RubyGems - hackerone-client - Versions diffs - 0.1.1 → 0.2.0 - Mend

hackerone-client 0.1.1 → 0.2.0

Files changed (7) hide show

checksums.yaml +4 -4
data/fixtures/vcr_cassettes/add_report_reference.yml +78 -0
data/fixtures/vcr_cassettes/missing_report.yml +141 -2
data/fixtures/vcr_cassettes/stage_change.yml +79 -0
data/lib/hackerone/client.rb +95 -4
data/lib/hackerone/client/version.rb +1 -1
metadata +4 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5a8c5920dd2fbc7effbbeb896aef7fbb300c2652
-  data.tar.gz: 1527aeec85b20f74364d5616621c78d4f878cd86
+  metadata.gz: ebb425c241793e7a304c86e2432a9cd8c1fbfa4c
+  data.tar.gz: ef459ac5cab769b0ab7ee5ccc012f74c1492a37a
 SHA512:
-  metadata.gz: 386da678af280aab7fc4aff32a47a702f7339969b78fb3ba4d6bffd129eb3bbfb989e302f833fa32577de52bda46d20477f435292063b36a20864ccf5debd1ab
-  data.tar.gz: 0c0520cb9da4b1dc160de2d9df8b283ae6dd8d8b9d8c8dda2202e08dd0327c96164aa0a2eaed3d333bb543b4d57f8f5925bb8baff443d4f67ed812280287403b
+  metadata.gz: 7ae32de2ce5143b8b694a72434057e9d991422f0e374dda94c0f6a26f3b9ef8c8a12b14938bab7e2f5023c890b944dccc55bc6e73ea67bfc26cd01106e1bfe27
+  data.tar.gz: c179d3c6ac1e2ca293126ebcdf9d5a7d731e069f9b209edcc5fc93ac154cdb11763835abca01447de94cf694e8eb4bf741b24997e0772df8e587d367b1e9410c

