hackerone-client 0.15.0 → 0.16.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/build.yml +28 -12
- data/.rubocop.yml +4 -0
- data/CHANGELOG.md +4 -0
- data/Gemfile +11 -3
- data/Guardfile +2 -0
- data/Rakefile +10 -1
- data/bin/console +1 -0
- data/hackerone-client.gemspec +4 -2
- data/lib/hackerone/client.rb +8 -6
- data/lib/hackerone/client/activity.rb +10 -8
- data/lib/hackerone/client/address.rb +2 -0
- data/lib/hackerone/client/bounty.rb +2 -0
- data/lib/hackerone/client/group.rb +2 -0
- data/lib/hackerone/client/incremental/activities.rb +3 -1
- data/lib/hackerone/client/member.rb +2 -0
- data/lib/hackerone/client/program.rb +4 -2
- data/lib/hackerone/client/report.rb +7 -5
- data/lib/hackerone/client/reporter.rb +2 -0
- data/lib/hackerone/client/resource_helper.rb +5 -3
- data/lib/hackerone/client/structured_scope.rb +2 -0
- data/lib/hackerone/client/swag.rb +2 -0
- data/lib/hackerone/client/user.rb +2 -0
- data/lib/hackerone/client/version.rb +3 -1
- data/lib/hackerone/client/weakness.rb +16 -14
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 99cdf21603a490301a3901f5f62430f10fc7a8425ee7ffe08944ac046d85c2d8
|
4
|
+
data.tar.gz: d390b20bc3611d74ab4d94a3fc22292f4c419ec7be9a6a0fc151b518fc713fa0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 500e402f964f2e5bf53ec230e598ec9418846f4abcc45683e2e2e0b7dec220c05b406213b4a934f82a59ac6a2425d6fe35021c1aa8a0b8963a8a8cfd0d2d888e
|
7
|
+
data.tar.gz: 3d1fe92e5a018419a6d4c04b0651ffe0453c6d9f3194a26e8f4cf446ab20d029e6dda18e375bf5ebfd72373818f94a3f65f733db204a2341db118c1276db7a62
|
data/.github/workflows/build.yml
CHANGED
@@ -1,19 +1,35 @@
|
|
1
1
|
name: Build + Test
|
2
|
-
on: [
|
2
|
+
on: [pull_request]
|
3
3
|
|
4
4
|
jobs:
|
5
5
|
build:
|
6
6
|
name: Build + Test
|
7
7
|
runs-on: ubuntu-latest
|
8
|
-
|
8
|
+
strategy:
|
9
|
+
matrix:
|
10
|
+
ruby: [ '2.4', '2.5', '2.6', '2.7']
|
11
|
+
steps:
|
12
|
+
- uses: actions/checkout@master
|
13
|
+
- name: Set up Ruby ${{ matrix.ruby }}
|
14
|
+
uses: actions/setup-ruby@v1
|
15
|
+
with:
|
16
|
+
ruby-version: ${{ matrix.ruby }}
|
17
|
+
- name: Build and test with Rake with Ruby ${{ matrix.ruby }}
|
18
|
+
run: |
|
19
|
+
gem install bundler
|
20
|
+
bundle install --jobs 4 --retry 3
|
21
|
+
bundle exec rake spec
|
22
|
+
lint:
|
23
|
+
name: Rubocop
|
24
|
+
runs-on: ubuntu-latest
|
9
25
|
steps:
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
26
|
+
- uses: actions/checkout@master
|
27
|
+
- name: Set up Ruby 2.6
|
28
|
+
uses: actions/setup-ruby@v1
|
29
|
+
with:
|
30
|
+
ruby-version: 2.6
|
31
|
+
- name: Run linters
|
32
|
+
run: |
|
33
|
+
gem install bundler
|
34
|
+
bundle install --jobs 4 --retry 3
|
35
|
+
bundle exec rake rubocop
|
data/.rubocop.yml
ADDED
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,7 @@
|
|
1
|
+
## [0.16.0] - 2020-03-23
|
2
|
+
|
3
|
+
- [Add support for updating the severity of an issue](https://github.com/oreoshake/hackerone-client/pull/50) (@rzhade3)
|
4
|
+
|
1
5
|
## [0.15.0] - 2020-03-09
|
2
6
|
|
3
7
|
- [Add 'update program policy' API support](https://github.com/oreoshake/hackerone-client/pull/47) (@rzhade3)
