pwn 0.5.443 → 0.5.444

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e9c5f5436eb5aafbcb5f8e3efdbe4ddaf6a072560d16032a86597df309db414f
-  data.tar.gz: df3a77d5878eec1334e36c341dc66e720fb9a981c3ded1d8970c778a92cafd81
+  metadata.gz: ec6df63c1b99b28c53063a7a55160e3daf1b961fb5c9c65b13e522bb1011f54d
+  data.tar.gz: 384514b0c8e2fe6d11696a55e5e9fc04a3cf5af85218b6643a2009401da50188
 SHA512:
-  metadata.gz: 1c9ffd8beddc6cf2cdee5a563378077fde6ef79418a6ec213b285ca952382a7b1cd43dd4828e669432b39ebdedac7dfc40f7bc1ce98e43ec91a0bb048928bb9a
-  data.tar.gz: ca08116991e30c5570ed16b281c3582a6db10be37097771a10b667b1e02c5a483dd14b02df83c53813b21dd1e11196be51802013827cc96792dbb2d9ee355bc1
+  metadata.gz: 679c8b0262e600ae206e713ceec79d60de9ce91bf39b0eebb420c76316fd0cb7816a9bf96390bf5545e5c6063697809354fb52aa55aad962cd0b2c9c5373d123
+  data.tar.gz: f14604cb417bd26b745a4c311ed8614cc8ec3f13e07f622497efbb4037fda26ed767dc017ff2fa1e92eee4f47a731d4646ea76e05cf05628d4377a23e7cef460

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.443]:001 >>> PWN.help
+pwn[v0.5.444]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.443]:001 >>> PWN.help
+pwn[v0.5.444]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.443]:001 >>> PWN.help
+pwn[v0.5.444]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn_sast

@@ -102,6 +102,7 @@ begin
       BannedFunctionCallsC
       Base64
       BeefHook
+      CmdExecutionGoLang
       CmdExecutionJava
       CmdExecutionPython
       CmdExecutionRuby

data/lib/pwn/plugins/file_fu.rb

@@ -14,7 +14,9 @@ module PWN
     module FileFu
       # Supported Method Parameters::
       # PWN::Plugins::FileFu.recurse_in_dir(
-      #   dir_path: 'optional path to dir defaults to .'
+      #   dir_path: 'optional path to dir defaults to .',
+      #   include_extensions: 'optional - array of file extensions to search for in scan (e.g. ['.js', '.php'])',
+      #   exclude_extensions: 'optional - array of file extensions to exclude from scan (e.g. ['.log', '.txt', '.spec'])'
       # )
 
       public_class_method def self.recurse_in_dir(opts = {})
@@ -22,32 +24,24 @@ module PWN
         dir_path = dir_path.to_s.scrub unless dir_path.is_a?(String)
         raise "PWN Error: Invalid Directory #{dir_path}" unless Dir.exist?(dir_path)
 
+        include_extensions = opts[:include_extensions] ||= []
+        exclude_extensions = opts[:exclude_extensions] ||= []
+
         previous_dir = Dir.pwd
         Dir.chdir(dir_path)
         # Execute this like this:
         # recurse_in_dir(:dir_path => 'path to dir') {|entry| puts entry}
-        Dir.glob('./**/*').each { |entry| yield Shellwords.escape(entry) }
-      rescue StandardError => e
-        raise e
-      ensure
-        Dir.chdir(previous_dir) if Dir.exist?(previous_dir)
-      end
-
-      # Supported Method Parameters::
-      # PWN::Plugins::FileFu.recurse_dir(
-      #   dir_path: 'optional path to dir defaults to .'
-      # )
+        Dir.glob('./**/*').each do |entry|
+          next if exclude_extensions.include?(File.extname(entry))
 
-      public_class_method def self.recurse_dir(opts = {})
-        dir_path = opts[:dir_path] ||= '.'
-        dir_path = dir_path.to_s.scrub unless dir_path.is_a?(String)
-        raise "PWN Error: Invalid Directory #{dir_path}" unless Dir.exist?(dir_path)
+          next unless include_extensions.empty? || include_extensions.include?(File.extname(entry))
 
