hackerone-client 0.1.1 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ebb425c241793e7a304c86e2432a9cd8c1fbfa4c
|
4
|
+
data.tar.gz: ef459ac5cab769b0ab7ee5ccc012f74c1492a37a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7ae32de2ce5143b8b694a72434057e9d991422f0e374dda94c0f6a26f3b9ef8c8a12b14938bab7e2f5023c890b944dccc55bc6e73ea67bfc26cd01106e1bfe27
|
7
|
+
data.tar.gz: c179d3c6ac1e2ca293126ebcdf9d5a7d731e069f9b209edcc5fc93ac154cdb11763835abca01447de94cf694e8eb4bf741b24997e0772df8e587d367b1e9410c
|
@@ -0,0 +1,78 @@
|
|
1
|
+
---
|
2
|
+
http_interactions:
|
3
|
+
- request:
|
4
|
+
method: post
|
5
|
+
uri: https://api.hackerone.com/v1/reports/132170/issue_tracker_reference_id
|
6
|
+
body:
|
7
|
+
encoding: UTF-8
|
8
|
+
string: '{"data":{"type":"issue-tracker-reference-id","attributes":{"reference":"fooooo"}}}'
|
9
|
+
headers:
|
10
|
+
Authorization:
|
11
|
+
- Basic nope
|
12
|
+
User-Agent:
|
13
|
+
- Faraday v0.11.0
|
14
|
+
Content-Type:
|
15
|
+
- application/json
|
16
|
+
Accept-Encoding:
|
17
|
+
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
|
18
|
+
Accept:
|
19
|
+
- "*/*"
|
20
|
+
response:
|
21
|
+
status:
|
22
|
+
code: 200
|
23
|
+
message: OK
|
24
|
+
headers:
|
25
|
+
Date:
|
26
|
+
- Thu, 16 Mar 2017 20:21:44 GMT
|
27
|
+
Content-Type:
|
28
|
+
- application/json; charset=utf-8
|
29
|
+
Transfer-Encoding:
|
30
|
+
- chunked
|
31
|
+
Connection:
|
32
|
+
- keep-alive
|
33
|
+
Set-Cookie:
|
34
|
+
- __cfduid=d4b57ca8890f7f0e1428003db73c2a8f41489695704; expires=Fri, 16-Mar-18
|
35
|
+
20:21:44 GMT; path=/; Domain=api.hackerone.com; HttpOnly
|
36
|
+
X-Request-Id:
|
37
|
+
- 2c20eb84-1d41-48c2-a64a-6fffd601dce9
|
38
|
+
Etag:
|
39
|
+
- W/"e6e4cf756fbd434e3375eec1c1256611"
|
40
|
+
Cache-Control:
|
41
|
+
- max-age=0, private, must-revalidate
|
42
|
+
Strict-Transport-Security:
|
43
|
+
- max-age=31536000; includeSubDomains; preload
|
44
|
+
Content-Security-Policy:
|
45
|
+
- default-src 'none'; connect-src 'self' www.google-analytics.com errors.hackerone.net;
|
46
|
+
font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'
|
47
|
+
'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598
|
48
|
+
X-Content-Type-Options:
|
49
|
+
- nosniff
|
50
|
+
X-Download-Options:
|
51
|
+
- noopen
|
52
|
+
X-Frame-Options:
|
53
|
+
- DENY
|
54
|
+
X-Permitted-Cross-Domain-Policies:
|
55
|
+
- none
|
56
|
+
X-Xss-Protection:
|
57
|
+
- 1; mode=block
|
58
|
+
Public-Key-Pins-Report-Only:
|
59
|
+
- pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
|
60
|
+
pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
|
61
|
+
pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
|
62
|
+
pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
|
63
|
+
report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
|
64
|
+
Server:
|
65
|
+
- cloudflare-nginx
|
66
|
+
Cf-Ray:
|
67
|
+
- 340a6ba9fa5653a8-LAX
|
68
|
+
body:
|
69
|
+
encoding: ASCII-8BIT
|
70
|
+
