Skip to content

Commit bee33d1

Browse files
ninp0ninp0
authored
Merge pull request #302 from ninp0/master
PWN::Plugins::BlackDuckBinaryAnalysis module - Initial commit (limite…
2 parents 16c49df + 94e622a commit bee33d1

File tree

5 files changed

+228
-3
lines changed

5 files changed

+228
-3
lines changed

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
3737
$ rvm list gemsets
3838
$ gem install --verbose pwn
3939
$ pwn
40-
pwn[v0.4.724]:001 >>> PWN.help
40+
pwn[v0.4.725]:001 >>> PWN.help
4141
```
4242

4343
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
5252
$ gem uninstall --all --executables pwn
5353
$ gem install --verbose pwn
5454
$ pwn
55-
pwn[v0.4.724]:001 >>> PWN.help
55+
pwn[v0.4.725]:001 >>> PWN.help
5656
```
5757

5858

lib/pwn/plugins.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ module Plugins
1111
autoload :BareSIP, 'pwn/plugins/baresip'
1212
autoload :BasicAuth, 'pwn/plugins/basic_auth'
1313
autoload :BeEF, 'pwn/plugins/beef'
14+
autoload :BlackDuckBinaryAnalysis, 'pwn/plugins/black_duck_binary_analysis'
1415
autoload :BurpSuite, 'pwn/plugins/burp_suite'
1516
autoload :BusPirate, 'pwn/plugins/bus_pirate'
1617
autoload :Char, 'pwn/plugins/char'

