42. data/lib/pwn/sast/ssl.rb +14 -94
  43. data/lib/pwn/sast/sudo.rb +10 -90
  44. data/lib/pwn/sast/task_tag.rb +23 -103
  45. data/lib/pwn/sast/test_case_engine.rb +147 -0
  46. data/lib/pwn/sast/throw_errors.rb +14 -94
  47. data/lib/pwn/sast/token.rb +12 -92
  48. data/lib/pwn/sast/type_script_type_juggling.rb +14 -94
  49. data/lib/pwn/sast/version.rb +12 -92
  50. data/lib/pwn/sast/window_location_hash.rb +10 -90
  51. data/lib/pwn/sast.rb +4 -0
  52. data/lib/pwn/version.rb +1 -1
  53. data/lib/pwn.rb +0 -2
  54. data/spec/lib/pwn/sast/test_case_engine_spec.rb +20 -0
  55. data/third_party/pwn_rdoc.jsonl +1 -1
  56. metadata +5 -3
data/lib/pwn/sast/cmd_execution_java.rb CHANGED
@@ -19,100 +19,20 @@ module PWN
19
19
  public_class_method def self.scan(opts = {})
20
20
  dir_path = opts[:dir_path]
21
21
  git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
22
- result_arr = []
23
- ai_introspection = PWN::Env[:ai][:introspection]
24
- logger_results = "AI Introspection => #{ai_introspection} => "
25
22
 
26
- PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
27
- if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && File.extname(entry) == '.java' && entry !~ /test/i
28
- line_no_and_contents_arr = []
29
- entry_beautified = false
30
-
31
- if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
32
- js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED 2> /dev/null`.to_s.scrub
33
- entry = "#{entry}.JS-BEAUTIFIED"
34
- entry_beautified = true
35
- end
36
-
37
- test_case_filter = "
38
- grep -Fn \
39
- -e 'getEngineByName(' \
40
- -e 'ProcessBuilder(' \
41
- -e '.exec(' #{entry} 2> /dev/null
42
- "
43
-
44
- str = `#{test_case_filter}`.to_s.scrub
45
-
46
- if str.to_s.empty?
47
- # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
48
- logger_results = "#{logger_results}~" # Catching bugs is good :)
49
- else
50
- str = "1:Result larger than 64KB -> Size: #{str.to_s.length}. Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
51
-
52
- hash_line = {
53
- timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
54
- security_references: security_references,
55
- filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
56
- line_no_and_contents: '',
57
- raw_content: str,
58
- test_case_filter: test_case_filter
59
- }
60
-
61
- # COMMMENT: Must be a better way to implement this (regex is kinda funky)
62
- line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
63
- line_no_count = line_contents_split.length # This should always be an even number
64
- current_count = 0
65
- while line_no_count > current_count
66
- line_no = line_contents_split[current_count]
67
- contents = line_contents_split[current_count + 1]
68
- if Dir.exist?('.git')
69
- repo_root = '.'
70
-
71
- author = PWN::Plugins::Git.get_author(
72
- repo_root: repo_root,
73
- from_line: line_no,
74
- to_line: line_no,
75
- target_file: entry,
76
- entry_beautified: entry_beautified
77
- )
78
- end
79
- author ||= 'N/A'
80
-
81
- ai_analysis = nil
82
- if ai_introspection
83
- request = {
84
- scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
85
- line_no: line_no,
86
- source_code_snippet: contents
87
- }.to_json
88
- response = PWN::AI::Introspection.reflect(request: request)
89
- if response.is_a?(Hash)
90
- ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
91
- ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
92
- end
93
- end
94
-
95
- hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
96
- line_no: line_no,
97
- contents: contents,
98
- author: author,
99
- ai_analysis: ai_analysis
100
- )
23
+ test_case_filter = "
24
+ grep -Fn \
25
+ -e 'getEngineByName(' \
26
+ -e 'ProcessBuilder(' \
27
+ -e '.exec(' {PWN_SAST_SRC_TARGET} 2> /dev/null
28
+ "
101
29
 
