pwn 0.4.925 → 0.4.926
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +2 -2
- data/README.md +4 -4
- data/bin/pwn_sast +1 -0
- data/lib/pwn/sast/php_type_juggling.rb +5 -2
- data/lib/pwn/sast/type_script_type_juggling.rb +147 -0
- data/lib/pwn/sast.rb +1 -0
- data/lib/pwn/version.rb +1 -1
- data/spec/lib/pwn/sast/type_script_type_juggling_spec.rb +25 -0
- metadata +8 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 49492aee847341ef09e634d752652f813666ab6c751b1e7103630f5e30895c6a
|
4
|
+
data.tar.gz: 65e9cc6e778a4d42dac69f2f23ba2ccee0549be77cec59329dcddb6f57da16fe
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0af9375c6443bc146f3ddfd60a8b67c825ec581bccdf54cc6a4ca8cbb16bf7d47adda650de64e8c9084632a10f45f22fcc06231f3a38d4893a427ba15ef54b86
|
7
|
+
data.tar.gz: 718927c0bbf3d43a49e90996f63bdfd3ddaed3baf92910e473fe27fa654646f8b8d4146dc350e5bcaf9eab1a920b2950924cb101b03a3658e5723e9c8d608a8b
|
data/Gemfile
CHANGED
@@ -69,7 +69,7 @@ gem 'rmagick', '5.3.0'
|
|
69
69
|
gem 'rqrcode', '2.2.0'
|
70
70
|
gem 'rspec', '3.12.0'
|
71
71
|
gem 'rtesseract', '3.1.3'
|
72
|
-
gem 'rubocop', '1.
|
72
|
+
gem 'rubocop', '1.57.0'
|
73
73
|
gem 'rubocop-rake', '0.6.0'
|
74
74
|
gem 'rubocop-rspec', '2.24.1'
|
75
75
|
gem 'ruby-audio', '1.6.1'
|
@@ -83,7 +83,7 @@ gem 'sinatra', '3.1.0'
|
|
83
83
|
gem 'slack-ruby-client', '2.2.0'
|
84
84
|
gem 'socksify', '1.7.1'
|
85
85
|
gem 'spreadsheet', '1.3.0'
|
86
|
-
gem 'sqlite3', '1.6.
|
86
|
+
gem 'sqlite3', '1.6.7'
|
87
87
|
gem 'thin', '1.8.2'
|
88
88
|
gem 'tty-prompt', '0.23.1'
|
89
89
|
gem 'tty-spinner', '0.9.3'
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.926]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
If you're using a multi-user install of RVM do:
|
@@ -48,7 +48,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
48
48
|
$ rvm list gemsets
|
49
49
|
$ rvmsudo gem install --verbose pwn
|
50
50
|
$ pwn
|
51
|
-
pwn[v0.4.
|
51
|
+
pwn[v0.4.926]:001 >>> PWN.help
|
52
52
|
```
|
53
53
|
|
54
54
|
[](https://youtu.be/G7iLUY4FzsI)
|
@@ -63,7 +63,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
63
63
|
$ gem uninstall --all --executables pwn
|
64
64
|
$ gem install --verbose pwn
|
65
65
|
$ pwn
|
66
|
-
pwn[v0.4.
|
66
|
+
pwn[v0.4.926]:001 >>> PWN.help
|
67
67
|
```
|
68
68
|
|
69
69
|
If you're using a multi-user install of RVM do:
|
@@ -73,7 +73,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
73
73
|
$ rvmsudo gem uninstall --all --executables pwn
|
74
74
|
$ rvmsudo gem install --verbose pwn
|
75
75
|
$ pwn
|
76
|
-
pwn[v0.4.
|
76
|
+
pwn[v0.4.926]:001 >>> PWN.help
|
77
77
|
```
|
78
78
|
|
79
79
|
|
data/bin/pwn_sast
CHANGED
@@ -0,0 +1,147 @@
|
|
1
|
+
# frozen_string_literal: false
|
2
|
+
|
3
|
+
require 'socket'
