pwn 0.4.946 → 0.4.947

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -1
  3. data/README.md +3 -3
  4. data/lib/pwn/plugins/defect_dojo.rb +15 -5
  5. data/lib/pwn/version.rb +1 -1
  6. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f3a65a4e72f31051e5ec333f1efc58e21bc8650d15ef29bdf38eccf805474cfc
4
- data.tar.gz: def1ec22da82dbb03d436fa0dc36b42763665cf876b6075c47f4ed672f2a88b4
3
+ metadata.gz: 35ad95e3f2c012fd9bd7579992110c76fad9601e1fd4655f41cffd4f75304b2d
4
+ data.tar.gz: 25ca4e36952569ca57c99ba987a195a325dd290ce2daef5b28fa84bdb0d5095e
5
5
  SHA512:
6
- metadata.gz: d42f0e7255ee7d001abe6f4f91d5bd2c37ab4930d16eeb93eda64bc70ffc64c8193855d26c6589aa1dfd4b3df6eb52f04f683a0af88a129de249b0109c6fde32
7
- data.tar.gz: 130e9b478e59c7f15822600f6de4bfe78c4e4720ed27174e185731b1d2d2cc897183e4a2ba5db103315beb16df270790307e42d2c4b107221f3052ed504b110c
6
+ metadata.gz: 677f7cf35ac1d65d3ac256b72bf129ceababb0dddc9d370518827b0c5e3dde16a67b0968c82bb9a25b19f62d18a9ebf54b6f73c8fed4c4a215c59f33ff506ed6
7
+ data.tar.gz: 65d9999df4fcfc2d1a5a131f01d4e0493882f37a39d868bba7d99afa2e9936171a1856da635b55fc480e5bab6e2fe024699ad6748ab566e88f4f11a9207b7886
data/Gemfile CHANGED
@@ -19,7 +19,7 @@ gem 'aws-sdk', '3.2.0'
19
19
  gem 'barby', '0.6.9'
20
20
  gem 'brakeman', '6.1.0'
21
21
  gem 'bson', '4.15.0'
22
- gem 'bundler', '>=2.5.1'
22
+ gem 'bundler', '>=2.5.2'
23
23
  gem 'bundler-audit', '0.9.1'
24
24
  gem 'bunny', '2.22.0'
25
25
  gem 'colorize', '1.1.0'
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ cd /opt/pwn
37
37
  $ ./install.sh
38
38
  $ ./install.sh ruby-gem
39
39
  $ pwn
40
- pwn[v0.4.946]:001 >>> PWN.help
40
+ pwn[v0.4.947]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.946]:001 >>> PWN.help
55
+ pwn[v0.4.947]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
  If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.2.2@pwn
62
62
  $ rvmsudo gem uninstall --all --executables pwn
63
63
  $ rvmsudo gem install --verbose pwn
64
64
  $ pwn
65
- pwn[v0.4.946]:001 >>> PWN.help
65
+ pwn[v0.4.947]:001 >>> PWN.help
66
66
  ```
67
67
 
68
68
 
data/lib/pwn/plugins/defect_dojo.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'json'
4
+ require 'securerandom'
4
5
 
5
6
  module PWN
6
7
  module Plugins
@@ -76,11 +77,12 @@ module PWN
76
77
  )
77
78
  end
78
79
 
79
- rest_client = browser_obj[:browser]::Request
80
+ rest_client = browser_obj[:browser]
81
+ rest_request = rest_client::Request
80
82
 
81
83
  case http_method
82
84
  when :get
83
- response = rest_client.execute(
85
+ response = rest_request.execute(
84
86
  method: :get,
85
87
  url: "#{base_dd_api_uri}/#{rest_call}",
86
88
  headers: {
@@ -95,13 +97,21 @@ module PWN
95
97
 
96
98
  when :post
97
99
  if http_body.key?(:multipart)
98
- content_type = 'multipart/form-data'
99
- payload = http_body
100
+ # Hack to fix name="tags[]" to name="tags" to allow for multi-tag submission
101
+ # otherwise we could just used payload = http_body
102
+ multipart = rest_client::Payload::Multipart.new(http_body)
103
+ content_type = multipart.headers['Content-Type']
104
+ multipart_massaged = multipart.to_s.gsub(
105
+ 'Content-Disposition: form-data; name="tags[]"',
106
+ 'Content-Disposition: form-data; name="tags"'
107
+ )
108
+ base = rest_client::Payload::Base.new(multipart_massaged)
109
+ payload = base.to_s
100
110
  else
101
111
  payload = http_body.to_json
102
112
  end
103
113
 
104
- response = rest_client.execute(
114
+ response = rest_request.execute(
105
115
  method: :post,
106
116
  url: "#{base_dd_api_uri}/#{rest_call}",
107
117
  headers: {
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.946'
4
+ VERSION = '0.4.947'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.946
4
+ version: 0.4.947
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-12-19 00:00:00.000000000 Z
11
+ date: 2023-12-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - ">="
116
116
  - !ruby/object:Gem::Version
117
- version: 2.5.1
117
+ version: 2.5.2
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - ">="
123
123
  - !ruby/object:Gem::Version
124
- version: 2.5.1
124
+ version: 2.5.2
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: bundler-audit
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -2226,7 +2226,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
2226
2226
  - !ruby/object:Gem::Version
2227
2227
  version: '0'
2228
2228
  requirements: []
2229
- rubygems_version: 3.5.1
2229
+ rubygems_version: 3.5.2
2230
2230
  signing_key:
2231
2231
  specification_version: 4
2232
2232
  summary: Automated Security Testing for CI/CD Pipelines & Beyond