RubyGems - pwn - Versions diffs - 0.4.505 → 0.4.507 - Mend

pwn 0.4.505 → 0.4.507

Files changed (84) hide show

checksums.yaml +4 -4
data/README.md +2 -2
data/bin/pwn_sast +0 -1
data/lib/pwn/reports/sast.rb +5 -5
data/lib/pwn/sast/amqp_connect_as_guest.rb +5 -3
data/lib/pwn/sast/apache_file_system_util_api.rb +9 -3
data/lib/pwn/sast/aws.rb +5 -3
data/lib/pwn/sast/banned_function_calls_c.rb +9 -3
data/lib/pwn/sast/base64.rb +6 -7
data/lib/pwn/sast/beef_hook.rb +5 -3
data/lib/pwn/sast/cmd_execution_java.rb +5 -3
data/lib/pwn/sast/cmd_execution_python.rb +5 -3
data/lib/pwn/sast/cmd_execution_ruby.rb +5 -3
data/lib/pwn/sast/cmd_execution_scala.rb +5 -3
data/lib/pwn/sast/csrf.rb +7 -3
data/lib/pwn/sast/deserial_java.rb +7 -3
data/lib/pwn/sast/emoticon.rb +5 -3
data/lib/pwn/sast/eval.rb +5 -3
data/lib/pwn/sast/factory.rb +7 -3
data/lib/pwn/sast/http_authorization_header.rb +5 -3
data/lib/pwn/sast/inner_html.rb +5 -3
data/lib/pwn/sast/keystore.rb +5 -3
data/lib/pwn/sast/location_hash.rb +5 -3
data/lib/pwn/sast/log4j.rb +5 -3
data/lib/pwn/sast/logger.rb +5 -3
data/lib/pwn/sast/outer_html.rb +5 -3
data/lib/pwn/sast/password.rb +5 -3
data/lib/pwn/sast/pom_version.rb +5 -3
data/lib/pwn/sast/port.rb +5 -3
data/lib/pwn/sast/private_key.rb +5 -3
data/lib/pwn/sast/redirect.rb +5 -3
data/lib/pwn/sast/redos.rb +5 -3
data/lib/pwn/sast/shell.rb +5 -3
data/lib/pwn/sast/signature.rb +5 -3
data/lib/pwn/sast/sql.rb +5 -3
data/lib/pwn/sast/ssl.rb +5 -3
data/lib/pwn/sast/sudo.rb +5 -3
data/lib/pwn/sast/task_tag.rb +5 -3
data/lib/pwn/sast/throw_errors.rb +5 -3
data/lib/pwn/sast/token.rb +5 -3
data/lib/pwn/sast/version.rb +5 -3
data/lib/pwn/sast/window_location_hash.rb +5 -3
data/lib/pwn/sast.rb +0 -1
data/lib/pwn/version.rb +1 -1
data/spec/lib/pwn/sast/amqp_connect_as_guest_spec.rb +3 -3
data/spec/lib/pwn/sast/apache_file_system_util_api_spec.rb +3 -3
data/spec/lib/pwn/sast/aws_spec.rb +3 -3
data/spec/lib/pwn/sast/banned_function_calls_c_spec.rb +3 -3
data/spec/lib/pwn/sast/base64_spec.rb +3 -3
data/spec/lib/pwn/sast/beef_hook_spec.rb +3 -3
data/spec/lib/pwn/sast/cmd_execution_java_spec.rb +3 -3
data/spec/lib/pwn/sast/cmd_execution_python_spec.rb +3 -3
data/spec/lib/pwn/sast/cmd_execution_ruby_spec.rb +3 -3
data/spec/lib/pwn/sast/cmd_execution_scala_spec.rb +3 -3
data/spec/lib/pwn/sast/csrf_spec.rb +3 -3
data/spec/lib/pwn/sast/deserial_java_spec.rb +3 -3
data/spec/lib/pwn/sast/emoticon_spec.rb +3 -3
data/spec/lib/pwn/sast/eval_spec.rb +3 -3
data/spec/lib/pwn/sast/factory_spec.rb +3 -3
data/spec/lib/pwn/sast/http_authorization_header_spec.rb +3 -3
data/spec/lib/pwn/sast/inner_html_spec.rb +3 -3
data/spec/lib/pwn/sast/keystore_spec.rb +3 -3
data/spec/lib/pwn/sast/location_hash_spec.rb +3 -3
data/spec/lib/pwn/sast/log4j_spec.rb +3 -3
data/spec/lib/pwn/sast/logger_spec.rb +3 -3
data/spec/lib/pwn/sast/password_spec.rb +3 -3
data/spec/lib/pwn/sast/pom_version_spec.rb +3 -3
data/spec/lib/pwn/sast/port_spec.rb +3 -3
data/spec/lib/pwn/sast/private_key_spec.rb +3 -3
data/spec/lib/pwn/sast/redirect_spec.rb +3 -3
data/spec/lib/pwn/sast/redos_spec.rb +3 -3
data/spec/lib/pwn/sast/shell_spec.rb +3 -3
data/spec/lib/pwn/sast/signature_spec.rb +3 -3
data/spec/lib/pwn/sast/sql_spec.rb +3 -3
data/spec/lib/pwn/sast/ssl_spec.rb +3 -3
data/spec/lib/pwn/sast/sudo_spec.rb +3 -3
data/spec/lib/pwn/sast/task_tag_spec.rb +3 -3
data/spec/lib/pwn/sast/throw_errors_spec.rb +3 -3
data/spec/lib/pwn/sast/token_spec.rb +3 -3
data/spec/lib/pwn/sast/version_spec.rb +3 -3
data/spec/lib/pwn/sast/window_location_hash_spec.rb +3 -3
metadata +1 -3
data/lib/pwn/sast/file_permission.rb +0 -142
data/spec/lib/pwn/sast/file_permission_spec.rb +0 -25

