Merge pull request #709 from ninp0/master

ninp0 · web-flow · commit f864d0237213 · 2025-05-06T12:18:16.000-06:00
All modules within `PWN::SAST` namespace - update NIST 800-53 URI val…
diff --git a/README.md b/README.md
@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.272]:001 >>> PWN.help
+pwn[v0.5.273]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.1@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.272]:001 >>> PWN.help
+pwn[v0.5.273]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.1@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.272]:001 >>> PWN.help
+pwn[v0.5.273]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
diff --git a/lib/pwn/sast/csrf.rb b/lib/pwn/sast/csrf.rb
@@ -109,7 +109,7 @@ module CSRF
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-3',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-03',
           cwe_id: '352',
           cwe_uri: 'https://cwe.mitre.org/data/definitions/352.html'
         }
diff --git a/lib/pwn/sast/emoticon.rb b/lib/pwn/sast/emoticon.rb
@@ -118,7 +118,7 @@ module Emoticon
         {
           sast_module: self,
           section: 'LEAST PRIVILEGE',
-          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=AC-6',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=AC-06',
           cwe_id: '546',
           cwe_uri: 'https://cwe.mitre.org/data/definitions/546.html'
         }
diff --git a/lib/pwn/sast/eval.rb b/lib/pwn/sast/eval.rb
@@ -111,7 +111,7 @@ module Eval
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-3',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-03',
           cwe_id: '95',
           cwe_uri: 'https://cwe.mitre.org/data/definitions/95.html'
         }
diff --git a/lib/pwn/sast/inner_html.rb b/lib/pwn/sast/inner_html.rb
@@ -111,7 +111,7 @@ module InnerHTML
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-3',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-03',
           cwe_id: '79',
           cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'
         }
diff --git a/lib/pwn/sast/local_storage.rb b/lib/pwn/sast/local_storage.rb
@@ -112,7 +112,7 @@ module LocalStorage
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-3',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-03',
           cwe_id: '79',
           cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'
         }
diff --git a/lib/pwn/sast/location_hash.rb b/lib/pwn/sast/location_hash.rb
@@ -111,7 +111,7 @@ module LocationHash
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-3',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-03',
           cwe_id: '79',
           cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'
         }
diff --git a/lib/pwn/sast/outer_html.rb b/lib/pwn/sast/outer_html.rb
@@ -111,7 +111,7 @@ module OuterHTML
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-3',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-03',
           cwe_id: '79',
           cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'
         }
diff --git a/lib/pwn/sast/pom_version.rb b/lib/pwn/sast/pom_version.rb
@@ -119,7 +119,7 @@ module PomVersion
         {
           sast_module: self,
           section: 'VULNERABILITY SCANNING',
-          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=RA-5',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=RA-05',
           cwe_id: '.0',
           cwe_uri: 'https://cwe.mitre.org/data/definitions/1104.html'
         }
diff --git a/lib/pwn/sast/port.rb b/lib/pwn/sast/port.rb
@@ -117,7 +117,7 @@ module Port
         {
           sast_module: self,
           section: 'TRANSMISSION CONFIDENTIALITY AND INTEGRITY',
-          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SC-8',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SC-08',
           cwe_id: '319',
           cwe_uri: 'https://cwe.mitre.org/data/definitions/319.html'
         }
diff --git a/lib/pwn/sast/post_message.rb b/lib/pwn/sast/post_message.rb
@@ -111,7 +111,7 @@ module PostMessage
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-3',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-03',
           cwe_id: '79',
           cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'
         }
diff --git a/lib/pwn/sast/private_key.rb b/lib/pwn/sast/private_key.rb
@@ -110,7 +110,7 @@ module PrivateKey
         {
           sast_module: self,
           section: 'CRYPTOGRAPHIC MODULE AUTHENTICATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=IA-7',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=IA-07',
           cwe_id: '321',
           cwe_uri: 'https://cwe.mitre.org/data/definitions/321.html'
         }
diff --git a/lib/pwn/sast/redirect.rb b/lib/pwn/sast/redirect.rb
@@ -112,7 +112,7 @@ module Redirect
         {
           sast_module: self,
           section: 'LEAST PRIVILEGE',
-          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=AC-6',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=AC-06',
           cwe_id: '601',
           cwe_uri: 'https://cwe.mitre.org/data/definitions/601.html'
         }
diff --git a/lib/pwn/sast/sudo.rb b/lib/pwn/sast/sudo.rb
@@ -110,7 +110,7 @@ module Sudo
         {
           sast_module: self,
           section: 'LEAST PRIVILEGE',
-          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=AC-6',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=AC-06',
           cwe_id: '250',
           cwe_uri: 'https://cwe.mitre.org/data/definitions/250.html'
         }
diff --git a/lib/pwn/sast/task_tag.rb b/lib/pwn/sast/task_tag.rb
@@ -124,7 +124,7 @@ module TaskTag
         {
           sast_module: self,
           section: 'LEAST PRIVILEGE',