data/fixtures/vcr_cassettes/add_report_reference.yml ADDED Viewed

@@ -0,0 +1,78 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.hackerone.com/v1/reports/132170/issue_tracker_reference_id
+    body:
+      encoding: UTF-8
+      string: '{"data":{"type":"issue-tracker-reference-id","attributes":{"reference":"fooooo"}}}'
+    headers:
+      Authorization:
+      - Basic nope
+      User-Agent:
+      - Faraday v0.11.0
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Date:
+      - Thu, 16 Mar 2017 20:21:44 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Set-Cookie:
+      - __cfduid=d4b57ca8890f7f0e1428003db73c2a8f41489695704; expires=Fri, 16-Mar-18
+        20:21:44 GMT; path=/; Domain=api.hackerone.com; HttpOnly
+      X-Request-Id:
+      - 2c20eb84-1d41-48c2-a64a-6fffd601dce9
+      Etag:
+      - W/"e6e4cf756fbd434e3375eec1c1256611"
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Strict-Transport-Security:
+      - max-age=31536000; includeSubDomains; preload
+      Content-Security-Policy:
+      - default-src 'none'; connect-src 'self' www.google-analytics.com errors.hackerone.net;
+        font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'
+        'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598
+      X-Content-Type-Options:
+      - nosniff
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - DENY
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Xss-Protection:
+      - 1; mode=block
+      Public-Key-Pins-Report-Only:
+      - pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
+        pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
+        pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
+        pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
+        report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
+      Server:
+      - cloudflare-nginx
+      Cf-Ray:
+      - 340a6ba9fa5653a8-LAX
+    body:
+      encoding: ASCII-8BIT
+      string: '{"relationships":{"report":{"data":{"id":"132170","type":"report","attributes":{"title":"ssss","state":"triaged","created_at":"2016-04-18T22:24:50.065Z","vulnerability_information":"sssss","triaged_at":"2017-03-16T19:53:49.939Z","closed_at":null,"last_reporter_activity_at":"2016-04-18T22:24:50.118Z","first_program_activity_at":"2017-03-16T18:36:40.650Z","last_program_activity_at":"2017-03-16T19:53:49.939Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"last_activity_at":"2017-03-16T19:53:49.939Z","issue_tracker_reference_id":"fooooo"},"relationships":{"reporter":{"data":{"id":"57690","type":"user","attributes":{"username":"ndm-github","name":"Neil
+        Matatall","disabled":false,"created_at":"2016-02-24T01:33:01.258Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/production/000/057/690/1e0c9ef6fc8bcc17806ae82e6f73cdd4d0e74eb9_small.jpg?1469554487","82x82":"https://profile-photos.hackerone-user-content.com/production/000/057/690/f6a17c40a6c910ba801014d1498b55727ea858e3_medium.jpg?1469554487","110x110":"https://profile-photos.hackerone-user-content.com/production/000/057/690/2259dde15230756d99f68a9ca824af11081ab965_large.jpg?1469554487","260x260":"https://profile-photos.hackerone-user-content.com/production/000/057/690/6d2da33805fef8b8ac4cf513e1562699e79365e0_xtralarge.jpg?1469554487"}}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github-test","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2016-09-20T14:54:15.448Z"}}},"swag":{"data":[]},"attachments":{"data":[]},"vulnerability_types":{"data":[{"id":"107921","type":"vulnerability-type","attributes":{"name":"Cross-Site
+        Scripting (XSS)","description":"Failure of a site to validate, filter, or
+        encode user input before returning it to another user''s web client.\n","created_at":"2016-04-15T17:10:39.169Z"}}]},"activities":{"data":[{"type":"activity-reference-id-added","id":"1546419","attributes":{"message":"","created_at":"2017-03-16T20:21:44.883Z","updated_at":"2017-03-16T20:21:44.883Z","internal":true,"reference":"fooooo","reference_url":null},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}},{"type":"activity-bug-triaged","id":"1546376","attributes":{"message":"This
+        is has been triaged internally.","created_at":"2017-03-16T19:53:49.939Z","updated_at":"2017-03-16T19:53:49.939Z","internal":false},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}},{"type":"activity-reference-id-added","id":"1546123","attributes":{"message":"","created_at":"2017-03-16T18:36:49.045Z","updated_at":"2017-03-16T18:36:49.045Z","internal":true,"reference":"3476","reference_url":null},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}},{"type":"activity-bug-needs-more-info","id":"1546120","attributes":{"message":"This
+        is has been triaged internally.","created_at":"2017-03-16T18:36:40.650Z","updated_at":"2017-03-16T18:36:40.650Z","internal":false},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}}]},"bounties":{"data":[]},"summaries":{"data":[]}}}}}}'
+    http_version:
+  recorded_at: Thu, 16 Mar 2017 20:21:45 GMT
+recorded_with: VCR 3.0.3