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1449f3192170ba71f7171eb6ff54470dd276324cbc66de13771533e7ac7a2f2f
-  data.tar.gz: bffe598f24a9324a88dc8dd4bc283cca69b5745ed1f72fbafb3ac68920e14082
+  metadata.gz: 13fbc36550dc925df57922b3c0016819d4f67eb472e1b1ad07f772aefad82d2f
+  data.tar.gz: b82a0bf11f719584a998d9998e932f5fa0b7e66725ad2d2231b3d27b9853bfc6
 SHA512:
-  metadata.gz: 79e245b36a1f8debc684f5d32fe72eea16a4876b0b4abfa43da82fb061c2d595111d7d25358e610bc7b4d22eb65f69ef24c7f8d5b053bf70daf512fec99171eb
-  data.tar.gz: fe8b31edbe5fee36dab0943960df7d5df1841a9c3383baf1f8accacca655a1c2d56101c15adbc37b80abf0b306330304b034d2cc72c352b90d90caff77ee2bdb
+  metadata.gz: 212c9352d648bc5f497ceca10e78867a347bae086d93dd1c65dd65595bd7f32ff9a02065be3f092a5ec318f10e5e0ba223893feac4940f03aa75a9c19ca864f0
+  data.tar.gz: bdf727826c0421b696abe80d805dd7f93a018959e1dc675c5dae20929e5b2977ce235a241f679e6a79f9d3a0e8e94f0a3403fc3270610083e98b1f3065c73330

data/README.md CHANGED Viewed

@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.505]:001 >>> PWN.help
+pwn[v0.4.507]:001 >>> PWN.help
 ```
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.505]:001 >>> PWN.help
+pwn[v0.4.507]:001 >>> PWN.help
 ```

data/bin/pwn_sast CHANGED Viewed

@@ -80,7 +80,6 @@ begin
       Emoticon
       Eval
       Factory
-      FilePermission
       HTTPAuthorizationHeader
       InnerHTML
       LocationHash