-        # Execute this like this:
-        # recurse_dir(:dir_path => 'path to dir') {|entry| puts entry}
-        Dir.glob("#{dir_path}/**/*").each { |entry| yield Shellwords.escape(entry) }
+          yield Shellwords.escape(entry)
+        end
       rescue StandardError => e
         raise e
+      ensure
+        Dir.chdir(previous_dir) if Dir.exist?(previous_dir)
       end
 
       # Supported Method Parameters::
@@ -78,9 +72,13 @@ module PWN
 
       public_class_method def self.help
         puts "USAGE:
-          #{self}.recurse_in_dir(dir_path: 'optional path to dir defaults to .') {|entry| puts entry}
-
-          #{self}.recurse_dir(dir_path: 'optional path to dir defaults to .') {|entry| puts entry}
+          #{self}.recurse_in_dir(
+            dir_path: 'optional path to dir defaults to .',
+            include_extensions: 'optional - array of file extensions to search for in scan (e.g. ['.js', '.php'])',
+            exclude_extensions: 'optional - array of file extensions to exclude from scan (e.g. ['.log', '.txt', '.spec'])'
+          ) do |entry|
+            puts entry
+          end
 
           #{self}.untar_gz_file(
             tar_gz_file: 'required - path to .tar.gz file',

data/lib/pwn/sast/amqp_connect_as_guest.rb

@@ -9,8 +9,6 @@ module PWN
     # within source code to determine if connections to RabbitMQ servers
     # are using guest accounts.
     module AMQPConnectAsGuest
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::AMQPConnectAsGuest.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/apache_file_system_util_api.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify arbitrary command execution
     # within Apache Common's API Class, org.apache.commons.io.FileSystemUtils
     module ApacheFileSystemUtilAPI
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::ApacheFileSystemUtilAPI.scan(
       #   :dir_path => 'optional path to dir defaults to .'

data/lib/pwn/sast/aws.rb

@@ -7,8 +7,6 @@ module PWN
   module SAST
     # SAST Module used to identify sensitive AWS AuthN artifacts.
     module AWS
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::Port.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/banned_function_calls_c.rb

@@ -9,8 +9,6 @@ module PWN
     # calls in C & C++ code per:
     # https://msdn.microsoft.com/en-us/library/bb288454.aspx
     module BannedFunctionCallsC
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::BannedFunctionCallsC.scan(
       #   :dir_path => 'optional path to dir defaults to .'
@@ -154,10 +152,13 @@ module PWN
           -e 'wmemcpy' {PWN_SAST_SRC_TARGET} 2> /dev/null
         "
 
+        include_extensions = %w[.c .cats .idc .cpp .cc .cxx .c++ .cp .CPP .C .cppm .ixx .h .hpp .hxx .hh .h++ .inc .inl .ipp .tcc .tpp .txx .i .s .asm .o .obj .a .so .lib .dll .exe .pdb .vcxproj .sln .dsp .dsw .cbp .cmake .make .mk]
+
         PWN::SAST::TestCaseEngine.execute(
           test_case_filter: test_case_filter,
           security_references: security_references,
           dir_path: dir_path,
+          include_extensions: include_extensions,
           git_repo_root_uri: git_repo_root_uri
         )
       rescue StandardError => e

data/lib/pwn/sast/base64.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify Base64 encoded strings
     # that may have sensitive artifacts when decoded.
     module Base64
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::Base64.scan(
       #   dir_path: 'optional path to dir defaults to .'
@@ -23,7 +21,7 @@ module PWN
         test_case_filter = "
           grep -Ein \
           -e 'BASE64' \
-          -e '^[A-Za-z0-9+/]{4}([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$' \
+          -e '^[A-Za-z0-9+/]{12}([A-Za-z0-9+/]{4})*$|^[A-Za-z0-9+/]{8}([A-Za-z0-9+/]{4})*[A-Za-z0-9+/]{2}==$|^[A-Za-z0-9+/]{8}([A-Za-z0-9+/]{4})*[A-Za-z0-9+/]{3}=$' \
           {PWN_SAST_SRC_TARGET} 2> /dev/null
         "
 