string: '{"relationships":{"report":{"data":{"id":"132170","type":"report","attributes":{"title":"ssss","state":"triaged","created_at":"2016-04-18T22:24:50.065Z","vulnerability_information":"sssss","triaged_at":"2017-03-16T19:53:49.939Z","closed_at":null,"last_reporter_activity_at":"2016-04-18T22:24:50.118Z","first_program_activity_at":"2017-03-16T18:36:40.650Z","last_program_activity_at":"2017-03-16T19:53:49.939Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"last_activity_at":"2017-03-16T19:53:49.939Z","issue_tracker_reference_id":"fooooo"},"relationships":{"reporter":{"data":{"id":"57690","type":"user","attributes":{"username":"ndm-github","name":"Neil
|
71
|
+
Matatall","disabled":false,"created_at":"2016-02-24T01:33:01.258Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/production/000/057/690/1e0c9ef6fc8bcc17806ae82e6f73cdd4d0e74eb9_small.jpg?1469554487","82x82":"https://profile-photos.hackerone-user-content.com/production/000/057/690/f6a17c40a6c910ba801014d1498b55727ea858e3_medium.jpg?1469554487","110x110":"https://profile-photos.hackerone-user-content.com/production/000/057/690/2259dde15230756d99f68a9ca824af11081ab965_large.jpg?1469554487","260x260":"https://profile-photos.hackerone-user-content.com/production/000/057/690/6d2da33805fef8b8ac4cf513e1562699e79365e0_xtralarge.jpg?1469554487"}}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github-test","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2016-09-20T14:54:15.448Z"}}},"swag":{"data":[]},"attachments":{"data":[]},"vulnerability_types":{"data":[{"id":"107921","type":"vulnerability-type","attributes":{"name":"Cross-Site
|
72
|
+
Scripting (XSS)","description":"Failure of a site to validate, filter, or
|
73
|
+
encode user input before returning it to another user''s web client.\n","created_at":"2016-04-15T17:10:39.169Z"}}]},"activities":{"data":[{"type":"activity-reference-id-added","id":"1546419","attributes":{"message":"","created_at":"2017-03-16T20:21:44.883Z","updated_at":"2017-03-16T20:21:44.883Z","internal":true,"reference":"fooooo","reference_url":null},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}},{"type":"activity-bug-triaged","id":"1546376","attributes":{"message":"This
|
74
|
+
is has been triaged internally.","created_at":"2017-03-16T19:53:49.939Z","updated_at":"2017-03-16T19:53:49.939Z","internal":false},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}},{"type":"activity-reference-id-added","id":"1546123","attributes":{"message":"","created_at":"2017-03-16T18:36:49.045Z","updated_at":"2017-03-16T18:36:49.045Z","internal":true,"reference":"3476","reference_url":null},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}},{"type":"activity-bug-needs-more-info","id":"1546120","attributes":{"message":"This
|
75
|
+
is has been triaged internally.","created_at":"2017-03-16T18:36:40.650Z","updated_at":"2017-03-16T18:36:40.650Z","internal":false},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}}]},"bounties":{"data":[]},"summaries":{"data":[]}}}}}}'
|
76
|
+
http_version:
|
77
|
+
recorded_at: Thu, 16 Mar 2017 20:21:45 GMT
|
78
|
+
recorded_with: VCR 3.0.3
|
@@ -29,8 +29,8 @@ http_interactions:
|
|
29
29
|
Connection:
|
30
30
|
- keep-alive
|
31
31
|
Set-Cookie:
|
32
|
-
- __cfduid=123; expires=Thu, 15-Feb-18
|
33
|
-
|
32
|
+
