module PWN::SAST::Password

def self.authors

def self.authors
st.pentest@0dayinc.com>

def self.help

def self.help
f}.scan(
optional path to dir defaults to .',
_uri => 'optional http uri of git repo scanned'

def self.scan(opts = {})

def self.scan(opts = {})
ir_path]
= opts[:git_repo_root_uri].to_s.scrub
'
Fu.recurse_dir(dir_path: dir_path) do |entry|
try) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
ntents_arr = []
ed = false
e(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
= `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED`.to_s.scrub
ntry}.JS-BEAUTIFIED"
fied = true
er = %(
(\\s=|=)" \
\s=|=)" \
=|=)" \
:\\s" \
|=)" #{entry}
case_filter}`.to_s.scrub
pty?
gth is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
ts = "#{logger_results}~" # Catching bugs is good :)
ult larger than 64KB -> Size: #{str.to_s.length}.  Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
{
 Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
eferences: security_references,
{ git_repo_root_uri: git_repo_root_uri, entry: entry },
d_contents: '',
t: str,
filter: test_case_filter
Must be a better way to implement this (regex is kinda funky)
s_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
t = line_contents_split.length # This should always be an even number
t = 0
o_count > current_count
line_contents_split[current_count]
 line_contents_split[current_count + 1]
st?("#{dir_path}/.git") ||
st?('.git')
t = dir_path
t = '.' if Dir.exist?('.git')
 PWN::Plugins::Git.get_author(
oot: repo_root,
ine: line_no,
e: line_no,
_file: entry,
beautified: entry_beautified
 'N/A'
:line_no_and_contents] = line_no_and_contents_arr.push(
 line_no,
: contents,
author
unt += 2
ush(hash_line)
ts = "#{logger_results}x" # Seeing progress is good :)
ttp://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
empty?
{logger_banner}: No files applicable to this test case.\n")
{logger_banner} => #{logger_results}complete.\n")

def self.security_references

def self.security_references
f,
TION OF INFORMATION AT REST',
 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-28',
//cwe.mitre.org/data/definitions/540.html'

Class Methods

Defined in

lib/pwn/sast/password.rb