data/lib/pwn/sast/beef_hook.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to detect if the default BeEF
     # exploitation hooks reside within source code.
     module BeefHook
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::BeefHook.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/cmd_execution_go_lang.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: false
+
+require 'json'
+require 'socket'
+
+module PWN
+  module SAST
+    # SAST Module used to identify command
+    # execution residing within GoLang source code.
+    module CmdExecutionGoLang
+      # Supported Method Parameters::
+      # PWN::SAST::CmdExecutionGoLang.scan(
+      #   dir_path: 'optional path to dir defaults to .'
+      #   git_repo_root_uri: 'optional http uri of git repo scanned'
+      # )
+
+      public_class_method def self.scan(opts = {})
+        dir_path = opts[:dir_path]
+        git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
+
+        test_case_filter = "
+          grep -Fn \
+          -e 'exec.Command(' \
+          -e 'exec.CommandContext(' \
+          -e 'Cmd.CombinedOutput(' \
+          -e 'Cmd.Output(' \
+          -e 'Cmd.Run(' \
+          -e 'Cmd.Start(' {PWN_SAST_SRC_TARGET} 2> /dev/null
+        "
+
+        include_extensions = %w[.go .s .o .a .mod]
+
+        PWN::SAST::TestCaseEngine.execute(
+          test_case_filter: test_case_filter,
+          security_references: security_references,
+          dir_path: dir_path,
+          include_extensions: include_extensions,
+          git_repo_root_uri: git_repo_root_uri
+        )
+      rescue StandardError => e
+        raise e
+      end
+
+      # Used primarily to map NIST 800-53 Revision 4 Security Controls
+      # https://web.nvd.nist.gov/view/800-53/Rev4/impact?impactName=HIGH
+      # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
+      # Determine the level of Testing Coverage w/ PWN.
+
+      public_class_method def self.security_references
+        {
+          sast_module: self,
+          section: 'INFORMATION INPUT VALIDATION',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-10',
+          cwe_id: '78',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/78.html'
+        }
+      rescue StandardError => e
+        raise e
+      end
+
+      # Author(s):: 0day Inc. <support@0dayinc.com>
+
+      public_class_method def self.authors
+        "AUTHOR(S):
+          0day Inc. <support@0dayinc.com>
+        "
+      end
+
+      # Display Usage for this Module
+
+      public_class_method def self.help
+        puts "USAGE:
+          sast_arr = #{self}.scan(
+            :dir_path => 'optional path to dir defaults to .',
+            :git_repo_root_uri => 'optional http uri of git repo scanned'
+          )
+
+          #{self}.authors
+        "
+      end
+    end
+  end
+end

data/lib/pwn/sast/cmd_execution_java.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify command
     # execution residing within Java source code.
     module CmdExecutionJava
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::CmdExecutionJava.scan(
       #   dir_path: 'optional path to dir defaults to .'
@@ -27,10 +25,13 @@ module PWN
           -e '.exec(' {PWN_SAST_SRC_TARGET} 2> /dev/null
         "
 
+        include_extensions = %w[.java .class .jar .war .ear .nar .properties .aj .jsp .jspx .jstm .jsptml .jnlp .jad .ser .gsp]
+
         PWN::SAST::TestCaseEngine.execute(
           test_case_filter: test_case_filter,
           security_references: security_references,
           dir_path: dir_path,
+          include_extensions: include_extensions,
           git_repo_root_uri: git_repo_root_uri
         )
       rescue StandardError => e

data/lib/pwn/sast/cmd_execution_python.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify command execution
     # residing within Python source code.
     module CmdExecutionPython
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::CmdExecutionPython.scan(
       #   dir_path: 'optional path to dir defaults to .'
@@ -29,10 +27,13 @@ module PWN
           -e 'subprocess.Popen' {PWN_SAST_SRC_TARGET} 2> /dev/null
         "
 
+        include_extensions = %w[.py .pyc .pyd .pyo .pyw .pyi .pyx .pxd .ipynb .pyz .whl .egg .pth]
+
         PWN::SAST::TestCaseEngine.execute(
           test_case_filter: test_case_filter,
           security_references: security_references,
           dir_path: dir_path,
+          include_extensions: include_extensions,
           git_repo_root_uri: git_repo_root_uri
         )
       rescue StandardError => e

data/lib/pwn/sast/cmd_execution_ruby.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify command
     # execution residing within Ruby source code.
     module CmdExecutionRuby
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::CmdExecutionRuby(
       #   dir_path: 'optional path to dir defaults to .'
@@ -37,10 +35,13 @@ module PWN
           -e '%x' {PWN_SAST_SRC_TARGET} 2> /dev/null
         "
 