- __cfduid=123; expires=Thu, 15-Feb-18 01:01:17 GMT; path=/; Domain=api.hackerone.com;
|
33
|
+
HttpOnly
|
34
34
|
X-Request-Id:
|
35
35
|
- 21757437-7a32-4560-af4a-885b09f20381
|
36
36
|
Cache-Control:
|
@@ -66,4 +66,143 @@ http_interactions:
|
|
66
66
|
string: '{"errors":[{"status":403}]}'
|
67
67
|
http_version:
|
68
68
|
recorded_at: Wed, 15 Feb 2017 01:01:18 GMT
|
69
|
+
- request:
|
70
|
+
method: post
|
71
|
+
uri: https://api.hackerone.com/v1/reports/4040000000000000/state_changes
|
72
|
+
body:
|
73
|
+
encoding: UTF-8
|
74
|
+
string: '{"data":{"type":"state-change","attributes":{"message":"This is has
|
75
|
+
been triaged internally.","state":"triaged"}}}'
|
76
|
+
headers:
|
77
|
+
Authorization:
|
78
|
+
- Basic nope
|
79
|
+
User-Agent:
|
80
|
+
- Faraday v0.11.0
|
81
|
+
Content-Type:
|
82
|
+
- application/json
|
83
|
+
Accept-Encoding:
|
84
|
+
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
|
85
|
+
Accept:
|
86
|
+
- "*/*"
|
87
|
+
response:
|
88
|
+
status:
|
89
|
+
code: 400
|
90
|
+
message: Bad Request
|
91
|
+
headers:
|
92
|
+
Date:
|
93
|
+
- Thu, 16 Mar 2017 20:06:07 GMT
|
94
|
+
Content-Type:
|
95
|
+
- application/json; charset=utf-8
|
96
|
+
Transfer-Encoding:
|
97
|
+
- chunked
|
98
|
+
Connection:
|
99
|
+
- keep-alive
|
100
|
+
Set-Cookie:
|
101
|
+
- __cfduid=d5e022e1aea468d8848bf0720edab1cae1489694766; expires=Fri, 16-Mar-18
|
102
|
+
20:06:06 GMT; path=/; Domain=api.hackerone.com; HttpOnly
|
103
|
+
X-Request-Id:
|
104
|
+
- 73b52183-e64f-45db-bcc4-11d46a021364
|
105
|
+
Cache-Control:
|
106
|
+
- no-cache
|
107
|
+
Strict-Transport-Security:
|
108
|
+
- max-age=31536000; includeSubDomains; preload
|
109
|
+
Content-Security-Policy:
|
110
|
+
- default-src 'none'; connect-src 'self' www.google-analytics.com errors.hackerone.net;
|
111
|
+
font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'
|
112
|
+
'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598
|
113
|
+
X-Content-Type-Options:
|
114
|
+
- nosniff
|
115
|
+
X-Download-Options:
|
116
|
+
- noopen
|
117
|
+
X-Frame-Options:
|
118
|
+
- DENY
|
119
|
+
X-Permitted-Cross-Domain-Policies:
|
120
|
+
- none
|
121
|
+
X-Xss-Protection:
|
122
|
+
- 1; mode=block
|
123
|
+
Public-Key-Pins-Report-Only:
|
124
|
+
- pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
|
125
|
+
pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
|
126
|
+
pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
|
127
|
+
pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
|
128
|
+
report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
|
129
|
+
Server:
|
130
|
+
- cloudflare-nginx
|
131
|
+
Cf-Ray:
|
132
|
+
- 340a54c4fbc92240-LAX
|
133
|
+
body:
|
134
|
+
encoding: UTF-8
|
135
|
+
string: '{"errors":[{"status":400,"title":"Invalid Parameter","detail":"The
|
136
|
+
parameter ''report_id'' is invalid.","source":{"parameter":"report_id"}}]}'
|
137
|
+
http_version:
|
138
|
+
recorded_at: Thu, 16 Mar 2017 20:06:07 GMT
|
139
|
+
- request:
|
140
|
+
method: post
|
141
|
+
uri: https://api.hackerone.com/v1/reports/4040000000000000/issue_tracker_reference_id
|
142
|
+
body:
|
143
|
+
encoding: UTF-8
|
144
|
+
