pwn 0.5.4 → 0.5.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +3 -3
  3. data/bin/pwn_bdba_groups +13 -1
  4. data/bin/pwn_bdba_scan +1 -6
  5. data/lib/pwn/plugins/black_duck_binary_analysis.rb +7 -7
  6. data/lib/pwn/version.rb +1 -1
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5c89b0a1d4b4b25ebfb0865c8528df03e291131fb0316c511124bc75dd73bbdb
4
- data.tar.gz: 40da0baedc0ccd44dc1210119c073bf33e911574bc6c374d0c1a74c92870bfe3
3
+ metadata.gz: 830ff0222ce1d91faa0cb731810085935ad1c9da2e1785d6468ba5419e3bfb87
4
+ data.tar.gz: efcb347f3225693b7b67ac78e09635c2c186cc9302dd1b37e103eaf658d156f2
5
5
  SHA512:
6
- metadata.gz: 1ebd87a44ea07f5395f61cf81926e9da2839d2f08ba626fdb632361b33947bbc8064764de515a456f6cc8790038413a82bcfdbc0ea3777ce898af19a144307f0
7
- data.tar.gz: 2cca8da63a833cf6404f5c38c6fb1c818e3600deb1dbf3d600a6ab5d0965c1d7790b145f7293664d746ded7d09908b3c0fe037a70aa8f89a005edc98c864a278
6
+ metadata.gz: cb81f182a1d8de751a45bf66fd73ccdfb64ab01bdbb9c5921d8673888f9de7744c9bc7a2c422e388566d1a8c20e778ee7e8870640f15969a6be40139d7ad763e
7
+ data.tar.gz: 3d3c30615ef6808af1b5441ee5642ab7acdb3a7989755f115f93c3e2cc4b56f0a75ad3c468743100377f327208e2c4154c326aa8e99c656afc9f96a5f3d6d5bc
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ cd /opt/pwn
37
37
  $ ./install.sh
38
38
  $ ./install.sh ruby-gem
39
39
  $ pwn
40
- pwn[v0.5.4]:001 >>> PWN.help
40
+ pwn[v0.5.5]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.5.4]:001 >>> PWN.help
55
+ pwn[v0.5.5]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
  If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
62
62
  $ rvmsudo gem uninstall --all --executables pwn
63
63
  $ rvmsudo gem install --verbose pwn
64
64
  $ pwn
65
- pwn[v0.5.4]:001 >>> PWN.help
65
+ pwn[v0.5.5]:001 >>> PWN.help
66
66
  ```
67
67
 
68
68
  PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
data/bin/pwn_bdba_groups CHANGED
@@ -26,6 +26,14 @@ OptionParser.new do |options|
26
26
  options.on('-pID', '--parent-group-id=ID', '<Optional - Black Duck Binary Analysis Parent Group ID to Associate with Group>') do |p|
27
27
  opts[:parent_group_id] = p
28
28
  end
29
+
30
+ options.on('-bSEC', '--binary-cleanup-age=SEC', '<Optional - after how long the binary will be deleted in seconds (Default: 2_592_000 / 30 days)>') do |b|
31
+ opts[:binary_cleanup_age] = b
32
+ end
33
+
34
+ options.on('-PSEC', '--product-cleanup-age=SEC', '<Optional - after how long the product will be deleted in seconds (Default: 2_592_000 / 30 days)>') do |p|
35
+ opts[:product_cleanup_age] = p
36
+ end
29
37
  end.parse!
30
38
 
31
39
  if opts.empty?