+        include_extensions = %w[.rb .erb .rhtml .rake .gemspec .gem .ru .bundle]
+
         PWN::SAST::TestCaseEngine.execute(
           test_case_filter: test_case_filter,
           security_references: security_references,
           dir_path: dir_path,
+          include_extensions: include_extensions,
           git_repo_root_uri: git_repo_root_uri
         )
       rescue StandardError => e

data/lib/pwn/sast/cmd_execution_scala.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify command
     # execution residing within scala source code.
     module CmdExecutionScala
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::CmdExecutionScala.scan(
       #   dir_path: 'optional path to dir defaults to .'
@@ -27,10 +25,13 @@ module PWN
           -e '.!!' {PWN_SAST_SRC_TARGET} 2> /dev/null
         "
 
+        include_extensions = %w[.scala .sc .sbt .class .jar .war .tasty .scala.html .scala.js .scala.txt .properties]
+
         PWN::SAST::TestCaseEngine.execute(
           test_case_filter: test_case_filter,
           security_references: security_references,
           dir_path: dir_path,
+          include_extensions: include_extensions,
           git_repo_root_uri: git_repo_root_uri
         )
       rescue StandardError => e

data/lib/pwn/sast/csrf.rb

@@ -9,8 +9,6 @@ module PWN
     # CSRF protection.  If nothing appears in the report,
     # this may be an indicator of NO CSRF protection.
     module CSRF
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::CSRF.scan(
       #   :dir_path => 'optional path to dir defaults to .'

data/lib/pwn/sast/deserial_java.rb

@@ -10,8 +10,6 @@ module PWN
     # For more information see:
     # https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html
     module DeserialJava
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::DeserialJava.scan(
       #   :dir_path => 'optional path to dir defaults to .'
@@ -34,10 +32,13 @@ module PWN
           -e Serializable {PWN_SAST_SRC_TARGET} 2> /dev/null
         "
 
+        include_extensions = %w[.java .class .jar .war .ear .nar .properties .aj .jsp .jspx .jstm .jsptml .jnlp .jad .ser .gsp]
+
         PWN::SAST::TestCaseEngine.execute(
           test_case_filter: test_case_filter,
           security_references: security_references,
           dir_path: dir_path,
+          include_extensions: include_extensions,
           git_repo_root_uri: git_repo_root_uri
         )
       end

data/lib/pwn/sast/emoticon.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify portions of
     # code marked by developers as interesting for whatever reason.
     module Emoticon
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::Emoticon.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/eval.rb

@@ -9,8 +9,6 @@ module PWN
     # declarations within source code in an effort to
     # determine if arbitrary command/code execution is possible
     module Eval
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::Eval.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/factory.rb

@@ -10,8 +10,6 @@ module PWN
     # For more information see:
     # https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
     module Factory
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::Factory.scan(
       #   :dir_path => 'optional path to dir defaults to .'
@@ -28,11 +26,13 @@ module PWN
           -e XMLInputFactory \
           -e SAXParserFactory {PWN_SAST_SRC_TARGET} 2> /dev/null
         "
+        include_extensions = %w[.java .class .jar .war .ear .nar .properties .aj .jsp .jspx .jstm .jsptml .jnlp .jad .ser .gsp]
 
         PWN::SAST::TestCaseEngine.execute(
           test_case_filter: test_case_filter,
           security_references: security_references,
           dir_path: dir_path,
+          include_extensions: include_extensions,
           git_repo_root_uri: git_repo_root_uri
         )
       end

data/lib/pwn/sast/http_authorization_header.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify hard-code/plain-text
     # passwords within source code.
     module HTTPAuthorizationHeader
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::HTTPAuthorizationHeader.scan(
       #   :dir_path => 'optional path to dir defaults to .'

data/lib/pwn/sast/inner_html.rb

@@ -9,8 +9,6 @@ module PWN
     # declarations within source code in an effort to
     # determine if XSS is possible
     module InnerHTML
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::InnerHTML.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/keystore.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify weak
     # passwords/configurations around key stores.
     module Keystore
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::Keystore.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/local_storage.rb

@@ -9,8 +9,6 @@ module PWN
     # declarations within source code in an effort to
     # determine if XSS is possible
     module LocalStorage
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::LocalStorage.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/location_hash.rb