string: '{"data":{"type":"issue-tracker-reference-id","attributes":{"reference":"fooooo"}}}'
|
145
|
+
headers:
|
146
|
+
Authorization:
|
147
|
+
- Basic nope
|
148
|
+
User-Agent:
|
149
|
+
- Faraday v0.11.0
|
150
|
+
Content-Type:
|
151
|
+
- application/json
|
152
|
+
Accept-Encoding:
|
153
|
+
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
|
154
|
+
Accept:
|
155
|
+
- "*/*"
|
156
|
+
response:
|
157
|
+
status:
|
158
|
+
code: 400
|
159
|
+
message: Bad Request
|
160
|
+
headers:
|
161
|
+
Date:
|
162
|
+
- Thu, 16 Mar 2017 20:23:27 GMT
|
163
|
+
Content-Type:
|
164
|
+
- application/json; charset=utf-8
|
165
|
+
Transfer-Encoding:
|
166
|
+
- chunked
|
167
|
+
Connection:
|
168
|
+
- keep-alive
|
169
|
+
Set-Cookie:
|
170
|
+
- __cfduid=d937ff918b1e20c9491cb8b44ba307c1d1489695807; expires=Fri, 16-Mar-18
|
171
|
+
20:23:27 GMT; path=/; Domain=api.hackerone.com; HttpOnly
|
172
|
+
X-Request-Id:
|
173
|
+
- 80d19f89-5fc0-412a-b30a-6caaad350d0c
|
174
|
+
Cache-Control:
|
175
|
+
- no-cache
|
176
|
+
Strict-Transport-Security:
|
177
|
+
- max-age=31536000; includeSubDomains; preload
|
178
|
+
Content-Security-Policy:
|
179
|
+
- default-src 'none'; connect-src 'self' www.google-analytics.com errors.hackerone.net;
|
180
|
+
font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'
|
181
|
+
'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598
|
182
|
+
X-Content-Type-Options:
|
183
|
+
- nosniff
|
184
|
+
X-Download-Options:
|
185
|
+
- noopen
|
186
|
+
X-Frame-Options:
|
187
|
+
- DENY
|
188
|
+
X-Permitted-Cross-Domain-Policies:
|
189
|
+
- none
|
190
|
+
X-Xss-Protection:
|
191
|
+
- 1; mode=block
|
192
|
+
Public-Key-Pins-Report-Only:
|
193
|
+
- pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
|
194
|
+
pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
|
195
|
+
pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
|
196
|
+
pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
|
197
|
+
report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
|
198
|
+
Server:
|
199
|
+
- cloudflare-nginx
|
200
|
+
Cf-Ray:
|
201
|
+
- 340a6e2b3a0522c4-LAX
|
202
|
+
body:
|
203
|
+
encoding: UTF-8
|
204
|
+
string: '{"errors":[{"status":400,"title":"Invalid Parameter","detail":"The
|
205
|
+
parameter ''report_id'' is invalid.","source":{"parameter":"report_id"}}]}'
|
206
|
+
http_version:
|
207
|
+
recorded_at: Thu, 16 Mar 2017 20:23:27 GMT
|
69
208
|
recorded_with: VCR 3.0.3
|
@@ -0,0 +1,79 @@
|
|
1
|
+
---
|
2
|
+
http_interactions:
|
3
|
+
- request:
|
4
|
+
method: post
|
5
|
+
uri: https://api.hackerone.com/v1/reports/132170/state_changes
|
6
|
+
body:
|
7
|
+
encoding: UTF-8
|
8
|
+
string: '{"data":{"type":"state-change","attributes":{"message":"This is has
|
9
|
+
been triaged internally.","state":"triaged"}}}'
|
10
|
+
headers:
|
11
|
+
Authorization:
|
12
|
+
- Basic nope
|
13
|
+
User-Agent:
|
14
|
+
- Faraday v0.11.0
|
15
|
+
Content-Type:
|
16
|
+
- application/json
|
17
|
+
Accept-Encoding:
|
18
|
+
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
|
19
|
+
Accept:
|
20
|
+
- "*/*"
|
21
|
+
response:
|
22
|
+
status:
|
23
|
+
code: 201
|
24
|
+
message: Created