102
- current_count += 2
103
- end
104
- result_arr.push(hash_line)
105
- logger_results = "#{logger_results}x" # Seeing progress is good :)
106
- end
107
- end
108
- end
109
- logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
110
- if logger_results.empty?
111
- @@logger.info("#{logger_banner}: No files applicable to this test case.\n")
112
- else
113
- @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
114
- end
115
- result_arr
30
+ PWN::SAST::TestCaseEngine.execute(
31
+ test_case_filter: test_case_filter,
32
+ security_references: security_references,
33
+ dir_path: dir_path,
34
+ git_repo_root_uri: git_repo_root_uri
35
+ )
116
36
  rescue StandardError => e
117
37
  raise e
118
38
  end
data/lib/pwn/sast/cmd_execution_python.rb CHANGED
@@ -19,102 +19,22 @@ module PWN
19
19
  public_class_method def self.scan(opts = {})
20
20
  dir_path = opts[:dir_path]
21
21
  git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
22
- result_arr = []
23
- ai_introspection = PWN::Env[:ai][:introspection]
24
- logger_results = "AI Introspection => #{ai_introspection} => "
25
22
 
26
- PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
27
- if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.py' || File.extname(entry) == '.pyc' || File.extname(entry) == '.pyo' || File.extname(entry) == '.pyd') && entry !~ /test/i
28
- line_no_and_contents_arr = []
29
- entry_beautified = false
30
-
31
- if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
32
- js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED 2> /dev/null`.to_s.scrub
33
- entry = "#{entry}.JS-BEAUTIFIED"
34
- entry_beautified = true
35
- end
36
-
37
- test_case_filter = "
38
- grep -Fn \
39
- -e 'eval(' \
40
- -e 'os.popen' \
41
- -e 'os.system' \
42
- -e 'subprocess.call' \
43
- -e 'subprocess.Popen' #{entry} 2> /dev/null
44
- "
45
-
46
- str = `#{test_case_filter}`.to_s.scrub
47
-
48
- if str.to_s.empty?
49
- # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
50
- logger_results = "#{logger_results}~" # Catching bugs is good :)
51
- else
52
- str = "1:Result larger than 64KB -> Size: #{str.to_s.length}. Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
53
-
54
- hash_line = {
55
- timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
56
- security_references: security_references,
57
- filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
58
- line_no_and_contents: '',
59
- raw_content: str,
60
- test_case_filter: test_case_filter
61
- }
62
-
63
- # COMMMENT: Must be a better way to implement this (regex is kinda funky)
64
- line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
65
- line_no_count = line_contents_split.length # This should always be an even number
66
- current_count = 0
67
- while line_no_count > current_count
68
- line_no = line_contents_split[current_count]
69
- contents = line_contents_split[current_count + 1]
70
- if Dir.exist?('.git')
71
- repo_root = '.'
72
-
73
- author = PWN::Plugins::Git.get_author(
74
- repo_root: repo_root,
75
- from_line: line_no,
76
- to_line: line_no,
77
- target_file: entry,
78
- entry_beautified: entry_beautified
79
- )
80
- end
81
- author ||= 'N/A'
82
-
83
- ai_analysis = nil
84
- if ai_introspection
85
- request = {
86
- scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
87
- line_no: line_no,
88
- source_code_snippet: contents
89
- }.to_json
90
- response = PWN::AI::Introspection.reflect(request: request)
91
- if response.is_a?(Hash)
92
- ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
93
- ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
94
- end
95
- end
96
-
97
- hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
98
- line_no: line_no,
99
- contents: contents,
100
- author: author,
101
- ai_analysis: ai_analysis
102
- )
23
+ test_case_filter = "
24
+ grep -Fn \
25
+ -e 'eval(' \
26
+ -e 'os.popen' \
27
+ -e 'os.system' \
28
+ -e 'subprocess.call' \
29
+ -e 'subprocess.Popen' {PWN_SAST_SRC_TARGET} 2> /dev/null
30
+ "
103
31
 