data/fixtures/vcr_cassettes/missing_report.yml CHANGED Viewed

@@ -29,8 +29,8 @@ http_interactions:
       Connection:
       - keep-alive
       Set-Cookie:
-      - __cfduid=123; expires=Thu, 15-Feb-18
-        01:01:17 GMT; path=/; Domain=api.hackerone.com; HttpOnly
+      - __cfduid=123; expires=Thu, 15-Feb-18 01:01:17 GMT; path=/; Domain=api.hackerone.com;
+        HttpOnly
       X-Request-Id:
       - 21757437-7a32-4560-af4a-885b09f20381
       Cache-Control:
@@ -66,4 +66,143 @@ http_interactions:
       string: '{"errors":[{"status":403}]}'
     http_version:
   recorded_at: Wed, 15 Feb 2017 01:01:18 GMT
+- request:
+    method: post
+    uri: https://api.hackerone.com/v1/reports/4040000000000000/state_changes
+    body:
+      encoding: UTF-8
+      string: '{"data":{"type":"state-change","attributes":{"message":"This is has
+        been triaged internally.","state":"triaged"}}}'
+    headers:
+      Authorization:
+      - Basic nope
+      User-Agent:
+      - Faraday v0.11.0
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 400
+      message: Bad Request
+    headers:
+      Date:
+      - Thu, 16 Mar 2017 20:06:07 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Set-Cookie:
+      - __cfduid=d5e022e1aea468d8848bf0720edab1cae1489694766; expires=Fri, 16-Mar-18
+        20:06:06 GMT; path=/; Domain=api.hackerone.com; HttpOnly
+      X-Request-Id:
+      - 73b52183-e64f-45db-bcc4-11d46a021364
+      Cache-Control:
+      - no-cache
+      Strict-Transport-Security:
+      - max-age=31536000; includeSubDomains; preload
+      Content-Security-Policy:
+      - default-src 'none'; connect-src 'self' www.google-analytics.com errors.hackerone.net;
+        font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'
+        'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598
+      X-Content-Type-Options:
+      - nosniff
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - DENY
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Xss-Protection:
+      - 1; mode=block
+      Public-Key-Pins-Report-Only:
+      - pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
+        pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
+        pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
+        pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
+        report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
+      Server:
+      - cloudflare-nginx
+      Cf-Ray:
+      - 340a54c4fbc92240-LAX
+    body:
+      encoding: UTF-8
+      string: '{"errors":[{"status":400,"title":"Invalid Parameter","detail":"The
+        parameter ''report_id'' is invalid.","source":{"parameter":"report_id"}}]}'
+    http_version:
+  recorded_at: Thu, 16 Mar 2017 20:06:07 GMT
+- request:
+    method: post
+    uri: https://api.hackerone.com/v1/reports/4040000000000000/issue_tracker_reference_id
+    body:
+      encoding: UTF-8
+      string: '{"data":{"type":"issue-tracker-reference-id","attributes":{"reference":"fooooo"}}}'
+    headers:
+      Authorization:
+      - Basic nope
+      User-Agent:
+      - Faraday v0.11.0
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 400
+      message: Bad Request
+    headers:
+      Date:
+      - Thu, 16 Mar 2017 20:23:27 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Set-Cookie:
+      - __cfduid=d937ff918b1e20c9491cb8b44ba307c1d1489695807; expires=Fri, 16-Mar-18
+        20:23:27 GMT; path=/; Domain=api.hackerone.com; HttpOnly
+      X-Request-Id:
+      - 80d19f89-5fc0-412a-b30a-6caaad350d0c
+      Cache-Control:
+      - no-cache
+      Strict-Transport-Security:
+      - max-age=31536000; includeSubDomains; preload
+      Content-Security-Policy:
+      - default-src 'none'; connect-src 'self' www.google-analytics.com errors.hackerone.net;
+        font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'
+        'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598
+      X-Content-Type-Options:
+      - nosniff
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - DENY
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Xss-Protection:
+      - 1; mode=block
+      Public-Key-Pins-Report-Only:
+      - pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
+        pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
+        pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
+        pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
+        report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
+      Server:
+      - cloudflare-nginx
+      Cf-Ray:
+      - 340a6e2b3a0522c4-LAX
+    body:
+      encoding: UTF-8
+      string: '{"errors":[{"status":400,"title":"Invalid Parameter","detail":"The
+        parameter ''report_id'' is invalid.","source":{"parameter":"report_id"}}]}'
+    http_version:
+  recorded_at: Thu, 16 Mar 2017 20:23:27 GMT
 recorded_with: VCR 3.0.3