|
4
|
+
|
5
|
+
module PWN
|
6
|
+
module SAST
|
7
|
+
# SAST Module used to identify loose comparisons
|
8
|
+
# (i.e. == instead of ===) within TypeScript source code.
|
9
|
+
module TypeScriptTypeJuggling
|
10
|
+
@@logger = PWN::Plugins::PWNLogger.create
|
11
|
+
|
12
|
+
# Supported Method Parameters::
|
13
|
+
# PWN::SAST::TypeScriptTypeJuggling.scan(
|
14
|
+
# dir_path: 'optional path to dir defaults to .'
|
15
|
+
# git_repo_root_uri: 'optional http uri of git repo scanned'
|
16
|
+
# )
|
17
|
+
|
18
|
+
public_class_method def self.scan(opts = {})
|
19
|
+
dir_path = opts[:dir_path]
|
20
|
+
git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
|
21
|
+
result_arr = []
|
22
|
+
logger_results = ''
|
23
|
+
|
24
|
+
PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
|
25
|
+
if (File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/) && File.extname(entry).include?('.ts') && entry !~ /test/i
|
26
|
+
line_no_and_contents_arr = []
|
27
|
+
entry_beautified = false
|
28
|
+
|
29
|
+
if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
|
30
|
+
js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED`.to_s.scrub
|
31
|
+
entry = "#{entry}.JS-BEAUTIFIED"
|
32
|
+
entry_beautified = true
|
33
|
+
end
|
34
|
+
|
35
|
+
test_case_filter = "
|
36
|
+
grep -Fn \
|
37
|
+
-e '==' \
|
38
|
+
-e '!=' #{entry} \ |
|
39
|
+
grep -v \
|
40
|
+
-e '===' \
|
41
|
+
-e '!==' \
|
42
|
+
"
|
43
|
+
|
44
|
+
str = `#{test_case_filter}`.to_s.scrub
|
45
|
+
|
46
|
+
if str.to_s.empty?
|
47
|
+
# If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
|
48
|
+
logger_results = "#{logger_results}~" # Catching bugs is good :)
|
49
|
+
else
|
50
|
+
str = "1:Result larger than 64KB -> Size: #{str.to_s.length}. Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
|
51
|
+
|
52
|
+
hash_line = {
|
53
|
+
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
54
|
+
security_references: security_references,
|
55
|
+
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
56
|
+
line_no_and_contents: '',
|
57
|
+
raw_content: str,
|
58
|
+
test_case_filter: test_case_filter
|
59
|
+
}
|
60
|
+
|
61
|
+
# COMMMENT: Must be a better way to implement this (regex is kinda funky)
|
62
|
+
line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
|
63
|
+
line_no_count = line_contents_split.length # This should always be an even number
|
64
|
+
current_count = 0
|
65
|
+
while line_no_count > current_count
|
66
|
+
line_no = line_contents_split[current_count]
|
67
|
+
contents = line_contents_split[current_count + 1]
|
68
|
+
if Dir.exist?("#{dir_path}/.git") ||
|
69
|
+
Dir.exist?('.git')
|
70
|
+
|
71
|
+
repo_root = dir_path
|
72
|
+
repo_root = '.' if Dir.exist?('.git')
|
73
|
+
|
74
|
+
author = PWN::Plugins::Git.get_author(
|
75
|
+
repo_root: repo_root,
|
76
|
+
from_line: line_no,
|
77
|
+
to_line: line_no,
|
78
|
+
target_file: entry,
|
79
|
+
entry_beautified: entry_beautified
|
80
|
+
)
|
81
|
+
else
|
82
|
+
author = 'N/A'
|
83
|
+
end
|
84
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
85
|
+
line_no: line_no,
|
86
|
+
contents: contents,
|
87
|
+
author: author
|
88
|
+
)
|
89
|
+
|
90
|
+
current_count += 2
|
91
|
+
end
|
92
|
+
result_arr.push(hash_line)
|
93
|
+
logger_results = "#{logger_results}x" # Seeing progress is good :)
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
97
|
+
logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
|
98
|
+
if logger_results.empty?
|
99
|
+
@@logger.info("#{logger_banner}: No files applicable to this test case.\n")
|
100
|
+
else
|
101
|
+
@@logger.info("#{logger_banner} => #{logger_results}complete.\n")