lib/pwn/plugins/black_duck_binary_analysis.rb

Lines changed: 209 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,209 @@
1+
# frozen_string_literal: true
2+
3+
require 'json'
4+
require 'securerandom'
5+
require 'tty-spinner'
6+
7+
module PWN
8+
module Plugins
9+
# This plugin is used for interacting w/ the Black Duck Binary Analysis
10+
# REST API using the 'rest' browser type of PWN::Plugins::TransparentBrowser.
11+
# This is based on the following Black Duck Binary Analysis API Specification:
12+
# https://protecode-sc.com/help/api
13+
module BlackDuckBinaryAnalysis
14+
# Supported Method Parameters::
15+
# bd_bin_analysis_rest_call(
16+
# token: 'required - Black Duck Binary Analysis API token',
17+
# http_method: 'optional HTTP method (defaults to GET)
18+
# rest_call: 'required rest call to make per the schema',
19+
# params: 'optional params passed in the URI or HTTP Headers',
20+
# http_body: 'optional HTTP body sent in HTTP methods that support it e.g. POST'
21+
# )
22+
23+
private_class_method def self.bd_bin_analysis_rest_call(opts = {})
24+
http_method = if opts[:http_method].nil?
25+
:get
26+
else
27+
opts[:http_method].to_s.scrub.to_sym
28+
end
29+
rest_call = opts[:rest_call].to_s.scrub
30+
params = opts[:params]
31+
http_body = opts[:http_body]
32+
http_body ||= {}
33+
base_bd_bin_analysis_api_uri = 'https://protocode-sc.com/api'
34+
token = opts[:token]
35+
36+
content_type = 'application/json; charset=UTF-8'
37+
38+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
39+
rest_client = browser_obj[:browser]::Request
40+
41+
spinner = TTY::Spinner.new
42+
spinner.auto_spin
43+
44+
case http_method
45+
when :delete
46+
response = rest_client.execute(
47+
method: :delete,
48+
url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
49+
headers: {
50+
content_type: content_type,
51+
authorization: "Bearer #{token}",
52+
params: params
53+
},
54+
verify_ssl: false
55+
)
56+
57+
when :get
58+
response = rest_client.execute(
59+
method: :get,
60+
url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
61+
headers: {
62+
content_type: content_type,
63+
authorization: "Bearer #{token}",
64+
params: params
65+
},
66+
verify_ssl: false
67+
)
68+
69+
when :post
70+
if http_body.key?(:multipart)
71+
response = rest_client.execute(
72+
method: :post,
73+
url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
74+
headers: {
75+
authorization: "Bearer #{token}"
76+
},
77+
payload: http_body,
78+
verify_ssl: false
79+
)
80+
else
81+
response = rest_client.execute(
82+
method: :post,
83+
url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
84+
headers: {
85+
content_type: content_type,
86+
authorization: "Bearer #{token}"
87+
},
88+
payload: http_body.to_json,
89+
verify_ssl: false
90+
)
91+
end
92+
93+
when :put
94+
if http_body.key?(:multipart)
95+
response = rest_client.execute(
96+
method: :put,
97+
url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
98+
headers: {
99+
authorization: "Bearer #{token}"
100+
},
101+
payload: http_body,
102+
verify_ssl: false
103+
)
104+
else
105+
response = rest_client.execute(
106+
method: :post,
107+
url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
108+
headers: {
109+
content_type: content_type,
110+
authorization: "Bearer #{token}"
111+
},
112+
payload: http_body.to_json,
113+
verify_ssl: false
114+
)
115+
end
116+
117+
else
118+
raise @@logger.error("Unsupported HTTP Method #{http_method} for #{self} Plugin")
119+
end
120+
response
121+
rescue StandardError => e
122+
case e.message
123+
when '400 Bad Request', '404 Resource Not Found'
124+
"#{e.message}: #{e.response}"
125+
else
126+
raise e
127+
end
128+
ensure
129+
spinner.stop
130+
end
131+
132+
# Supported Method Parameters::
133+
# response = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
134+
# token: 'required - Bearer token'
135+
# )
136+
137+
public_class_method def self.get_groups(opts = {})
138+
token = opts[:token]
139+
140+
response = bd_bin_analysis_rest_call(
141+
token: token,
142+
rest_call: 'groups'
143+
)
144+
145+
JSON.parse(response, symbolize_names: true)
146+
rescue StandardError => e
147+
raise e
148+
end
149+
150+
# Supported Method Parameters::
151+
# response = PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
152+
# token: 'required - Bearer token',
153+
# file: 'required - file to upload',
154+
# purpose: 'optional - intended purpose of the uploaded documents (defaults to fine-tune'
155+
# )
156+
157+
public_class_method def self.upload_file(opts = {})
158+
token = opts[:token]
159+
file = opts[:file]
160+
raise "ERROR: #{file} not found." unless File.exist?(file)
161+
162+
purpose = opts[:purpose]
163+
purpose ||= 'fine-tune'
164+
165+
http_body = {
166+
multipart: true,
167+
file: File.new(file, 'rb'),
168+
purpose: purpose
169+
}
170+
171+
response = bd_bin_analysis_rest_call(
172+
http_method: :post,
173+
token: token,
174+
rest_call: 'files',
175+
http_body: http_body
176+
)
177+
178+
JSON.parse(response, symbolize_names: true)
179+
rescue StandardError => e
180+
raise e
181+
end
182+
183+
# Author(s):: 0day Inc. <[email protected]>
184+
185+
public_class_method def self.authors
186+
"AUTHOR(S):
187+
0day Inc. <[email protected]>
188+
"
189+
end
190+
191+
# Display Usage for this Module
192+
193+
public_class_method def self.help
194+
puts "USAGE:
195+
response = #{self}.get_groups(
196+
token: 'required - Bearer token'
197+
)
198+
199+
response = #{self}.upload_file(
200+
token: 'required - Black Duck Binary Analysis API token',
201+
file: 'required - file to upload'
202+
)
203+
204+
#{self}.authors
205+
"
206+
end
207+
end
208+
end
209+
end

lib/pwn/version.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# frozen_string_literal: true
22

33
module PWN
4-
VERSION = '0.4.724'
4+
VERSION = '0.4.725'
55
end

spec/lib/pwn/plugins/black_duck_binary_analysis_spec.rb

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
# frozen_string_literal: true
2+
3+
require 'spec_helper'
4+
5+
describe PWN::Plugins::BlackDuckBinaryAnalysis do
6+
it 'should display information for authors' do
7+
authors_response = PWN::Plugins::BlackDuckBinaryAnalysis
8+
expect(authors_response).to respond_to :authors
9+
end
10+
11+
it 'should display information for existing help method' do
12+
help_response = PWN::Plugins::BlackDuckBinaryAnalysis
13+
expect(help_response).to respond_to :help
14+
end
15+
end

0 commit comments

Comments
 (0)