data/fixtures/vcr_cassettes/stage_change.yml ADDED Viewed

@@ -0,0 +1,79 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.hackerone.com/v1/reports/132170/state_changes
+    body:
+      encoding: UTF-8
+      string: '{"data":{"type":"state-change","attributes":{"message":"This is has
+        been triaged internally.","state":"triaged"}}}'
+    headers:
+      Authorization:
+      - Basic nope
+      User-Agent:
+      - Faraday v0.11.0
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 201
+      message: Created
+    headers:
+      Date:
+      - Thu, 16 Mar 2017 19:53:50 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Set-Cookie:
+      - __cfduid=d6abf05e4448cfd8e6f406e1fb105f1911489694029; expires=Fri, 16-Mar-18
+        19:53:49 GMT; path=/; Domain=api.hackerone.com; HttpOnly
+      X-Request-Id:
+      - cd191af9-7666-4ed1-8a52-8a1305e29f5e
+      Etag:
+      - W/"ec64e6720b3ad3ce4838299e5a951f99"
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Strict-Transport-Security:
+      - max-age=31536000; includeSubDomains; preload
+      Content-Security-Policy:
+      - default-src 'none'; connect-src 'self' www.google-analytics.com errors.hackerone.net;
+        font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'
+        'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598
+      X-Content-Type-Options:
+      - nosniff
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - DENY
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Xss-Protection:
+      - 1; mode=block
+      Public-Key-Pins-Report-Only:
+      - pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
+        pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
+        pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
+        pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
+        report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
+      Server:
+      - cloudflare-nginx
+      Cf-Ray:
+      - 340a42c58e9553de-LAX
+    body:
+      encoding: UTF-8
+      string: '{"data":{"id":"132170","type":"report","attributes":{"title":"ssss","state":"triaged","created_at":"2016-04-18T22:24:50.065Z","vulnerability_information":"sssss","triaged_at":"2017-03-16T19:53:49.939Z","closed_at":null,"last_reporter_activity_at":"2016-04-18T22:24:50.118Z","first_program_activity_at":"2017-03-16T18:36:40.650Z","last_program_activity_at":"2017-03-16T19:53:49.939Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"last_activity_at":"2017-03-16T19:53:49.939Z","issue_tracker_reference_id":"3476"},"relationships":{"reporter":{"data":{"id":"57690","type":"user","attributes":{"username":"ndm-github","name":"Neil
+        Matatall","disabled":false,"created_at":"2016-02-24T01:33:01.258Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/production/000/057/690/1e0c9ef6fc8bcc17806ae82e6f73cdd4d0e74eb9_small.jpg?1469554487","82x82":"https://profile-photos.hackerone-user-content.com/production/000/057/690/f6a17c40a6c910ba801014d1498b55727ea858e3_medium.jpg?1469554487","110x110":"https://profile-photos.hackerone-user-content.com/production/000/057/690/2259dde15230756d99f68a9ca824af11081ab965_large.jpg?1469554487","260x260":"https://profile-photos.hackerone-user-content.com/production/000/057/690/6d2da33805fef8b8ac4cf513e1562699e79365e0_xtralarge.jpg?1469554487"}}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github-test","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2016-09-20T14:54:15.448Z"}}},"swag":{"data":[]},"attachments":{"data":[]},"vulnerability_types":{"data":[{"id":"107921","type":"vulnerability-type","attributes":{"name":"Cross-Site
+        Scripting (XSS)","description":"Failure of a site to validate, filter, or
+        encode user input before returning it to another user''s web client.\n","created_at":"2016-04-15T17:10:39.169Z"}}]},"activities":{"data":[{"type":"activity-bug-triaged","id":"1546376","attributes":{"message":"This
+        is has been triaged internally.","created_at":"2017-03-16T19:53:49.939Z","updated_at":"2017-03-16T19:53:49.939Z","internal":false},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}},{"type":"activity-reference-id-added","id":"1546123","attributes":{"message":"","created_at":"2017-03-16T18:36:49.045Z","updated_at":"2017-03-16T18:36:49.045Z","internal":true,"reference":"3476","reference_url":null},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}},{"type":"activity-bug-needs-more-info","id":"1546120","attributes":{"message":"This
+        is has been triaged internally.","created_at":"2017-03-16T18:36:40.650Z","updated_at":"2017-03-16T18:36:40.650Z","internal":false},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}}]},"bounties":{"data":[]},"summaries":{"data":[]}}}}'
+    http_version:
+  recorded_at: Thu, 16 Mar 2017 19:53:50 GMT
+recorded_with: VCR 3.0.3

