pwn 0.4.946 → 0.4.947

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -1
  3. data/README.md +3 -3
  4. data/lib/pwn/plugins/defect_dojo.rb +15 -5
  5. data/lib/pwn/version.rb +1 -1
  6. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f3a65a4e72f31051e5ec333f1efc58e21bc8650d15ef29bdf38eccf805474cfc
4
- data.tar.gz: def1ec22da82dbb03d436fa0dc36b42763665cf876b6075c47f4ed672f2a88b4
3
+ metadata.gz: 35ad95e3f2c012fd9bd7579992110c76fad9601e1fd4655f41cffd4f75304b2d
4
+ data.tar.gz: 25ca4e36952569ca57c99ba987a195a325dd290ce2daef5b28fa84bdb0d5095e
5
5
  SHA512:
6
- metadata.gz: d42f0e7255ee7d001abe6f4f91d5bd2c37ab4930d16eeb93eda64bc70ffc64c8193855d26c6589aa1dfd4b3df6eb52f04f683a0af88a129de249b0109c6fde32
7
- data.tar.gz: 130e9b478e59c7f15822600f6de4bfe78c4e4720ed27174e185731b1d2d2cc897183e4a2ba5db103315beb16df270790307e42d2c4b107221f3052ed504b110c
6
+ metadata.gz: 677f7cf35ac1d65d3ac256b72bf129ceababb0dddc9d370518827b0c5e3dde16a67b0968c82bb9a25b19f62d18a9ebf54b6f73c8fed4c4a215c59f33ff506ed6
7
+ data.tar.gz: 65d9999df4fcfc2d1a5a131f01d4e0493882f37a39d868bba7d99afa2e9936171a1856da635b55fc480e5bab6e2fe024699ad6748ab566e88f4f11a9207b7886
data/Gemfile CHANGED
@@ -19,7 +19,7 @@ gem 'aws-sdk', '3.2.0'
19
19
  gem 'barby', '0.6.9'
20
20
  gem 'brakeman', '6.1.0'
21
21
  gem 'bson', '4.15.0'
22
- gem 'bundler', '>=2.5.1'
22
+ gem 'bundler', '>=2.5.2'
23
23
  gem 'bundler-audit', '0.9.1'
24
24
  gem 'bunny', '2.22.0'
25
25
  gem 'colorize', '1.1.0'
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ cd /opt/pwn
37
37
  $ ./install.sh
38
38
  $ ./install.sh ruby-gem
39
39
  $ pwn
40
- pwn[v0.4.946]:001 >>> PWN.help
40
+ pwn[v0.4.947]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.946]:001 >>> PWN.help
55
+ pwn[v0.4.947]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
  If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.2.2@pwn
62
62
  $ rvmsudo gem uninstall --all --executables pwn
63
63
  $ rvmsudo gem install --verbose pwn
64
64
  $ pwn
65
- pwn[v0.4.946]:001 >>> PWN.help
65
+ pwn[v0.4.947]:001 >>> PWN.help
66
66
  ```
67
67
 
68
68
 
data/lib/pwn/plugins/defect_dojo.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'json'
4
+ require 'securerandom'
4
5
 
5
6
  module PWN
6
7
  module Plugins
@@ -76,11 +77,12 @@ module PWN
76
77
  )
77
78
  end
78
79
 
79
- rest_client = browser_obj[:browser]::Request
80
+ rest_client = browser_obj[:browser]
81
+ rest_request = rest_client::Request
80
82
 
81
83
  case http_method
82
84
  when :get
83
- response = rest_client.execute(
85
+ response = rest_request.execute(
84
86
  method: :get,
85
87
  url: "#{base_dd_api_uri}/#{rest_call}",
86
88
  headers: {
@@ -95,13 +97,21 @@ module PWN
95
97
 
96
98
  when :post
97
99
  if http_body.key?(:multipart)
98
- content_type = 'multipart/form-data'
99
- payload = http_body
100
+ # Hack to fix name="tags[]" to name="tags" to allow for multi-tag submission
101
+ # otherwise we could just used payload = http_body
102
+ multipart = rest_client::Payload::Multipart.new(http_body)
103
+ content_type = multipart.headers['Content-Type']
104
+ multipart_massaged = multipart.to_s.gsub(
105
+ 'Content-Disposition: form-data; name="tags[]"',
106
+ 'Content-Disposition: form-data; name="tags"'
107
+ )
108
+ base = rest_client::Payload::Base.new(multipart_massaged)
109
+ payload = base.to_s
100
110
  else
101
111
  payload = http_body.to_json
102
112
  end
103
113
 
104
- response = rest_client.execute(
114
+ response = rest_request.execute(
105
115
  method: :post,
106
116
  url: "#{base_dd_api_uri}/#{rest_call}",
107
117
  headers: {
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.946'
4
+ VERSION = '0.4.947'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.946
4
+ version: 0.4.947
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-12-19 00:00:00.000000000 Z
11
+ date: 2023-12-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - ">="
116
116
  - !ruby/object:Gem::Version
117
- version: 2.5.1
117
+ version: 2.5.2
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - ">="
123
123
  - !ruby/object:Gem::Version
124
- version: 2.5.1
124
+ version: 2.5.2
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: bundler-audit
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -2226,7 +2226,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
2226
2226
  - !ruby/object:Gem::Version
2227
2227
  version: '0'
2228
2228
  requirements: []
2229
- rubygems_version: 3.5.1
2229
+ rubygems_version: 3.5.2
2230
2230
  signing_key:
2231
2231
  specification_version: 4
2232
2232
  summary: Automated Security Testing for CI/CD Pipelines & Beyond