PWN::Plugins::DefectDojo module - cast comma-delimited string into array #bugfix

Author: ninp0

Gemfile

@@ -19,7 +19,7 @@ gem 'aws-sdk', '3.2.0'
 gem 'barby', '0.6.9'
 gem 'brakeman', '6.1.0'
 gem 'bson', '4.15.0'
-gem 'bundler', '>=2.5.0'
+gem 'bundler', '>=2.5.1'
 gem 'bundler-audit', '0.9.1'
 gem 'bunny', '2.22.0'
 gem 'colorize', '1.1.0'
@@ -54,7 +54,7 @@ gem 'nexpose', '7.3.0'
 gem 'nokogiri', '1.15.5'
 gem 'nokogiri-diff', '0.2.0'
 gem 'oily_png', '1.2.1'
-gem 'open3', '0.2.0'
+gem 'open3', '0.2.1'
 gem 'os', '1.1.4'
 gem 'packetfu', '2.0.0'
 gem 'packetgen', '3.3.0'
@@ -65,7 +65,7 @@ gem 'pry-doc', '1.4.0'
 gem 'rake', '13.1.0'
 gem 'rb-readline', '0.5.5'
 gem 'rbvmomi', '3.0.0'
-gem 'rdoc', '6.6.1'
+gem 'rdoc', '6.6.2'
 gem 'rest-client', '2.1.0'
 gem 'rex', '2.0.13'
 gem 'rmagick', '5.3.0'

README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.4.936]:001 >>> PWN.help
+pwn[v0.4.937]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.936]:001 >>> PWN.help
+pwn[v0.4.937]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.2.2@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.4.936]:001 >>> PWN.help
+pwn[v0.4.937]:001 >>> PWN.help
 ```
 
 

lib/pwn/plugins/defect_dojo.rb

@@ -449,7 +449,7 @@ module DefectDojo
           http_body[:lead] = user_by_username_object.first[:id]
         end
 
-        http_body[:tags] = opts[:tags].to_s.strip.chomp.scrub
+        http_body[:tags] = opts[:tags].to_s.strip.chomp.scrub.gsub("\s,\s", ',').split(',') if opts[:tags]
 
         minimum_severity = opts[:minimum_severity].to_s.strip.chomp.scrub.downcase.capitalize
         case minimum_severity
@@ -555,13 +555,11 @@ module DefectDojo
           end
         end
 
-        tags = opts[:tags].to_s.strip.chomp.scrub
         # TODO: wait for solution to:
         # https://github.com/DefectDojo/django-DefectDojo/issues/457
         # in order to obtain the unique test resource_uri
         # by searching tags for unique identifier (would be better to have a unique test names)
-
-        http_body[:tags] = tags
+        http_body[:tags] = opts[:tags].to_s.strip.chomp.scrub.gsub("\s,\s", ',').split(',') if opts[:tags]
 
         http_body[:test] = opts[:test_resource_uri] if opts[:test_resource_uri]
 

lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.936'
+  VERSION = '0.4.937'
 end