-          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=AC-6',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=AC-06',
           cwe_id: '546',
           cwe_uri: 'https://cwe.mitre.org/data/definitions/546.html'
         }
diff --git a/lib/pwn/sast/token.rb b/lib/pwn/sast/token.rb
@@ -112,7 +112,7 @@ module Token
         {
           sast_module: self,
           section: 'CRYPTOGRAPHIC MODULE AUTHENTICATION',
-          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=IA-7',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=IA-07',
           cwe_id: '798',
           cwe_uri: 'https://cwe.mitre.org/data/definitions/798.html'
         }
diff --git a/lib/pwn/sast/version.rb b/lib/pwn/sast/version.rb
@@ -111,7 +111,7 @@ module Version
         {
           sast_module: self,
           section: 'VULNERABILITY SCANNING',
-          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=RA-5',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=RA-05',
           cwe_id: '672',
           cwe_uri: 'https://cwe.mitre.org/data/definitions/672.html'
         }
diff --git a/lib/pwn/sast/window_location_hash.rb b/lib/pwn/sast/window_location_hash.rb
@@ -110,7 +110,7 @@ module WindowLocationHash
         {
           sast_module: self,
           section: 'MALICIOUS CODE PROTECTION',
-          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-3',
+          nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-03',
           cwe_id: '79',
           cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'
         }
diff --git a/lib/pwn/version.rb b/lib/pwn/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.272'
+  VERSION = '0.5.273'
 end

Original file line number	Diff line number	Diff line change
`@@ -109,7 +109,7 @@ module CSRF`
`109`	`109`	`{`
`110`	`110`	`sast_module: self,`
`111`	`111`	`section: 'MALICIOUS CODE PROTECTION',`
`112`		`- nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-3',`
	`112`	`+ nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-03',`
`113`	`113`	`cwe_id: '352',`
`114`	`114`	`cwe_uri: 'https://cwe.mitre.org/data/definitions/352.html'`
`115`	`115`	`}`
Original file line number	Diff line number	Diff line change
`@@ -118,7 +118,7 @@ module Emoticon`
`118`	`118`	`{`
`119`	`119`	`sast_module: self,`
`120`	`120`	`section: 'LEAST PRIVILEGE',`
`121`		`- nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=AC-6',`
	`121`	`+ nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=AC-06',`
`122`	`122`	`cwe_id: '546',`
`123`	`123`	`cwe_uri: 'https://cwe.mitre.org/data/definitions/546.html'`
`124`	`124`	`}`
Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,7 @@ module Eval`
`111`	`111`	`{`
`112`	`112`	`sast_module: self,`
`113`	`113`	`section: 'MALICIOUS CODE PROTECTION',`
`114`		`- nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-3',`
	`114`	`+ nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-03',`
`115`	`115`	`cwe_id: '95',`
`116`	`116`	`cwe_uri: 'https://cwe.mitre.org/data/definitions/95.html'`
`117`	`117`	`}`
Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,7 @@ module InnerHTML`
`111`	`111`	`{`
`112`	`112`	`sast_module: self,`
`113`	`113`	`section: 'MALICIOUS CODE PROTECTION',`
`114`		`- nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-3',`
	`114`	`+ nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-03',`
`115`	`115`	`cwe_id: '79',`
`116`	`116`	`cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'`
`117`	`117`	`}`
Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,7 @@ module LocalStorage`
`112`	`112`	`{`
`113`	`113`	`sast_module: self,`
`114`	`114`	`section: 'MALICIOUS CODE PROTECTION',`
`115`		`- nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-3',`
	`115`	`+ nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-03',`
`116`	`116`	`cwe_id: '79',`
`117`	`117`	`cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'`
`118`	`118`	`}`
Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,7 @@ module LocationHash`
`111`	`111`	`{`
`112`	`112`	`sast_module: self,`
`113`	`113`	`section: 'MALICIOUS CODE PROTECTION',`
`114`		`- nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-3',`
	`114`	`+ nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-03',`
`115`	`115`	`cwe_id: '79',`
`116`	`116`	`cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'`
`117`	`117`	`}`
Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,7 @@ module OuterHTML`
`111`	`111`	`{`
`112`	`112`	`sast_module: self,`
`113`	`113`	`section: 'MALICIOUS CODE PROTECTION',`
`114`		`- nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-3',`
	`114`	`+ nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI-03',`
`115`	`115`	`cwe_id: '79',`
`116`	`116`	`cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'`
`117`	`117`	`}`
Original file line number	Diff line number	Diff line change
`@@ -119,7 +119,7 @@ module PomVersion`
`119`	`119`	`{`
`120`	`120`	`sast_module: self,`
`121`	`121`	`section: 'VULNERABILITY SCANNING',`
`122`		`- nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=RA-5',`
	`122`	`+ nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=RA-05',`
`123`	`123`	`cwe_id: '.0',`
`124`	`124`	`cwe_uri: 'https://cwe.mitre.org/data/definitions/1104.html'`
`125`	`125`	`}`
Original file line number	Diff line number	Diff line change
`@@ -117,7 +117,7 @@ module Port`
`117`	`117`	`{`
`118`	`118`	`sast_module: self,`
`119`	`119`	`section: 'TRANSMISSION CONFIDENTIALITY AND INTEGRITY',`
`120`		`- nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SC-8',`
	`120`	`+ nist_800_53_uri: 'https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SC-08',`
`121`	`121`	`cwe_id: '319',`
`122`	`122`	`cwe_uri: 'https://cwe.mitre.org/data/definitions/319.html'`
`123`	`123`	`}`