module PWN::Plugins::BlackDuckBinaryAnalysis

def self.abort_product_scan(opts = {})
n]
:product_id]
analysis_rest_call(
st,
uct/#{product_id}/abort"
e, symbolize_names: true)
 => e

def self.authors
st.pentest@0dayinc.com>

def self.bd_bin_analysis_rest_call(opts = {})
]
ts[:http_method].nil?
t
s[:http_method].to_s.scrub.to_sym
est_call].to_s.scrub
ms]
p_headers]
plication/json; charset=UTF-8',
earer #{token}"
ttp_body]
s_api_uri = 'https://protecode-sc.com/api'
Plugins::TransparentBrowser.open(browser_type: :rest)
er_obj[:browser]::Request
ner.new
s = 3
s ||= 1
= params
lient.execute(
thod,
_bin_analysis_api_uri}/#{rest_call}",
s,
se,
?(Hash)
y?(:raw)
ent_type] = nil
ttp_body[:file]
.key?(:multipart)
ent_type] = 'multipart/form-data'
ttp_body.to_json
lient.execute(
thod,
_bin_analysis_api_uri}/#{rest_call}",
s,
ody,
se,
ror("Unsupported HTTP Method #{http_method} for #{self} Plugin")
ceptionWithResponse => e
SE CODE: #{e.response.code}"
SE HEADERS:\n#{e.response.headers}"
SE BODY:\n#{e.response.body.inspect}\n\n\n"
or => e
est_attempts == max_request_attempts
ion Unavailable."
t_request_attempts} of #{max_request_attempts}) in 60s"
s += 1
=> e
st', '404 Resource Not Found'
e.response}"
 spinner.nil?

def self.create_group(opts = {})
n]


parent_id]
ts[:delete_binary] ||= 'C'
 = opts[:binary_cleanup_age] ||= 2_592_000
e = opts[:product_cleanup_age] ||= 2_592_000
led = opts[:file_download_enabled] ||= false
 = opts[:low_risk_tolerance]
_vulns = opts[:include_historical_vulns]
pts[:cvss3_fallback]
sion_as_latest = opts[:assume_unknown_version_as_latest]
[:custom_data] ||= {}
ts[:scan_infoleak]
ts[:code_analysis]
ty = opts[:scan_code_similarity]
Bearer #{token}",
c,
d,
ter_scan: delete_binary,
ge: binary_cleanup_age,
age: product_cleanup_age,
abled: file_download_enabled,
ce: low_risk_tolerance,
al_vulnerabilities: include_historical_vulns,
cvss3_fallback,
ersion_as_latest: assume_unknown_version_as_latest,
tom_data,
can_infoleak,
ode_analysis,
rity: scan_code_similarity
analysis_rest_call(
st,
ps',
tp_headers
e, symbolize_names: true)
 => e

def self.delete_group(opts = {})
n]
roup_id]
analysis_rest_call(
lete,
ps/#{group_id}"
e, symbolize_names: true)
 => e

def self.generate_product_report(opts = {})
n]
:product_id]
[:output_path]
 ||= :csv_vulns
ncase.to_sym
duct/#{product_id}/csv-libs"
duct/#{product_id}/csv-vulns"
duct/#{product_id}/pdf-report"
valid report type #{type}"
analysis_rest_call(
call
path, response.body)
 => e

def self.get_apps(opts = {})
n]
analysis_rest_call(
'
e, symbolize_names: true)
 => e

def self.get_apps_by_group(opts = {})
n]
roup_id]
analysis_rest_call(
/#{group_id}"
e, symbolize_names: true)
 => e

def self.get_audit_trail(opts = {})
n]
analysis_rest_call(
t-trail'
e, symbolize_names: true)
 => e

def self.get_component_licenses(opts = {})
n]
analysis_rest_call(
onent-licenses'
e, symbolize_names: true)
 => e

def self.get_components(opts = {})
n]
analysis_rest_call(
onents'
e, symbolize_names: true)
 => e

def self.get_group_details(opts = {})
n]
roup_id]
analysis_rest_call(
ps/#{group_id}"
e, symbolize_names: true)
 => e

def self.get_group_statistics(opts = {})
n]
roup_id]
analysis_rest_call(
ps/#{group_id}/statistics"
e, symbolize_names: true)
 => e

def self.get_groups(opts = {})
n]
analysis_rest_call(
ps'
e, symbolize_names: true)
 => e

def self.get_licenses(opts = {})
n]
analysis_rest_call(
nses'
e, symbolize_names: true)
 => e