@@ -9,8 +9,6 @@ module PWN
     # declarations within source code in an effort to
     # determine if XSS is possible
     module LocationHash
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::LocationHash.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/log4j.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify command
     # execution residing within Java source code.
     module Log4J
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::Log4J.scan(
       #   dir_path: 'optional path to dir defaults to .'
@@ -25,10 +23,13 @@ module PWN
           -e 'log4j' {PWN_SAST_SRC_TARGET} 2> /dev/null
         "
 
+        include_extensions = %w[.java .class .jar .war .ear .nar .properties .aj .jsp .jspx .jstm .jsptml .jnlp .jad .ser .gsp]
+
         PWN::SAST::TestCaseEngine.execute(
           test_case_filter: test_case_filter,
           security_references: security_references,
           dir_path: dir_path,
+          include_extensions: include_extensions,
           git_repo_root_uri: git_repo_root_uri
         )
       rescue StandardError => e

data/lib/pwn/sast/logger.rb

@@ -9,8 +9,6 @@ module PWN
     # artifacts such as passwords, pre-auth tokens, etc are persisted
     # to log files (which may lead to unauthorized access).
     module Logger
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::Logger.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/md5.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify MD5 hash related objects, methods, classes, etc.
     # to determine if deprecated hashing is still supported.
     module MD5
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::MD5.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/outer_html.rb

@@ -9,8 +9,6 @@ module PWN
     # declarations within source code in an effort to
     # determine if XSS is possible.
     module OuterHTML
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::OuterHTML.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/padding_oracle.rb

@@ -7,8 +7,6 @@ module PWN
   module SAST
     # SAST Module used to identify padding oracle vulnerabilities involving weak CBC block cipher padding.
     module PaddingOracle
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::PaddingOracle.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/password.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify hard-code/plain-text
     # passwords within source code.
     module Password
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::Password.scan(
       #   :dir_path => 'optional path to dir defaults to .'

data/lib/pwn/sast/php_input_mechanisms.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify HTTP input
     # mechanisms that exist in PHP code (e.g. $_REQUEST, $_GET, etc.)
     module PHPInputMechanisms
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::PHPInputMechanisms.scan(
       #   dir_path: 'optional path to dir defaults to .'
@@ -31,10 +29,13 @@ module PWN
           -e '$_SESSION' {PWN_SAST_SRC_TARGET} 2> /dev/null
         "
 
+        include_extensions = %w[.phar .pht .phtm .phtml .php .php2 .php3 .php4 .php5 .php7 .php8 .phps .phpt .pgif .inc]
+
         PWN::SAST::TestCaseEngine.execute(
           test_case_filter: test_case_filter,
           security_references: security_references,
           dir_path: dir_path,
+          include_extensions: include_extensions,
           git_repo_root_uri: git_repo_root_uri
         )
       rescue StandardError => e

data/lib/pwn/sast/php_type_juggling.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify loose comparisons
     # (i.e. == instead of ===) within PHP source code.
     module PHPTypeJuggling
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::PHPTypeJuggling.scan(
       #   dir_path: 'optional path to dir defaults to .'
@@ -29,10 +27,13 @@ module PWN
             -e '!=='
         "
 
+        include_extensions = %w[.phar .pht .phtm .phtml .php .php2 .php3 .php4 .php5 .php7 .php8 .phps .phpt .pgif .inc]
+
         PWN::SAST::TestCaseEngine.execute(
           test_case_filter: test_case_filter,
           security_references: security_references,
           dir_path: dir_path,
+          include_extensions: include_extensions,
           git_repo_root_uri: git_repo_root_uri
         )
       rescue StandardError => e

data/lib/pwn/sast/pom_version.rb

@@ -9,8 +9,6 @@ module PWN
     # of dependent software within source repos to ensure patching
     # requirements for those dependencies can be met.
     module PomVersion
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::PomVersion.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/port.rb

@@ -10,8 +10,6 @@ module PWN
     # code to get a sense around appropriate secure network
     # communications in place.
     module Port
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::Port.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/post_message.rb