104
- current_count += 2
105
- end
106
- result_arr.push(hash_line)
107
- logger_results = "#{logger_results}x" # Seeing progress is good :)
108
- end
109
- end
110
- end
111
- logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
112
- if logger_results.empty?
113
- @@logger.info("#{logger_banner}: No files applicable to this test case.\n")
114
- else
115
- @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
116
- end
117
- result_arr
32
+ PWN::SAST::TestCaseEngine.execute(
33
+ test_case_filter: test_case_filter,
34
+ security_references: security_references,
35
+ dir_path: dir_path,
36
+ git_repo_root_uri: git_repo_root_uri
37
+ )
118
38
  rescue StandardError => e
119
39
  raise e
120
40
  end
data/lib/pwn/sast/cmd_execution_ruby.rb CHANGED
@@ -19,110 +19,30 @@ module PWN
19
19
  public_class_method def self.scan(opts = {})
20
20
  dir_path = opts[:dir_path]
21
21
  git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
22
- result_arr = []
23
- ai_introspection = PWN::Env[:ai][:introspection]
24
- logger_results = "AI Introspection => #{ai_introspection} => "
25
22
 
26
- PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
27
- if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && (File.extname(entry) == '.rb' || File.extname(entry) == '.rbw') && entry !~ /test/i
28
- line_no_and_contents_arr = []
29
- entry_beautified = false
30
-
31
- if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
32
- js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED 2> /dev/null`.to_s.scrub
33
- entry = "#{entry}.JS-BEAUTIFIED"
34
- entry_beautified = true
35
- end
36
-
37
- test_case_filter = "
38
- grep -n \
39
- -e '`.*`' \
40
- -e 'eval(' \
41
- -e 'exec(' \
42
- -e 'exec \"' \
43
- -e 'system(' \
44
- -e 'system \"' \
45
- -e 'IO.popen' \
46
- -e 'Open3.popen3' \
47
- -e 'Open3.popen3' \
48
- -e 'Facter::Util::Resolution::exec' \
49
- -e 'PTY.spawn' \
50
- -e 'Process.fork' \
51
- -e '%x' #{entry} 2> /dev/null
52
- "
53
-
54
- str = `#{test_case_filter}`.to_s.scrub
55
-
56
- if str.to_s.empty?
57
- # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
58
- logger_results = "#{logger_results}~" # Catching bugs is good :)
59
- else
60
- str = "1:Result larger than 64KB -> Size: #{str.to_s.length}. Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
61
-
62
- hash_line = {
63
- timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
64
- security_references: security_references,
65
- filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
66
- line_no_and_contents: '',
67
- raw_content: str,
68
- test_case_filter: test_case_filter
69
- }
70
-
71
- # COMMMENT: Must be a better way to implement this (regex is kinda funky)
72
- line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
73
- line_no_count = line_contents_split.length # This should always be an even number
74
- current_count = 0
75
- while line_no_count > current_count
76
- line_no = line_contents_split[current_count]
77
- contents = line_contents_split[current_count + 1]
78
- if Dir.exist?('.git')
79
- repo_root = '.'
80
-
81
- author = PWN::Plugins::Git.get_author(
82
- repo_root: repo_root,
83
- from_line: line_no,
84
- to_line: line_no,
85
- target_file: entry,
86
- entry_beautified: entry_beautified
87
- )
88
- end
89
- author ||= 'N/A'
90
-
91
- ai_analysis = nil
92
- if ai_introspection
93
- request = {
94
- scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
95
- line_no: line_no,
96
- source_code_snippet: contents
97
- }.to_json
98
- response = PWN::AI::Introspection.reflect(request: request)
99
- if response.is_a?(Hash)
100
- ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
101
- ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
102
- end
103
- end
104
-
105
- hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
106
- line_no: line_no,
107
- contents: contents,
108
- author: author,
109
- ai_analysis: ai_analysis
110
- )
23
+ test_case_filter = "
24
+ grep -n \
25
+ -e '`.*`' \
26
+ -e 'eval(' \
27
+ -e 'exec(' \
28
+ -e 'exec \"' \
29
+ -e 'system(' \
30
+ -e 'system \"' \
31
+ -e 'IO.popen' \
32
+ -e 'Open3.popen3' \
33
+ -e 'Open3.popen3' \
34
+ -e 'Facter::Util::Resolution::exec' \
35
+ -e 'PTY.spawn' \
36
+ -e 'Process.fork' \
37
+ -e '%x' {PWN_SAST_SRC_TARGET} 2> /dev/null
38
+ "
111
39
 