|
25
|
+
headers:
|
26
|
+
Date:
|
27
|
+
- Thu, 16 Mar 2017 19:53:50 GMT
|
28
|
+
Content-Type:
|
29
|
+
- application/json; charset=utf-8
|
30
|
+
Transfer-Encoding:
|
31
|
+
- chunked
|
32
|
+
Connection:
|
33
|
+
- keep-alive
|
34
|
+
Set-Cookie:
|
35
|
+
- __cfduid=d6abf05e4448cfd8e6f406e1fb105f1911489694029; expires=Fri, 16-Mar-18
|
36
|
+
19:53:49 GMT; path=/; Domain=api.hackerone.com; HttpOnly
|
37
|
+
X-Request-Id:
|
38
|
+
- cd191af9-7666-4ed1-8a52-8a1305e29f5e
|
39
|
+
Etag:
|
40
|
+
- W/"ec64e6720b3ad3ce4838299e5a951f99"
|
41
|
+
Cache-Control:
|
42
|
+
- max-age=0, private, must-revalidate
|
43
|
+
Strict-Transport-Security:
|
44
|
+
- max-age=31536000; includeSubDomains; preload
|
45
|
+
Content-Security-Policy:
|
46
|
+
- default-src 'none'; connect-src 'self' www.google-analytics.com errors.hackerone.net;
|
47
|
+
font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'
|
48
|
+
'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598
|
49
|
+
X-Content-Type-Options:
|
50
|
+
- nosniff
|
51
|
+
X-Download-Options:
|
52
|
+
- noopen
|
53
|
+
X-Frame-Options:
|
54
|
+
- DENY
|
55
|
+
X-Permitted-Cross-Domain-Policies:
|
56
|
+
- none
|
57
|
+
X-Xss-Protection:
|
58
|
+
- 1; mode=block
|
59
|
+
Public-Key-Pins-Report-Only:
|
60
|
+
- pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
|
61
|
+
pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
|
62
|
+
pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
|
63
|
+
pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
|
64
|
+
report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
|
65
|
+
Server:
|
66
|
+
- cloudflare-nginx
|
67
|
+
Cf-Ray:
|
68
|
+
- 340a42c58e9553de-LAX
|
69
|
+
body:
|
70
|
+
encoding: UTF-8
|
71
|
+
string: '{"data":{"id":"132170","type":"report","attributes":{"title":"ssss","state":"triaged","created_at":"2016-04-18T22:24:50.065Z","vulnerability_information":"sssss","triaged_at":"2017-03-16T19:53:49.939Z","closed_at":null,"last_reporter_activity_at":"2016-04-18T22:24:50.118Z","first_program_activity_at":"2017-03-16T18:36:40.650Z","last_program_activity_at":"2017-03-16T19:53:49.939Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"last_activity_at":"2017-03-16T19:53:49.939Z","issue_tracker_reference_id":"3476"},"relationships":{"reporter":{"data":{"id":"57690","type":"user","attributes":{"username":"ndm-github","name":"Neil
|
72
|
+
Matatall","disabled":false,"created_at":"2016-02-24T01:33:01.258Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/production/000/057/690/1e0c9ef6fc8bcc17806ae82e6f73cdd4d0e74eb9_small.jpg?1469554487","82x82":"https://profile-photos.hackerone-user-content.com/production/000/057/690/f6a17c40a6c910ba801014d1498b55727ea858e3_medium.jpg?1469554487","110x110":"https://profile-photos.hackerone-user-content.com/production/000/057/690/2259dde15230756d99f68a9ca824af11081ab965_large.jpg?1469554487","260x260":"https://profile-photos.hackerone-user-content.com/production/000/057/690/6d2da33805fef8b8ac4cf513e1562699e79365e0_xtralarge.jpg?1469554487"}}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github-test","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2016-09-20T14:54:15.448Z"}}},"swag":{"data":[]},"attachments":{"data":[]},"vulnerability_types":{"data":[{"id":"107921","type":"vulnerability-type","attributes":{"name":"Cross-Site