@@ -9,8 +9,6 @@ module PWN
     # declarations within source code in an effort to
     # determine if XSS is possible
     module PostMessage
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::PostMessage.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/private_key.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify private keys used for authenticating
     # with remote hosts.
     module PrivateKey
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::PrivateKey(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/redirect.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify if applications
     # allow arbritrary redirects to third-party URLs w/o a whitelist
     module Redirect
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::Redirect.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/redos.rb

@@ -9,8 +9,6 @@ module PWN
     # within source code.  For more information, see:
     # https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS
     module ReDOS
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::ReDOS.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/shell.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify if application is
     # shelling-out which may lead to arbitrary command execution
     module Shell
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::Shell.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/signature.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify private keys used for authenticating
     # with remote hosts.
     module Signature
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::Signature(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/sql.rb

@@ -9,8 +9,6 @@ module PWN
     # reference within source code that may contain SQL to
     # determine if SQL injeciton is possible.
     module SQL
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::SQL.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/ssl.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify any SSL/TLS
     # reference within source code.
     module SSL
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::SSL.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/sudo.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify if cmd execution and/or
     # privilege escalation is possible.
     module Sudo
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::Sudo.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/task_tag.rb

@@ -9,8 +9,6 @@ module PWN
     # such as TODO, SECURITY, FIXME, etc to ensure developers
     # aren't introducing security-related bugs into source code.
     module TaskTag
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::TaskTag.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/test_case_engine.rb

@@ -13,7 +13,9 @@ module PWN
       # PWN::SAST::TestCaseEngine.execute(
       #   test_case_filter: 'required - grep command to filter results',
       #   security_references: 'required - Hash with keys :sast_module, :section, :nist_800_53_uri, :cwe_id, :cwe_uri',
-      #   dir_path: 'optional - path to dir defaults to .'
+      #   dir_path: 'optional - path to dir defaults to .',
+      #   include_extensions: 'optional - array of file extensions to search for in scan (Defaults to all file types / i.e. [])',
+      #   exclude_extensions: 'optional - array of file extensions to exclude from scan (Defaults to [.bin, .dat, .JS-BEAUTIFIED, .o, .test, .png, .jpg, .jpeg, .gif, .svg, .ico, .so, .spec, .zip, .tar, .gz, .tgz, .7z, .mp3, .mp4, .mov, .avi, .wmv, .flv, .mkv])',
       #   git_repo_root_uri: 'optional - http uri of git repo scanned'
       # )
 
@@ -25,14 +27,51 @@ module PWN
         raise 'ERROR: security_references must be a Hash' unless security_references.is_a?(Hash)
 
         dir_path = opts[:dir_path] ||= '.'
+        include_extensions = opts[:include_extensions] ||= []
+        exclude_extensions = opts[:exclude_extentions] ||= %w[
+          .7z
+          .avi
+          .bin
+          .dat
+          .dll
+          .flv
+          .gif
+          .gz
+          .ico
+          .jpg
+          .jpeg
+          .JS-BEAUTIFIED
+          .markdown
+          .md
+          .mkv
+          .mov
+          .mp3
+          .mp4
+          .o
+          .png
+          .svg
+          .test
+          .so
+          .spec
+          .tar
+          .tgz
+          .webm
+          .wmv
+          .zip
+        ]
+
         git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
 
         result_arr = []
         ai_introspection = PWN::Env[:ai][:introspection]
         logger_results = "AI Introspection => #{ai_introspection} => "
 
-        PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
+        PWN::Plugins::FileFu.recurse_in_dir(
+          dir_path: dir_path,
+          include_extensions: include_extensions,
+          exclude_extensions: exclude_extensions
+        ) do |entry|
+          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && entry !~ /test/i
             line_no_and_contents_arr = []
             entry_beautified = false
 
@@ -58,7 +97,7 @@ module PWN
                 filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
                 line_no_and_contents: '',
                 raw_content: str,
-                test_case_filter: test_case_filter
+                test_case_filter: this_test_case_filter
               }
 