|
data/Gemfile
CHANGED
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
source "https://rubygems.org"
|
2
4
|
|
3
5
|
# Specify your gem's dependencies in hackerone-client.gemspec
|
4
6
|
gemspec
|
@@ -7,8 +9,14 @@ group :developement do
|
|
7
9
|
gem "pry"
|
8
10
|
end
|
9
11
|
|
12
|
+
group :test do
|
13
|
+
gem "rubocop", "< 0.68"
|
14
|
+
gem "rubocop-github"
|
15
|
+
gem "rubocop-performance"
|
16
|
+
end
|
17
|
+
|
10
18
|
group :guard do
|
11
|
-
gem "growl", :
|
12
|
-
gem "rb-fsevent", :require => RUBY_PLATFORM.include?('darwin') && 'rb-fsevent'
|
19
|
+
gem "growl", require: RUBY_PLATFORM.include?("darwin") && "growl"
|
13
20
|
gem "guard-rspec"
|
21
|
+
gem "rb-fsevent", require: RUBY_PLATFORM.include?("darwin") && "rb-fsevent"
|
14
22
|
end
|
data/Guardfile
CHANGED
data/Rakefile
CHANGED
@@ -1,6 +1,15 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "bundler/gem_tasks"
|
2
4
|
require "rspec/core/rake_task"
|
3
5
|
|
4
6
|
RSpec::Core::RakeTask.new(:spec)
|
5
7
|
|
6
|
-
task :
|
8
|
+
task default: :spec
|
9
|
+
|
10
|
+
begin
|
11
|
+
require "rubocop/rake_task"
|
12
|
+
RuboCop::RakeTask.new
|
13
|
+
rescue LoadError
|
14
|
+
task(:rubocop) { $stderr.puts "RuboCop is disabled" }
|
15
|
+
end
|
data/bin/console
CHANGED
data/hackerone-client.gemspec
CHANGED
@@ -1,7 +1,9 @@
|
|
1
1
|
# coding: utf-8
|
2
|
-
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
lib = File.expand_path("../lib", __FILE__)
|
3
5
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
-
require
|
6
|
+
require "hackerone/client/version"
|
5
7
|
|
6
8
|
Gem::Specification.new do |spec|
|
7
9
|
spec.name = "hackerone-client"
|
data/lib/hackerone/client.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "faraday"
|
2
4
|
require "json"
|
3
5
|
require "active_support/time"
|
@@ -24,7 +26,7 @@ module HackerOne
|
|
24
26
|
DEFAULT_HIGH_RANGE = 2500...4999
|
25
27
|
DEFAULT_CRITICAL_RANGE = 5000...100_000_000
|
26
28
|
|
27
|
-
LENIENT_MODE_ENV_VARIABLE =
|
29
|
+
LENIENT_MODE_ENV_VARIABLE = "HACKERONE_CLIENT_LENIENT_MODE"
|
28
30
|
|
29
31
|
class << self
|
30
32
|
ATTRS = [:low_range, :medium_range, :high_range, :critical_range].freeze
|
@@ -102,7 +104,7 @@ module HackerOne
|
|
102
104
|
def post(endpoint, body)
|
103
105
|
response = with_retry do
|
104
106
|
self.class.hackerone_api_connection.post do |req|
|
105
|
-
req.headers[
|
107
|
+
req.headers["Content-Type"] = "application/json"
|
106
108
|
req.body = body.to_json
|
107
109
|
req.url endpoint
|
108
110
|
end
|
@@ -114,7 +116,7 @@ module HackerOne
|
|
114
116
|
def get(endpoint, params = nil)
|
115
117
|
response = with_retry do
|
116
118
|
self.class.hackerone_api_connection.get do |req|
|
117
|
-
req.headers[
|
119
|
+
req.headers["Content-Type"] = "application/json"
|
118
120
|
req.params = params || {}
|
119
121
|
req.url endpoint
|
120
122
|
end
|
@@ -129,7 +131,7 @@ module HackerOne
|
|
129
131
|
elsif response.status.to_s.start_with?("5")
|
130
132
|
raise RuntimeError, "API called failed, probably their fault: #{response.body}"
|
131
133
|
elsif response.success?