|
73
|
+
Scripting (XSS)","description":"Failure of a site to validate, filter, or
|
74
|
+
encode user input before returning it to another user''s web client.\n","created_at":"2016-04-15T17:10:39.169Z"}}]},"activities":{"data":[{"type":"activity-bug-triaged","id":"1546376","attributes":{"message":"This
|
75
|
+
is has been triaged internally.","created_at":"2017-03-16T19:53:49.939Z","updated_at":"2017-03-16T19:53:49.939Z","internal":false},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}},{"type":"activity-reference-id-added","id":"1546123","attributes":{"message":"","created_at":"2017-03-16T18:36:49.045Z","updated_at":"2017-03-16T18:36:49.045Z","internal":true,"reference":"3476","reference_url":null},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}},{"type":"activity-bug-needs-more-info","id":"1546120","attributes":{"message":"This
|
76
|
+
is has been triaged internally.","created_at":"2017-03-16T18:36:40.650Z","updated_at":"2017-03-16T18:36:40.650Z","internal":false},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}}]},"bounties":{"data":[]},"summaries":{"data":[]}}}}'
|
77
|
+
http_version:
|
78
|
+
recorded_at: Thu, 16 Mar 2017 19:53:50 GMT
|
79
|
+
recorded_with: VCR 3.0.3
|
data/lib/hackerone/client.rb
CHANGED
@@ -12,6 +12,17 @@ module HackerOne
|
|
12
12
|
DEFAULT_HIGH_RANGE = 2500...4999
|
13
13
|
DEFAULT_CRITICAL_RANGE = 5000...100_000_000
|
14
14
|
|
15
|
+
STATES = %w(
|
16
|
+
new
|
17
|
+
triaged
|
18
|
+
needs-more-info
|
19
|
+
resolved
|
20
|
+
not-applicable
|
21
|
+
informative
|
22
|
+
duplicate
|
23
|
+
spam
|
24
|
+
).map(&:to_sym)
|
25
|
+
|
15
26
|
class << self
|
16
27
|
ATTRS = [:low_range, :medium_range, :high_range, :critical_range].freeze
|
17
28
|
attr_accessor :program
|
@@ -61,6 +72,60 @@ module HackerOne
|
|
61
72
|
end
|
62
73
|
end
|
63
74
|
|
75
|
+
## Idempotent: add the issue reference and put the report into the "triage" state.
|
76
|
+
#
|
77
|
+
# id: the ID of the report
|
78
|
+
# state: value for the reference (e.g. issue number or relative path to cross-repo issue)
|
79
|
+
#
|
80
|
+
# returns an HackerOne::Client::Report object or raises an error if
|
81
|
+
# no report is found.
|
82
|
+
def triage(id, reference)
|
83
|
+
add_report_reference(id, reference)
|
84
|
+
state_change(id, :triaged)
|
85
|
+
end
|
86
|
+
|
87
|
+
## Idempotent: Add a report reference to a project
|
88
|
+
#
|
89
|
+
# id: the ID of the report
|
90
|
+
# state: value for the reference (e.g. issue number or relative path to cross-repo issue)
|
91
|
+
#
|
92
|
+
# returns an HackerOne::Client::Report object or raises an error if
|
93
|
+
# no report is found.
|
94
|
+
def add_report_reference(id, reference)
|
95
|
+
body = {
|
96
|
+
data: {
|
97
|
+
type: "issue-tracker-reference-id",
|
98
|
+
attributes: {
|
99
|
+
reference: reference
|
100
|
+
}
|
101
|
+
}
|
102
|
+
}
|
103
|
+
|
104
|
+
post("reports/#{id}/issue_tracker_reference_id", body)