               # COMMMENT: Must be a better way to implement this (regex is kinda funky)
@@ -136,6 +175,8 @@ module PWN
             test_case_filter: 'required grep command to filter results',
             security_references: 'required Hash with keys :sast_module, :section, :nist_800_53_uri, :cwe_id, :cwe_uri',
             dir_path: 'optional path to dir defaults to .',
+            include_extensions: 'optional array of file extensions to search for in scan (Defaults to all file types / i.e. [])',
+            exclude_extensions: 'optional array of file extensions to exclude from scan (Defaults to [.bin, .dat, .JS-BEAUTIFIED, .o, .test, .png, .jpg, .jpeg, .gif, .svg, .ico, .so, .spec, .zip, .tar, .gz, .tgz, .7z, .mp3, .mp4, .mov, .avi, .wmv, .flv, .mkv])',
             git_repo_root_uri: 'optional http uri of git repo scanned'
           )
 

data/lib/pwn/sast/throw_errors.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify whether
     # error messages are sanitized properly.
     module ThrowErrors
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::ThrowErrors.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/token.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify any
     # reference within source code of authorization tokens.
     module Token
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::Token.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/type_script_type_juggling.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify loose comparisons
     # (i.e. == instead of ===) within TypeScript source code.
     module TypeScriptTypeJuggling
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::TypeScriptTypeJuggling.scan(
       #   dir_path: 'optional path to dir defaults to .'
@@ -29,10 +27,13 @@ module PWN
             -e '!=='
         "
 
+        include_extensions = %w[.ts .tsx .mts .cts .d.ts .d.mts .d.cts .js .mjs .cjs .map .tsbuildinfo]
+
         PWN::SAST::TestCaseEngine.execute(
           test_case_filter: test_case_filter,
           security_references: security_references,
           dir_path: dir_path,
+          include_extensions: include_extensions,
           git_repo_root_uri: git_repo_root_uri
         )
       rescue StandardError => e

data/lib/pwn/sast/version.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to detect version
     # information within all files in a source repo
     module Version
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::Version.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast/window_location_hash.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify the potential
     # for DOM-based XSS in the application.
     module WindowLocationHash
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::WindowLocationHash.scan(
       #   dir_path: 'optional path to dir defaults to .'

data/lib/pwn/sast.rb

@@ -12,6 +12,7 @@ module PWN
     autoload :BannedFunctionCallsC, 'pwn/sast/banned_function_calls_c'
     autoload :Base64, 'pwn/sast/base64'
     autoload :BeefHook, 'pwn/sast/beef_hook'
+    autoload :CmdExecutionGoLang, 'pwn/sast/cmd_execution_go_lang'
     autoload :CmdExecutionJava, 'pwn/sast/cmd_execution_java'
     autoload :CmdExecutionPython, 'pwn/sast/cmd_execution_python'
     autoload :CmdExecutionRuby, 'pwn/sast/cmd_execution_ruby'

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.443'
+  VERSION = '0.5.444'
 end

data/spec/lib/pwn/sast/cmd_execution_go_lang_spec.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::SAST::CmdExecutionGoLang do
+  it 'scan method should exist' do
+    scan_response = PWN::SAST::CmdExecutionGoLang
+    expect(scan_response).to respond_to :scan
+  end
+
+  it 'should display information for security_references' do
+    security_references_response = PWN::SAST::CmdExecutionGoLang
+    expect(security_references_response).to respond_to :security_references
+  end
+
+  it 'should display information for authors' do
+    authors_response = PWN::SAST::CmdExecutionGoLang
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::SAST::CmdExecutionGoLang
+    expect(help_response).to respond_to :help
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.443
+  version: 0.5.444
 platform: ruby
 authors:
 - 0day Inc.
@@ -1921,6 +1921,7 @@ files:
 - lib/pwn/sast/banned_function_calls_c.rb
 - lib/pwn/sast/base64.rb
 - lib/pwn/sast/beef_hook.rb
+- lib/pwn/sast/cmd_execution_go_lang.rb
 - lib/pwn/sast/cmd_execution_java.rb
 - lib/pwn/sast/cmd_execution_python.rb
 - lib/pwn/sast/cmd_execution_ruby.rb
@@ -2271,6 +2272,7 @@ files:
 - spec/lib/pwn/sast/banned_function_calls_c_spec.rb
 - spec/lib/pwn/sast/base64_spec.rb
 - spec/lib/pwn/sast/beef_hook_spec.rb
+- spec/lib/pwn/sast/cmd_execution_go_lang_spec.rb
 - spec/lib/pwn/sast/cmd_execution_java_spec.rb
 - spec/lib/pwn/sast/cmd_execution_python_spec.rb
 - spec/lib/pwn/sast/cmd_execution_ruby_spec.rb