|
132
|
-
response_body_json = JSON.parse(response.body, :
|
134
|
+
response_body_json = JSON.parse(response.body, symbolize_names: true)
|
133
135
|
if extract_data && response_body_json.key?(:data)
|
134
136
|
response_body_json[:data]
|
135
137
|
else
|
@@ -145,13 +147,13 @@ module HackerOne
|
|
145
147
|
raise NotConfiguredError, "HACKERONE_TOKEN_NAME HACKERONE_TOKEN environment variables must be set"
|
146
148
|
end
|
147
149
|
|
148
|
-
@connection ||= Faraday.new(:
|
150
|
+
@connection ||= Faraday.new(url: "https://api.hackerone.com/v1") do |faraday|
|
149
151
|
faraday.basic_auth(ENV["HACKERONE_TOKEN_NAME"], ENV["HACKERONE_TOKEN"])
|
150
152
|
faraday.adapter Faraday.default_adapter
|
151
153
|
end
|
152
154
|
end
|
153
155
|
|
154
|
-
def with_retry(attempts=3, &block)
|
156
|
+
def with_retry(attempts = 3, &block)
|
155
157
|
attempts_remaining = attempts
|
156
158
|
|
157
159
|
begin
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module HackerOne
|
2
4
|
module Client
|
3
5
|
module Activities
|
@@ -84,14 +86,14 @@ module HackerOne
|
|
84
86
|
end
|
85
87
|
|
86
88
|
ACTIVITY_TYPE_CLASS_MAPPING = {
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
89
|
+
"activity-bounty-awarded" => BountyAwarded,
|
90
|
+
"activity-swag-awarded" => SwagAwarded,
|
91
|
+
"activity-user-assigned-to-bug" => UserAssignedToBug,
|
92
|
+
"activity-group-assigned-to-bug" => GroupAssignedToBug,
|
93
|
+
"activity-bug-triaged" => BugTriaged,
|
94
|
+
"activity-reference-id-added" => ReferenceIdAdded,
|
95
|
+
"activity-comment" => CommentAdded,
|
96
|
+
"activity-bounty-suggested" => BountySuggested
|
95
97
|
}.freeze
|
96
98
|
|
97
99
|
def self.build(activity_data)
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module HackerOne
|
2
4
|
module Client
|
3
5
|
module Incremental
|
@@ -48,7 +50,7 @@ module HackerOne
|
|
48
50
|
|
49
51
|
def current_page
|
50
52
|
@current_page ||= make_get_request(
|
51
|
-
|
53
|
+
"incremental/activities",
|
52
54
|
extract_data: false,
|
53
55
|
params: {
|
54
56
|
handle: program.handle,
|
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative "./resource_helper"
|
2
4
|
|
3
5
|
module HackerOne
|
4
6
|
module Client
|
@@ -71,7 +73,7 @@ module HackerOne
|
|
71
73
|
"programs/#{id}/swag",
|
72
74
|
params: { page: { number: page_number, size: page_size } }
|
73
75
|
)
|
74
|
-
response_body.map{|r| Swag.new(r, self) }
|
76
|
+
response_body.map { |r| Swag.new(r, self) }
|
75
77
|
end
|
76
78
|
|
77
79
|
private
|
@@ -1,6 +1,8 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require_relative
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative "./resource_helper"
|
4
|
+
require_relative "./weakness"
|
5
|
+
require_relative "./activity"
