Module: PWN::SAST::PomVersion
- Defined in:
- lib/pwn/sast/pom_version.rb
Overview
SAST Module used to identify the versions of dependent software within source repos to ensure patching requirements for those dependencies can be met.
Class Method Summary collapse
-
.authors ⇒ Object
- Author(s)
-
0day Inc.
-
.help ⇒ Object
Display Usage for this Module.
-
.scan(opts = {}) ⇒ Object
- Supported Method Parameters
-
PWN::SAST::PomVersion.scan( dir_path: ‘optional path to dir defaults to .’ git_repo_root_uri: ‘optional http uri of git repo scanned’ ).
-
.security_references ⇒ Object
Used primarily to map NIST 800-53 Revision 4 Security Controls web.nvd.nist.gov/view/800-53/Rev4/impact?impactName=HIGH to PWN Exploit & Static Code Anti-Pattern Matching Modules to Determine the level of Testing Coverage w/ PWN.
Class Method Details
.authors ⇒ Object
- Author(s)
-
0day Inc. <[email protected]>
141 142 143 144 145 |
# File 'lib/pwn/sast/pom_version.rb', line 141 public_class_method def self. "AUTHOR(S): 0day Inc. <[email protected]> " end |
.help ⇒ Object
Display Usage for this Module
149 150 151 152 153 154 155 156 157 158 |
# File 'lib/pwn/sast/pom_version.rb', line 149 public_class_method def self.help puts "USAGE: sast_arr = #{self}.scan( dir_path: 'optional path to dir defaults to .', git_repo_root_uri: 'optional http uri of git repo scanned' ) #{self}.authors " end |
.scan(opts = {}) ⇒ Object
- Supported Method Parameters
-
PWN::SAST::PomVersion.scan(
dir_path: 'optional path to dir defaults to .' git_repo_root_uri: 'optional http uri of git repo scanned')
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 |
# File 'lib/pwn/sast/pom_version.rb', line 18 public_class_method def self.scan(opts = {}) dir_path = opts[:dir_path] git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub result_arr = [] ai_introspection = PWN::Env[:ai][:introspection] logger_results = "AI Introspection => #{PWN::Env[:ai][:introspecction]} => " PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry| if File.file?(entry) && File.basename(entry) == 'pom.xml' && entry !~ /test/i line_no_and_contents_arr = [] entry_beautified = false if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js')) js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED 2> /dev/null`.to_s.scrub entry = "#{entry}.JS-BEAUTIFIED" entry_beautified = true end test_case_filter = " grep -in -B2 \ -e 'version' {PWN_SAST_SRC_TARGET} 2> /dev/null " str = `#{test_case_filter}`.to_s.scrub if str.to_s.empty? # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions) logger_results = "#{logger_results}~" # Catching bugs is good :) else str = "1:Result larger than 64KB -> Size: #{str.to_s.length}. Please click the \"Path\" link for more details." if str.to_s.length >= 64_000 hash_line = { timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s, security_references: security_references, filename: { git_repo_root_uri: git_repo_root_uri, entry: entry }, line_no_and_contents: '', raw_content: str, test_case_filter: test_case_filter } # COMMMENT: Must be a better way to implement this (regex is kinda funky) multi_line_contents_split = str.split("\n--\n") multi_line_contents_split.each do |this_multi_line_content| line_contents_split = this_multi_line_content.split(/^(\d{1,}):|^(\d{1,})-/)[1..-1] line_no_count = line_contents_split.length # This should always be an even number current_count = 0 while line_no_count > current_count line_no = line_contents_split[current_count] contents = line_contents_split[current_count + 1] if Dir.exist?('.git') repo_root = '.' = PWN::Plugins::Git.( repo_root: repo_root, from_line: line_no, to_line: line_no, target_file: entry, entry_beautified: entry_beautified ) end ||= 'N/A' request = { scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}", line_no: line_no, source_code_snippet: contents }.to_json ai_analysis = PWN::AI::Agent::SAST.analyze( request: request ) ai_analysis ||= 'N/A' hash_line[:line_no_and_contents] = line_no_and_contents_arr.push( line_no: line_no, contents: contents, author: , ai_analysis: ai_analysis ) current_count += 2 end hash_line[:line_no_and_contents] = line_no_and_contents_arr.push( line_no: '--', contents: '--', author: '--' ) end result_arr.push(hash_line) logger_results = "#{logger_results}x" # Seeing progress is good :) end end end = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html" if logger_results.empty? @@logger.info("#{}: No files applicable to this test case.\n") else @@logger.info("#{} => #{logger_results}complete.\n") end result_arr rescue StandardError => e raise e end |
.security_references ⇒ Object
Used primarily to map NIST 800-53 Revision 4 Security Controls web.nvd.nist.gov/view/800-53/Rev4/impact?impactName=HIGH to PWN Exploit & Static Code Anti-Pattern Matching Modules to Determine the level of Testing Coverage w/ PWN.
127 128 129 130 131 132 133 134 135 136 137 |
# File 'lib/pwn/sast/pom_version.rb', line 127 public_class_method def self.security_references { sast_module: self, section: 'VULNERABILITY SCANNING', nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=RA-05', cwe_id: '.0', cwe_uri: 'https://cwe.mitre.org/data/definitions/1104.html' } rescue StandardError => e raise e end |