|
105
|
+
end
|
106
|
+
|
107
|
+
## Idempotent: change the state of a report. See STATES for valid values.
|
108
|
+
#
|
109
|
+
# id: the ID of the report
|
110
|
+
# state: the state in which the report is to be put in
|
111
|
+
#
|
112
|
+
# returns an HackerOne::Client::Report object or raises an error if
|
113
|
+
# no report is found.
|
114
|
+
def state_change(id, state)
|
115
|
+
raise ArgumentError, "state (#{state}) must be one of #{STATES}" unless STATES.include?(state)
|
116
|
+
|
117
|
+
body = {
|
118
|
+
data: {
|
119
|
+
type: "state-change",
|
120
|
+
attributes: {
|
121
|
+
message: "This is has been triaged internally.",
|
122
|
+
state: state
|
123
|
+
}
|
124
|
+
}
|
125
|
+
}
|
126
|
+
post("reports/#{id}/state_changes", body)
|
127
|
+
end
|
128
|
+
|
64
129
|
## Public: retrieve a report
|
65
130
|
#
|
66
131
|
# id: the ID of a specific report
|
@@ -68,20 +133,46 @@ module HackerOne
|
|
68
133
|
# returns an HackerOne::Client::Report object or raises an error if
|
69
134
|
# no report is found.
|
70
135
|
def report(id)
|
136
|
+
get("reports/#{id}")
|
137
|
+
end
|
138
|
+
|
139
|
+
private
|
140
|
+
def post(endpoint, body)
|
141
|
+
response = with_retry do
|
142
|
+
self.class.hackerone_api_connection.post do |req|
|
143
|
+
req.headers['Content-Type'] = 'application/json'
|
144
|
+
req.body = body.to_json
|
145
|
+
req.url endpoint
|
146
|
+
end
|
147
|
+
end
|
148
|
+
|
149
|
+
parse_response(response)
|
150
|
+
end
|
151
|
+
|
152
|
+
def get(endpoint, params = nil)
|
71
153
|
response = with_retry do
|
72
154
|
self.class.hackerone_api_connection.get do |req|
|
73
|
-
req.
|
155
|
+
req.headers['Content-Type'] = 'application/json'
|
156
|
+
req.params = params || {}
|
157
|
+
req.url endpoint
|
74
158
|
end
|
75
159
|
end
|
76
160
|
|
77
|
-
|
161
|
+
parse_response(response)
|
162
|
+
end
|
163
|
+
|
164
|
+
def parse_response(response)
|
165
|
+
if response.status.to_s.start_with?("4")
|
166
|
+
raise ArgumentError, "API called failed, probably your fault: #{response.body}"
|
167
|
+
elsif response.status.to_s.start_with?("5")
|
168
|
+
raise Runtime, "API called failed, probobly their fault: #{response.body}"
|
169
|
+
elsif response.success?
|
78
170
|
Report.new(JSON.parse(response.body, :symbolize_names => true)[:data])
|
79
171
|
else
|
80
|
-
raise
|
172
|
+
raise RuntimeError, "Not sure what to do here: #{response.body}"
|
81
173
|
end
|
82
174
|
end
|
83
175
|
|
84
|
-
private
|
85
176
|
def self.hackerone_api_connection
|
86
177
|
unless ENV["HACKERONE_TOKEN_NAME"] && ENV["HACKERONE_TOKEN"]
|
87
178
|
raise NotConfiguredError, "HACKERONE_TOKEN_NAME HACKERONE_TOKEN environment variables must be set"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hackerone-client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Neil Matatall
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-03-
|
11
|
+
date: 2017-03-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -132,10 +132,12 @@ files:
|
|
132
132
|
- Rakefile
|
133
133
|
- bin/console
|
134
134
|
- bin/setup
|
135
|
+
- fixtures/vcr_cassettes/add_report_reference.yml
|
135
136
|
- fixtures/vcr_cassettes/empty_report_list.yml
|
136
137
|
- fixtures/vcr_cassettes/missing_report.yml
|
137
138
|
- fixtures/vcr_cassettes/report.yml
|
138
139
|
- fixtures/vcr_cassettes/report_list.yml
|
140
|
+
- fixtures/vcr_cassettes/stage_change.yml
|
139
141
|
- hackerone-client.gemspec
|
140
142
|
- lib/hackerone/client.rb
|
141
143
|
- lib/hackerone/client/report.rb
|