|
4
6
|
|
5
7
|
module HackerOne
|
6
8
|
module Client
|
@@ -118,7 +120,7 @@ module HackerOne
|
|
118
120
|
|
119
121
|
# Bounty writeups just use the key, and not the label value.
|
120
122
|
def writeup_classification
|
121
|
-
classification_label
|
123
|
+
classification_label.split("-").first
|
122
124
|
end
|
123
125
|
|
124
126
|
def activities
|
@@ -304,7 +306,7 @@ module HackerOne
|
|
304
306
|
request_body[:id] = assignee_id if assignee_id
|
305
307
|
|
306
308
|
response = HackerOne::Client::Api.hackerone_api_connection.put do |req|
|
307
|
-
req.headers[
|
309
|
+
req.headers["Content-Type"] = "application/json"
|
308
310
|
req.url "reports/#{id}/assignee"
|
309
311
|
req.body = { data: request_body }.to_json
|
310
312
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module HackerOne
|
2
4
|
module Client
|
3
5
|
module ResourceHelper
|
@@ -14,7 +16,7 @@ module HackerOne
|
|
14
16
|
|
15
17
|
def make_put_request(url, request_body:, extract_data: true)
|
16
18
|
response = HackerOne::Client::Api.hackerone_api_connection.put do |req|
|
17
|
-
req.headers[
|
19
|
+
req.headers["Content-Type"] = "application/json"
|
18
20
|
req.url url
|
19
21
|
req.body = { data: request_body }.to_json
|
20
22
|
end
|
@@ -24,7 +26,7 @@ module HackerOne
|
|
24
26
|
|
25
27
|
def make_post_request(url, request_body:, extract_data: true)
|
26
28
|
response = HackerOne::Client::Api.hackerone_api_connection.post do |req|
|
27
|
-
req.headers[
|
29
|
+
req.headers["Content-Type"] = "application/json"
|
28
30
|
req.url url
|
29
31
|
req.body = { data: request_body }.to_json
|
30
32
|
end
|
@@ -34,7 +36,7 @@ module HackerOne
|
|
34
36
|
|
35
37
|
def make_get_request(url, params: {}, extract_data: true)
|
36
38
|
response = HackerOne::Client::Api.hackerone_api_connection.get do |req|
|
37
|
-
req.headers[
|
39
|
+
req.headers["Content-Type"] = "application/json"
|
38
40
|
req.url url
|
39
41
|
req.params = params
|
40
42
|
end
|
@@ -1,17 +1,19 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module HackerOne
|
2
4
|
module Client
|
3
5
|
class Weakness
|
4
6
|
class << self
|
5
7
|
def validate_cwe!(cwe)
|
6
|
-
fail NotAnOwaspWeaknessError if cwe.upcase.start_with?(
|
7
|
-
fail StandardError::ArgumentError unless cwe.upcase.start_with?(
|
8
|
+
fail NotAnOwaspWeaknessError if cwe.upcase.start_with?("CAPEC-")
|
9
|
+
fail StandardError::ArgumentError unless cwe.upcase.start_with?("CWE-")
|
8
10
|
end
|
9
11
|
|
10
12
|
def extract_cwe_number(cwe)
|
11
13
|
return if cwe.nil?
|
12
14
|
validate_cwe!(cwe)
|
13
15
|
|
14
|
-
cwe.split(
|
16
|
+
cwe.split("CWE-").last.to_i
|
15
17
|
end
|
16
18
|
end
|
17
19
|
|
@@ -39,20 +41,20 @@ module HackerOne
|
|
39
41
|
}
|
40
42
|
|
41
43
|
OWASP_TOP_10_2013_TO_CWE = {
|
42
|
-
|
43
|
-
|
44
|
+
"A1-Injection" => [77, 78, 88, 89, 90, 91, 564],
|
45
|
+
"A2-AuthSession" =>
|
44
46
|
[287, 613, 522, 256, 384, 472, 346, 441, 523, 620, 640, 319, 311],
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
47
|
+
"A3-XSS" => [79],
|
48
|
+
"A4-DirectObjRef" => [639, 99, 22],
|
49
|
+
"A5-Misconfig" => [16, 2, 215, 548, 209],
|
50
|
+
"A6-DataExposure" => [312, 319, 310, 326, 320, 311, 325, 328, 327],
|
51
|
+
"A7-MissingACL" => [285, 287],
|
52
|
+
"A8-CSRF" => [352, 642, 613, 346, 441],
|
53
|
+
"A9-KnownVuln" => [],
|
54
|
+
"A10-Redirects" => [601],
|
53
55
|
}.freeze
|
54
56
|
|
55
|
-
OWASP_DEFAULT =
|
57
|
+
OWASP_DEFAULT = "A0-Other".freeze
|
56
58
|
|
57
59
|
def initialize(weakness)
|
58
60
|
@attributes = weakness
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hackerone-client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.16.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Neil Matatall
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-03-
|
11
|
+
date: 2020-03-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -118,6 +118,7 @@ files:
|
|
118
118
|
- ".github/workflows/build.yml"
|
119
119
|
- ".gitignore"
|
120
120
|
- ".rspec"
|
121
|
+
- ".rubocop.yml"
|
121
122
|
- ".travis.yml"
|
122
123
|
- CHANGELOG.md
|
123
124
|
- CODE_OF_CONDUCT.md
|