Module: PWN::SAST::LocalStorage
- Defined in:
- lib/pwn/sast/local_storage.rb
Overview
SAST Module used to identify any localStorage function/method declarations within source code in an effort to determine if XSS is possible
Constant Summary collapse
Class Method Summary collapse
-
.authors ⇒ Object
- Author(s)
-
0day Inc.
-
.help ⇒ Object
Display Usage for this Module.
-
.scan(opts = {}) ⇒ Object
- Supported Method Parameters
-
PWN::SAST::LocalStorage.scan( dir_path: ‘optional path to dir defaults to .’ git_repo_root_uri: ‘optional http uri of git repo scanned’ ).
-
.security_references ⇒ Object
Used primarily to map NIST 800-53 Revision 4 Security Controls web.nvd.nist.gov/view/800-53/Rev4/impact?impactName=HIGH to PWN Exploit & Static Code Anti-Pattern Matching Modules to Determine the level of Testing Coverage w/ PWN.
Class Method Details
.authors ⇒ Object
- Author(s)
-
0day Inc. <[email protected]>
125 126 127 128 129 |
# File 'lib/pwn/sast/local_storage.rb', line 125 public_class_method def self. "AUTHOR(S): 0day Inc. <[email protected]> " end |
.help ⇒ Object
Display Usage for this Module
133 134 135 136 137 138 139 140 141 142 |
# File 'lib/pwn/sast/local_storage.rb', line 133 public_class_method def self.help puts "USAGE: sast_arr = #{self}.scan( dir_path: 'optional path to dir defaults to .', git_repo_root_uri: 'optional http uri of git repo scanned' ) #{self}.authors " end |
.scan(opts = {}) ⇒ Object
- Supported Method Parameters
-
PWN::SAST::LocalStorage.scan(
dir_path: 'optional path to dir defaults to .' git_repo_root_uri: 'optional http uri of git repo scanned'
)
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
# File 'lib/pwn/sast/local_storage.rb', line 19 public_class_method def self.scan(opts = {}) dir_path = opts[:dir_path] git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub result_arr = [] logger_results = '' PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry| if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i line_no_and_contents_arr = [] entry_beautified = false if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js')) js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED`.to_s.scrub entry = "#{entry}.JS-BEAUTIFIED" entry_beautified = true end test_case_filter = " grep -n \ -e 'localStorage.getItem(' \ -e 'localStorage.setItem(' #{entry} " str = `#{test_case_filter}`.to_s.scrub if str.to_s.empty? # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions) logger_results = "#{logger_results}~" # Catching bugs is good :) else str = "1:Result larger than 64KB -> Size: #{str.to_s.length}. Please click the \"Path\" link for more details." if str.to_s.length >= 64_000 hash_line = { timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s, security_references: security_references, filename: { git_repo_root_uri: git_repo_root_uri, entry: entry }, line_no_and_contents: '', raw_content: str, test_case_filter: test_case_filter } # COMMMENT: Must be a better way to implement this (regex is kinda funky) line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1] line_no_count = line_contents_split.length # This should always be an even number current_count = 0 while line_no_count > current_count line_no = line_contents_split[current_count] contents = line_contents_split[current_count + 1] if Dir.exist?("#{dir_path}/.git") || Dir.exist?('.git') repo_root = dir_path repo_root = '.' if Dir.exist?('.git') = PWN::Plugins::Git.( repo_root: repo_root, from_line: line_no, to_line: line_no, target_file: entry, entry_beautified: entry_beautified ) else = 'N/A' end hash_line[:line_no_and_contents] = line_no_and_contents_arr.push( line_no: line_no, contents: contents, author: ) current_count += 2 end result_arr.push(hash_line) logger_results = "#{logger_results}x" # Seeing progress is good :) end end end = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html" if logger_results.empty? @@logger.info("#{}: No files applicable to this test case.\n") else @@logger.info("#{} => #{logger_results}complete.\n") end result_arr rescue StandardError => e raise e end |
.security_references ⇒ Object
Used primarily to map NIST 800-53 Revision 4 Security Controls web.nvd.nist.gov/view/800-53/Rev4/impact?impactName=HIGH to PWN Exploit & Static Code Anti-Pattern Matching Modules to Determine the level of Testing Coverage w/ PWN.
111 112 113 114 115 116 117 118 119 120 121 |
# File 'lib/pwn/sast/local_storage.rb', line 111 public_class_method def self.security_references { sast_module: self, section: 'MALICIOUS CODE PROTECTION', nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3', cwe_id: '79', cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html' } rescue StandardError => e raise e end |