data/lib/pwn/reports/sast.rb CHANGED Viewed

@@ -101,7 +101,7 @@ module PWN
             <div>
               <b>Toggle Column(s):</b>&nbsp;
               <a class="toggle-vis" data-column="1" href="#">Timestamp</a>&nbsp;|&nbsp;
-              <a class="toggle-vis" data-column="2" href="#">Test Case Invoked/NIST 800-53 Rev. 4 Section</a>&nbsp;|&nbsp;
+              <a class="toggle-vis" data-column="2" href="#">Test Case / Security Requirements</a>&nbsp;|&nbsp;
               <a class="toggle-vis" data-column="3" href="#">Path</a>&nbsp;|&nbsp;
               <a class="toggle-vis" data-column="4" href="#">Line#, Formatted Content, &amp; Last Committed By</a>&nbsp;|&nbsp;
               <a class="toggle-vis" data-column="5" href="#">Raw Content</a>&nbsp;|&nbsp;
@@ -115,7 +115,7 @@ module PWN
                   <tr>
                     <th>#</th>
                     <th>Timestamp</th>
-                    <th>Test Case / NIST 800-53 Security Control</th>
+                    <th>Test Case / Security Requirements</th>
                     <th>Path</th>
                     <th>Line#, Formatted Content, &amp; Last Committed By</th>
                     <th>Raw Content</th>
@@ -170,13 +170,13 @@ module PWN
                       "render": $.fn.dataTable.render.text()
                     },
                     {
-                      "data": "test_case",
+                      "data": "security_requirements",
                       "render": function (data, type, row, meta) {
                         var sast_dirname = data['sast_module'].split('::')[0].toLowerCase() + '/' + data['sast_module'].split('::')[1].toLowerCase();
                         var sast_module = data['sast_module'].split('::')[2];
                         var sast_test_case = sast_module.replace(/\.?([A-Z])/g, function (x,y){ if (sast_module.match(/\.?([A-Z][a-z])/g) ) { return "_" + y.toLowerCase(); } else { return y.toLowerCase(); } }).replace(/^_/g, "");
-                        return '<tr><td style="width:150px;" align="left"><a href="https://github.com/0dayinc/pwn/tree/master/lib/' + htmlEntityEncode(sast_dirname) + '/' + htmlEntityEncode(sast_test_case) + '.rb" target="_blank">' + htmlEntityEncode(data['sast_module'].split("::")[2]) + '</a><br /><a href="' + htmlEntityEncode(data['nist_800_53_uri']) + '" target="_blank">' + htmlEntityEncode(data['section'])  + '</a></td></tr>';
+                        return '<tr><td style="width:150px;" align="left"><a href="https://github.com/0dayinc/pwn/tree/master/lib/' + htmlEntityEncode(sast_dirname) + '/' + htmlEntityEncode(sast_test_case) + '.rb" target="_blank">' + htmlEntityEncode(data['sast_module'].split("::")[2]) + '</a><br /><a href="' + htmlEntityEncode(data['nist_800_53_uri']) + '" target="_blank">NIST 800-53:' + htmlEntityEncode(data['section'])  + '</a><a href="' + htmlEntityEncode(data['cwe_uri']) + '" target="_blank">CWE:' + htmlEntityEncode(data['cwe_id'])  + '</a></td></tr>';
                       }
                     },
                     {
@@ -202,7 +202,7 @@ module PWN
                           var bug_comment = 'Timestamp: ' + row.timestamp + '\n' +
                                             'Test Case: http://' + window.location.hostname + ':8808/doc_root/pwn-0.1.0/' +
-                                              row.test_case['sast_module'].replace(/::/g, "/") + '\n' +
+                                              row.security_requirements['sast_module'].replace(/::/g, "/") + '\n' +
                                             'Source Code Impacted: ' + $("<div/>").html(filename_link).text() + '\n\n' +
                                             'Test Case Request:\n' +
                                             $("<div/>").html(row.test_case_filter.replace(/\s{2,}/g, " ")).text() + '\n\n' +

data/lib/pwn/sast/amqp_connect_as_guest.rb CHANGED Viewed

@@ -50,7 +50,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'ACCOUNT MANAGEMENT',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-2'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-2',
+          cwe_id: '285',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/285.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/apache_file_system_util_api.rb CHANGED Viewed

@@ -49,7 +49,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -97,6 +97,8 @@ module PWN
           @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
         end
         result_arr
+      rescue StandardError => e
+        raise e
       end
       # Used primarily to map NIST 800-53 Revision 4 Security Controls
@@ -104,12 +106,16 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '78',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/78.html'
         }
+      rescue StandardError => e
+        raise e
       end
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>

data/lib/pwn/sast/aws.rb CHANGED Viewed

@@ -50,7 +50,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -107,11 +107,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'TRANSMISSION CONFIDENTIALITY AND INTEGRITY',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-8'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-8',
+          cwe_id: '256',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/256.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/banned_function_calls_c.rb CHANGED Viewed