def self.get_product(opts = {})
n]
:product_id]
analysis_rest_call(
uct/#{product_id}"
e, symbolize_names: true)
 => e

def self.get_service_info(opts = {})
n]
analysis_rest_call(
ice/info'
e, symbolize_names: true)
 => e

def self.get_service_version(opts = {})
n]
analysis_rest_call(
ice/version'
e, symbolize_names: true)
 => e

def self.get_status(opts = {})
n]
analysis_rest_call(
us'
e, symbolize_names: true)
 => e

def self.get_tags(opts = {})
n]
analysis_rest_call(
'
e, symbolize_names: true)
 => e

def self.get_tasks(opts = {})
n]
analysis_rest_call(
s'
e, symbolize_names: true)
 => e

def self.get_vendor_vulns(opts = {})
n]
analysis_rest_call(
her/api/vulns'
e, symbolize_names: true)
 => e

def self.get_vulnerabilities(opts = {})
n]
analysis_rest_call(
erabilities'
e, symbolize_names: true)
 => e

def self.help
f}.get_apps(
ed - Bearer token'
Plugins::BlackDuckBinaryAnalysis.upload_file(
ed - Bearer token',
d - path of file to upload',
ional - group id',
 'optional - delete binary after upload (defaults to false)',
ptional - force scan (defaults to false)',
'optional - callback url',
 'optional - scan infoleak (defaults to true)',
 'optional - code analysis (defaults to true)',
liarity: 'optional - scan code familiarity (defaults to true)',
onal - version',
ptional - product id'
f}.get_product(
ed - Bearer token',
equired - product id'
f}.abort_product_scan(
ed - Bearer token',
equired - product id'
f}.generate_product_report(
ed - Bearer token',
equired - product id',
required - path to output file',
l - report type csv_libs||csv_vulns|pdf (Defaults to csv_vulns)'
f}.get_tasks(
ed - Bearer token'
f}.get_apps_by_group(
ed - Bearer token',
uired - group id'
f}.get_groups(
ed - Bearer token'
f}.create_group(
ed - Bearer token',
d - group name',
l - group description',
tional - parent_id group id',
 'optional - delete binary after analysis C|Y|N (Default: C== company default)',
_age: 'optional - after how long the binary will be deleted in seconds (Default: 2_592_000 / 30 days)',
p_age: 'optional - after how long the product will be deleted in seconds (Default: 2_592_000 / 30 days)',
enabled: 'optional - allow download of uploaded binaries from group (Default: false),
ance: 'optional - low risk tolerance nil|true|false (Default: nil == company default)',
ical_vulns: 'optional - include historical vulns nil|true|false (Default: nil == company default)',
: 'optional - cvss3 fallback nil|true|false (Default: nil == company default)',
_version_as_latest: 'optional - assume unknown version as latest nil|true|false (Default: nil == company default)',
optional - custom data hash (Default: {}, see group metadata for details)',
 'optional - scan infoleak nil|true|false (Default: nil == company default)',
 'optional - code analysis nil|true|false (Default: nil == company default)',
larity: 'optional - scan code similarity nil|true|false (Default: nil == company default)'
f}.get_group_details(
ed - Bearer token',
uired - group id'
f}.get_group_statistics(
ed - Bearer token',
uired - group id'
f}.delete_group(
ed - Bearer token',
uired - group id'
f}.get_licenses(
ed - Bearer token'
f}.get_component_licenses(
ed - Bearer token'
f}.get_tags(
ed - Bearer token'
f}.get_vulnerabilities(
ed - Bearer token'
f}.get_components(
ed - Bearer token'
f}.get_vendor_vulns(
ed - Bearer token'
f}.get_audit_trail(
ed - Bearer token'
f}.get_status(
ed - Bearer token'
f}.get_service_info(
ed - Bearer token'
f}.get_service_version(
ed - Bearer token'

def self.upload_file(opts = {})
n]

le} not found." unless File.exist?(file)
asename(file)
roup_id]
ue if opts[:delete_binary] ||= false
if opts[:force_scan] ||= false
s[:callback_url]
lse if opts[:scan_infoleak] ||= true
lse if opts[:code_analysis] ||= true
ity = false if opts[:scan_code_familiarity] ||= false
rsion]
:product_id]
Bearer #{token}",
elete_binary,
e_scan,

ck_url,
can_infoleak,
ode_analysis,
arity: scan_code_familiarity,
,
_id
e,
(file, 'rb')
ad(file)
analysis_rest_call(
t,
ad/#{CGI.escape_uri_component(file_name)}",
tp_headers,
body
e, symbolize_names: true)
 => e