data/lib/hackerone/client.rb CHANGED Viewed

@@ -12,6 +12,17 @@ module HackerOne
     DEFAULT_HIGH_RANGE = 2500...4999
     DEFAULT_CRITICAL_RANGE = 5000...100_000_000
+    STATES = %w(
+      new
+      triaged
+      needs-more-info
+      resolved
+      not-applicable
+      informative
+      duplicate
+      spam
+    ).map(&:to_sym)
     class << self
       ATTRS = [:low_range, :medium_range, :high_range, :critical_range].freeze
       attr_accessor :program
@@ -61,6 +72,60 @@ module HackerOne
         end
       end
+      ## Idempotent: add the issue reference and put the report into the "triage" state.
+      #
+      # id: the ID of the report
+      # state: value for the reference (e.g. issue number or relative path to cross-repo issue)
+      #
+      # returns an HackerOne::Client::Report object or raises an error if
+      # no report is found.
+      def triage(id, reference)
+        add_report_reference(id, reference)
+        state_change(id, :triaged)
+      end
+      ## Idempotent: Add a report reference to a project
+      #
+      # id: the ID of the report
+      # state: value for the reference (e.g. issue number or relative path to cross-repo issue)
+      #
+      # returns an HackerOne::Client::Report object or raises an error if
+      # no report is found.
+      def add_report_reference(id, reference)
+        body = {
+          data: {
+            type: "issue-tracker-reference-id",
+            attributes: {
+              reference: reference
+            }
+          }
+        }
+        post("reports/#{id}/issue_tracker_reference_id", body)
+      end
+      ## Idempotent: change the state of a report. See STATES for valid values.
+      #
+      # id: the ID of the report
+      # state: the state in which the report is to be put in
+      #
+      # returns an HackerOne::Client::Report object or raises an error if
+      # no report is found.
+      def state_change(id, state)
+        raise ArgumentError, "state (#{state}) must be one of #{STATES}" unless STATES.include?(state)
+        body = {
+          data: {
+            type: "state-change",
+            attributes: {
+              message: "This is has been triaged internally.",
+              state: state
+            }
+          }
+        }
+        post("reports/#{id}/state_changes", body)
+      end
       ## Public: retrieve a report
       #
       # id: the ID of a specific report
@@ -68,20 +133,46 @@ module HackerOne
       # returns an HackerOne::Client::Report object or raises an error if
       # no report is found.
       def report(id)
+        get("reports/#{id}")
+      end
+      private
+      def post(endpoint, body)
+        response = with_retry do
+          self.class.hackerone_api_connection.post do |req|
+            req.headers['Content-Type'] = 'application/json'
+            req.body = body.to_json
+            req.url endpoint
+          end
+        end
+        parse_response(response)
+      end
+      def get(endpoint, params = nil)
         response = with_retry do
           self.class.hackerone_api_connection.get do |req|
-            req.url "reports/#{id}"
+            req.headers['Content-Type'] = 'application/json'
+            req.params = params || {}
+            req.url endpoint
           end
         end
-        if response.success?
+        parse_response(response)
+      end
+      def parse_response(response)
+        if response.status.to_s.start_with?("4")
+          raise ArgumentError, "API called failed, probably your fault: #{response.body}"
+        elsif response.status.to_s.start_with?("5")
+          raise Runtime, "API called failed, probobly their fault: #{response.body}"
+        elsif response.success?
           Report.new(JSON.parse(response.body, :symbolize_names => true)[:data])
         else
-          raise ArgumentError, "Could not retrieve HackerOne report ##{id}: #{response.body}"
+          raise RuntimeError, "Not sure what to do here: #{response.body}"
         end
       end
-      private
       def self.hackerone_api_connection
         unless ENV["HACKERONE_TOKEN_NAME"] && ENV["HACKERONE_TOKEN"]
           raise NotConfiguredError, "HACKERONE_TOKEN_NAME HACKERONE_TOKEN environment variables must be set"

data/lib/hackerone/client/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Hackerone
   module Client
-    VERSION = "0.1.1"
+    VERSION = "0.2.0"
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hackerone-client
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Neil Matatall
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-03-15 00:00:00.000000000 Z
+date: 2017-03-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -132,10 +132,12 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
+- fixtures/vcr_cassettes/add_report_reference.yml
 - fixtures/vcr_cassettes/empty_report_list.yml
 - fixtures/vcr_cassettes/missing_report.yml
 - fixtures/vcr_cassettes/report.yml
 - fixtures/vcr_cassettes/report_list.yml
+- fixtures/vcr_cassettes/stage_change.yml
 - hackerone-client.gemspec
 - lib/hackerone/client.rb
 - lib/hackerone/client/report.rb