@@ -177,7 +177,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -225,6 +225,8 @@ module PWN
           @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
         end
         result_arr
+      rescue StandardError => e
+        raise e
       end
       # Used primarily to map NIST 800-53 Revision 4 Security Controls
@@ -232,12 +234,16 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '676',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/676.html'
         }
+      rescue StandardError => e
+        raise e
       end
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>

data/lib/pwn/sast/base64.rb CHANGED Viewed

@@ -51,7 +51,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -103,16 +103,15 @@ module PWN
         raise e
       end
-      # Used primarily to map NIST 800-53 Revision 4 Security Controls
-      # https://web.nvd.nist.gov/view/800-53/Rev4/impact?impactName=HIGH
-      # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
-      # Determine the level of Testing Coverage w/ PWN.
+      # Used to dictate Security Control Requirements for a Given SAST module.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'PROTECTION OF INFORMATION AT REST',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28',
+          cwe_id: '95',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/95.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/beef_hook.rb CHANGED Viewed

@@ -45,7 +45,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -102,11 +102,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
+          cwe_id: '506',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/506.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/cmd_execution_java.rb CHANGED Viewed

@@ -50,7 +50,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -107,11 +107,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '78',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/78.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/cmd_execution_python.rb CHANGED Viewed

@@ -52,7 +52,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -109,11 +109,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '78',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/78.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/cmd_execution_ruby.rb CHANGED Viewed

@@ -60,7 +60,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -117,11 +117,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '78',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/78.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/cmd_execution_scala.rb CHANGED Viewed

@@ -50,7 +50,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -107,11 +107,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '78',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/78.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/csrf.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -103,12 +103,16 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
+          cwe_id: '352',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/352.html'
         }
+      rescue StandardError => e
+        raise e
       end
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>

data/lib/pwn/sast/deserial_java.rb CHANGED Viewed

@@ -47,7 +47,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -102,12 +102,16 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'INFORMATION INPUT VALIDATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-10',
+          cwe_id: '502',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/502.html'
         }
+      rescue StandardError => e
+        raise e
       end
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>

data/lib/pwn/sast/emoticon.rb CHANGED Viewed

@@ -52,7 +52,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -110,11 +110,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'LEAST PRIVILEGE',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=AC-6',
+          cwe_id: '546',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/546.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/eval.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
+          cwe_id: '95',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/95.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/factory.rb CHANGED Viewed

@@ -47,7 +47,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -102,12 +102,16 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'DEVELOPER CONFIGURATION MANAGEMENT',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-10'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-10',
+          cwe_id: '611',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/611.html'
         }
+      rescue StandardError => e
+        raise e
       end
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>

data/lib/pwn/sast/http_authorization_header.rb CHANGED Viewed

@@ -57,7 +57,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -112,11 +112,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'PROTECTION OF INFORMATION AT REST',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28',
+          cwe_id: '285',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/285.html'
         }
       end

data/lib/pwn/sast/inner_html.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
+          cwe_id: '79',
+          uri: 'https://cwe.mitre.org/data/definitions/79.html'
         }
       rescue StandardError => e
         raise e

data/lib/pwn/sast/keystore.rb CHANGED Viewed

@@ -45,7 +45,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -102,11 +102,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-12'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-12',
+          cwe_id: '522',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/522.html'
         }
       rescue StandardError => e
         raise e.mesasge

data/lib/pwn/sast/location_hash.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module PWN
               hash_line = {
                 timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                test_case: nist_800_53_requirements,
+                security_requirements: security_requirements,
                 filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
                 line_no_and_contents: '',
                 raw_content: str,
@@ -105,11 +105,13 @@ module PWN
       # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
       # Determine the level of Testing Coverage w/ PWN.
-      public_class_method def self.nist_800_53_requirements
+      public_class_method def self.security_requirements
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
+          cwe_id: '79',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'
         }
       rescue StandardError => e
         raise e