112
- current_count += 2
113
- end
114
- result_arr.push(hash_line)
115
- logger_results = "#{logger_results}x" # Seeing progress is good :)
116
- end
117
- end
118
- end
119
- logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
120
- if logger_results.empty?
121
- @@logger.info("#{logger_banner}: No files applicable to this test case.\n")
122
- else
123
- @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
124
- end
125
- result_arr
40
+ PWN::SAST::TestCaseEngine.execute(
41
+ test_case_filter: test_case_filter,
42
+ security_references: security_references,
43
+ dir_path: dir_path,
44
+ git_repo_root_uri: git_repo_root_uri
45
+ )
126
46
  rescue StandardError => e
127
47
  raise e
128
48
  end
data/lib/pwn/sast/cmd_execution_scala.rb CHANGED
@@ -19,100 +19,20 @@ module PWN
19
19
  public_class_method def self.scan(opts = {})
20
20
  dir_path = opts[:dir_path]
21
21
  git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
22
- result_arr = []
23
- ai_introspection = PWN::Env[:ai][:introspection]
24
- logger_results = "AI Introspection => #{ai_introspection} => "
25
22
 
26
- PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
27
- if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && File.extname(entry) == '.scala' && entry !~ /test/i
28
- line_no_and_contents_arr = []
29
- entry_beautified = false
30
-
31
- if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
32
- js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED 2> /dev/null`.to_s.scrub
33
- entry = "#{entry}.JS-BEAUTIFIED"
34
- entry_beautified = true
35
- end
36
-
37
- test_case_filter = "
38
- grep -Fn \
39
- -e 'Process(' \
40
- -e '.!' \
41
- -e '.!!' #{entry} 2> /dev/null
42
- "
43
-
44
- str = `#{test_case_filter}`.to_s.scrub
45
-
46
- if str.to_s.empty?
47
- # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
48
- logger_results = "#{logger_results}~" # Catching bugs is good :)
49
- else
50
- str = "1:Result larger than 64KB -> Size: #{str.to_s.length}. Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
51
-
52
- hash_line = {
53
- timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
54
- security_references: security_references,
55
- filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
56
- line_no_and_contents: '',
57
- raw_content: str,
58
- test_case_filter: test_case_filter
59
- }
60
-
61
- # COMMMENT: Must be a better way to implement this (regex is kinda funky)
62
- line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
63
- line_no_count = line_contents_split.length # This should always be an even number
64
- current_count = 0
65
- while line_no_count > current_count
66
- line_no = line_contents_split[current_count]
67
- contents = line_contents_split[current_count + 1]
68
- if Dir.exist?('.git')
69
- repo_root = '.'
70
-
71
- author = PWN::Plugins::Git.get_author(
72
- repo_root: repo_root,
73
- from_line: line_no,
74
- to_line: line_no,
75
- target_file: entry,
76
- entry_beautified: entry_beautified
77
- )
78
- end
79
- author ||= 'N/A'
80
-
81
- ai_analysis = nil
82
- if ai_introspection
83
- request = {
84
- scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
85
- line_no: line_no,
86
- source_code_snippet: contents
87
- }.to_json
88
- response = PWN::AI::Introspection.reflect(request: request)
89
- if response.is_a?(Hash)
90
- ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
91
- ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
92
- end
93
- end
94
-
95
- hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
96
- line_no: line_no,
97
- contents: contents,
98
- author: author,
99
- ai_analysis: ai_analysis
100
- )
23
+ test_case_filter = "
24
+ grep -Fn \
25
+ -e 'Process(' \
26
+ -e '.!' \
27
+ -e '.!!' {PWN_SAST_SRC_TARGET} 2> /dev/null
28
+ "
101
29
 