|
102
|
+
end
|
103
|
+
result_arr
|
104
|
+
rescue StandardError => e
|
105
|
+
raise e
|
106
|
+
end
|
107
|
+
|
108
|
+
# Used primarily to map NIST 800-53 Revision 4 Security Controls
|
109
|
+
# https://web.nvd.nist.gov/view/800-53/Rev4/impact?impactName=HIGH
|
110
|
+
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
111
|
+
# Determine the level of Testing Coverage w/ PWN.
|
112
|
+
|
113
|
+
public_class_method def self.security_references
|
114
|
+
{
|
115
|
+
sast_module: self,
|
116
|
+
section: 'DEVELOPER SECURITY AND PRIVACY ARCHITECTURE AND DESIGN',
|
117
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SA-17',
|
118
|
+
cwe_id: '661',
|
119
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/661.html'
|
120
|
+
}
|
121
|
+
rescue StandardError => e
|
122
|
+
raise e
|
123
|
+
end
|
124
|
+
|
125
|
+
# Author(s):: 0day Inc. <request.pentest@0dayinc.com>
|
126
|
+
|
127
|
+
public_class_method def self.authors
|
128
|
+
"AUTHOR(S):
|
129
|
+
0day Inc. <request.pentest@0dayinc.com>
|
130
|
+
"
|
131
|
+
end
|
132
|
+
|
133
|
+
# Display Usage for this Module
|
134
|
+
|
135
|
+
public_class_method def self.help
|
136
|
+
puts "USAGE:
|
137
|
+
sast_arr = #{self}.scan(
|
138
|
+
:dir_path => 'optional path to dir defaults to .',
|
139
|
+
:git_repo_root_uri => 'optional http uri of git repo scanned'
|
140
|
+
)
|
141
|
+
|
142
|
+
#{self}.authors
|
143
|
+
"
|
144
|
+
end
|
145
|
+
end
|
146
|
+
end
|
147
|
+
end
|
data/lib/pwn/sast.rb
CHANGED
@@ -45,6 +45,7 @@ module PWN
|
|
45
45
|
autoload :TaskTag, 'pwn/sast/task_tag'
|
46
46
|
autoload :ThrowErrors, 'pwn/sast/throw_errors'
|
47
47
|
autoload :Token, 'pwn/sast/token'
|
48
|
+
autoload :TypeScriptTypeJuggling, 'pwn/sast/type_script_type_juggling'
|
48
49
|
autoload :Version, 'pwn/sast/version'
|
49
50
|
autoload :WindowLocationHash, 'pwn/sast/window_location_hash'
|
50
51
|
|
data/lib/pwn/version.rb
CHANGED
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe PWN::SAST::TypeScriptTypeJuggling do
|
6
|
+
it 'scan method should exist' do
|
7
|
+
scan_response = PWN::SAST::TypeScriptTypeJuggling
|
8
|
+
expect(scan_response).to respond_to :scan
|
9
|
+
end
|
10
|
+
|
11
|
+
it 'should display information for security_references' do
|
12
|
+
security_references_response = PWN::SAST::TypeScriptTypeJuggling
|
13
|
+
expect(security_references_response).to respond_to :security_references
|
14
|
+
end
|
15
|
+
|
16
|
+
it 'should display information for authors' do
|
17
|
+
authors_response = PWN::SAST::TypeScriptTypeJuggling
|
18
|
+
expect(authors_response).to respond_to :authors
|
19
|
+
end
|
20
|
+
|
21
|
+
it 'should display information for existing help method' do
|
22
|
+
help_response = PWN::SAST::TypeScriptTypeJuggling
|
23
|
+
expect(help_response).to respond_to :help
|
24
|
+
end
|
25
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.926
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-10-
|
11
|
+
date: 2023-10-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -800,14 +800,14 @@ dependencies:
|
|
800
800
|
requirements:
|
801
801
|
- - '='
|
802
802
|
- !ruby/object:Gem::Version
|
803
|
-
version: 1.
|
803
|
+
version: 1.57.0
|
804
804
|
type: :runtime
|
805
805
|
prerelease: false
|
806
806
|
version_requirements: !ruby/object:Gem::Requirement
|
807
807
|
requirements:
|
808
808
|
- - '='
|
809
809
|
- !ruby/object:Gem::Version
|
810
|
-
version: 1.
|
810
|
+
version: 1.57.0
|
811
811
|
- !ruby/object:Gem::Dependency
|
812
812
|
name: rubocop-rake
|
813
813
|
requirement: !ruby/object:Gem::Requirement
|
@@ -996,14 +996,14 @@ dependencies:
|
|
996
996
|
requirements:
|
997
997
|
- - '='
|
998
998
|
- !ruby/object:Gem::Version
|
999
|
-
version: 1.6.
|
999
|
+
version: 1.6.7
|
1000
1000
|
type: :runtime
|
1001
1001
|
prerelease: false
|
1002
1002
|
version_requirements: !ruby/object:Gem::Requirement
|
1003
1003
|
requirements:
|
1004
1004
|
- - '='
|
1005
1005
|
- !ruby/object:Gem::Version
|
1006
|
-
version: 1.6.
|
1006
|
+
version: 1.6.7
|
1007
1007
|
- !ruby/object:Gem::Dependency
|
1008
1008
|
name: thin
|
1009
1009
|
requirement: !ruby/object:Gem::Requirement
|
@@ -1774,6 +1774,7 @@ files:
|
|
1774
1774
|
- lib/pwn/sast/task_tag.rb
|
1775
1775
|
- lib/pwn/sast/throw_errors.rb
|
1776
1776
|
- lib/pwn/sast/token.rb
|
1777
|
+
- lib/pwn/sast/type_script_type_juggling.rb
|
1777
1778
|
- lib/pwn/sast/version.rb
|
1778
1779
|
- lib/pwn/sast/window_location_hash.rb
|
1779
1780
|
- lib/pwn/version.rb
|
@@ -2086,6 +2087,7 @@ files:
|
|
2086
2087
|
- spec/lib/pwn/sast/task_tag_spec.rb
|
2087
2088
|
- spec/lib/pwn/sast/throw_errors_spec.rb
|
2088
2089
|
- spec/lib/pwn/sast/token_spec.rb
|
2090
|
+
- spec/lib/pwn/sast/type_script_type_juggling_spec.rb
|
2089
2091
|
- spec/lib/pwn/sast/version_spec.rb
|
2090
2092
|
- spec/lib/pwn/sast/window_location_hash_spec.rb
|
2091
2093
|
- spec/lib/pwn/sast_spec.rb
|