@@ -47,6 +55,8 @@ begin
47
55
 
48
56
  list_group_name = opts[:list_group_name]
49
57
  parent_group_id = opts[:parent_group_id]
58
+ binary_cleanup_age = opts[:binary_cleanup_age]
59
+ product_cleanup_age = opts[:product_cleanup_age]
50
60
 
51
61
  if list_group_name
52
62
  groups_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
@@ -95,7 +105,9 @@ begin
95
105
  create_group_resp = PWN::Plugins::BlackDuckBinaryAnalysis.create_group(
96
106
  token: token,
97
107
  name: group_name,
98
- parent_id: parent_group_id
108
+ parent_id: parent_group_id,
109
+ binary_cleanup_age: binary_cleanup_age,
110
+ product_cleanup_age: product_cleanup_age
99
111
  )
100
112
 
101
113
  puts create_group_resp.to_json
data/bin/pwn_bdba_scan CHANGED
@@ -149,12 +149,7 @@ begin
149
149
  # File encoding conducting by synopsis is kinda goofy.
150
150
  # The encode space w/ + (which is expected) but dont
151
151
  # encode + to %2B (whiich _isn't_ expected)
152
- target_basename = CGI.escape(
153
- File.basename(target_file)
154
- ).gsub(
155
- '%2B',
156
- '+'
157
- )
152
+ target_basename = CGI.unescape_uri_component(File.basename(target_file))
158
153
 
159
154
  find_product = scan_progress_resp[:products].find { |p| p[:name] == target_basename }
160
155
 
data/lib/pwn/plugins/black_duck_binary_analysis.rb CHANGED
@@ -197,7 +197,7 @@ module PWN
197
197
  response = bd_bin_analysis_rest_call(
198
198
  http_method: :put,
199
199
  token: token,
200
- rest_call: "upload/#{CGI.escape(file_name)}",
200
+ rest_call: "upload/#{CGI.escape_uri_component(file_name)}",
201
201
  http_headers: http_headers,
202
202
  http_body: http_body
203
203
  )
@@ -326,8 +326,8 @@ module PWN
326
326
  # desc: 'optional - group description',
327
327
  # parent_id: 'optional - parent group id',
328
328
  # delete_binary: 'optional - delete binary after analysis C|Y|N (Default: C== company default)',
329
- # binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 604_800 / 1 week)',
330
- # product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 604_800 / 1 week)',
329
+ # binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 2_592_000 / 30 days)',
330
+ # product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 2_592_000 / 30 days)',
331
331
  # file_download_enabled: 'optional - allow download of uploaded binaries from group (Default: false),
332
332
  # low_risk_tolerance: 'optional - low risk tolerance nil|true|false (Default: nil == company default)',
333
333
  # include_historical_vulns: 'optional - include historical vulns nil|true|false (Default: nil == company default)',
@@ -345,8 +345,8 @@ module PWN
345
345
  desc = opts[:desc]
346
346
  parent_id = opts[:parent_id]
347
347
  delete_binary = opts[:delete_binary] ||= 'C'
348
- binary_cleanup_age = opts[:binary_cleanup_age] ||= 604_800
349
- product_cleanup_age = opts[:product_cleanup_age] ||= 604_800
348
+ binary_cleanup_age = opts[:binary_cleanup_age] ||= 2_592_000
349
+ product_cleanup_age = opts[:product_cleanup_age] ||= 2_592_000
350
350
  file_download_enabled = opts[:file_download_enabled] ||= false
351
351
  low_risk_tolerance = opts[:low_risk_tolerance]
352
352
  include_historical_vulns = opts[:include_historical_vulns]
@@ -654,8 +654,8 @@ module PWN
654
654
  desc: 'optional - group description',
655
655
  parent_id: 'optional - parent_id group id',
656
656
  delete_binary: 'optional - delete binary after analysis C|Y|N (Default: C== company default)',
657
- binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 604_800 / 1 week)',
658
- product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 604_800 / 1 week)',
657
+ binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 2_592_000 / 30 days)',
658
+ product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 2_592_000 / 30 days)',
659
659
  file_download_enabled: 'optional - allow download of uploaded binaries from group (Default: false),
660
660
  low_risk_tolerance: 'optional - low risk tolerance nil|true|false (Default: nil == company default)',
661
661
  include_historical_vulns: 'optional - include historical vulns nil|true|false (Default: nil == company default)',
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.5.4'
4
+ VERSION = '0.5.5'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.4
4
+ version: 0.5.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.