102
- current_count += 2
103
- end
104
- result_arr.push(hash_line)
105
- logger_results = "#{logger_results}x" # Seeing progress is good :)
106
- end
107
- end
108
- end
109
- logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
110
- if logger_results.empty?
111
- @@logger.info("#{logger_banner}: No files applicable to this test case.\n")
112
- else
113
- @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
114
- end
115
- result_arr
30
+ PWN::SAST::TestCaseEngine.execute(
31
+ test_case_filter: test_case_filter,
32
+ security_references: security_references,
33
+ dir_path: dir_path,
34
+ git_repo_root_uri: git_repo_root_uri
35
+ )
116
36
  rescue StandardError => e
117
37
  raise e
118
38
  end
data/lib/pwn/sast/csrf.rb CHANGED
@@ -20,98 +20,18 @@ module PWN
20
20
  public_class_method def self.scan(opts = {})
21
21
  dir_path = opts[:dir_path]
22
22
  git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
23
- result_arr = []
24
- ai_introspection = PWN::Env[:ai][:introspection]
25
- logger_results = "AI Introspection => #{ai_introspection} => "
26
23
 
27
- PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
28
- if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
29
- line_no_and_contents_arr = []
30
- entry_beautified = false
31
-
32
- if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
33
- js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED 2> /dev/null`.to_s.scrub
34
- entry = "#{entry}.JS-BEAUTIFIED"
35
- entry_beautified = true
36
- end
37
-
38
- test_case_filter = "
39
- grep -ni \
40
- -e 'csrf' #{entry} 2> /dev/null
41
- "
42
-
43
- str = `#{test_case_filter}`.to_s.scrub
44
-
45
- if str.to_s.empty?
46
- # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
47
- logger_results = "#{logger_results}~" # Catching bugs is good :)
48
- else
49
- str = "1:Result larger than 64KB -> Size: #{str.to_s.length}. Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
50
-
51
- hash_line = {
52
- timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
53
- security_references: security_references,
54
- filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
55
- line_no_and_contents: '',
56
- raw_content: str,
57
- test_case_filter: test_case_filter
58
- }
59
-
60
- # COMMMENT: Must be a better way to implement this (regex is kinda funky)
61
- line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
62
- line_no_count = line_contents_split.length # This should always be an even number
63
- current_count = 0
64
- while line_no_count > current_count
65
- line_no = line_contents_split[current_count]
66
- contents = line_contents_split[current_count + 1]
67
- if Dir.exist?('.git')
68
- repo_root = '.'
69
-
70
- author = PWN::Plugins::Git.get_author(
71
- repo_root: repo_root,
72
- from_line: line_no,
73
- to_line: line_no,
74
- target_file: entry,
75
- entry_beautified: entry_beautified
76
- )
77
- end
78
- author ||= 'N/A'
79
-
80
- ai_analysis = nil
81
- if ai_introspection
82
- request = {
83
- scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
84
- line_no: line_no,
85
- source_code_snippet: contents
86
- }.to_json
87
- response = PWN::AI::Introspection.reflect(request: request)
88
- if response.is_a?(Hash)
89
- ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
90
- ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
91
- end
92
- end
93
-
94
- hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
95
- line_no: line_no,
96
- contents: contents,
97
- author: author,
98
- ai_analysis: ai_analysis
99
- )
24
+ test_case_filter = "
25
+ grep -ni \
26
+ -e 'csrf' {PWN_SAST_SRC_TARGET} 2> /dev/null
27
+ "
100
28
 
101
- current_count += 2
102
- end
103
- result_arr.push(hash_line)
104
- logger_results = "#{logger_results}x" # Seeing progress is good :)
105
- end
106
- end
107
- end
108
- logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
109
- if logger_results.empty?
110
- @@logger.info("#{logger_banner}: No files applicable to this test case.\n")
111
- else
112
- @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
113
- end
114
- result_arr
29
+ PWN::SAST::TestCaseEngine.execute(
30
+ test_case_filter: test_case_filter,
31
+ security_references: security_references,
32
+ dir_path: dir_path,
33
+ git_repo_root_uri: git_repo_root_uri
34
+ )
115
35
  end
116
36
 
117
37
  # Used primarily to map NIST 800-53 Revision 4 Security Controls