hackerone-client 0.15.0 → 0.20.0

data/fixtures/vcr_cassettes/report.yml

@@ -191,7 +191,28 @@ http_interactions:
             },
             "attachments": {
               "data": [
-
+                {
+                  "id": "936424",
+                  "type": "attachment",
+                  "attributes": {
+                    "expiring_url": "https://redacted.aws.s3.link",
+                    "created_at": "2020-08-04T18:34:09.446Z",
+                    "file_name": "2182_FtX8VdFq.jpg",
+                    "content_type": "image/jpeg",
+                    "file_size": 653695
+                  }
+                },
+                {
+                  "id": "936425",
+                  "type": "attachment",
+                  "attributes": {
+                    "expiring_url": "https://redacted.aws.s3.link",
+                    "created_at": "2020-08-04T18:34:28.970Z",
+                    "file_name": "swagger_parse.py",
+                    "content_type": "text/x-python-script",
+                    "file_size": 482
+                  }
+                }
               ]
             },
             "vulnerability_types": {

data/fixtures/vcr_cassettes/report_list_triaged.yml

@@ -0,0 +1,77 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: https://api.hackerone.com/v1/reports?filter%5Bcreated_at__gt%5D=2017-02-11T16:00:44-10:00&filter%5Bprogram%5D%5B0%5D=github&filter%5Bstate%5D%5B0%5D=triaged
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      Authorization:
+      - Basic NOPE
+      User-Agent:
+      - Faraday v1.0.0
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Date:
+      - Tue, 24 Mar 2020 14:11:47 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Set-Cookie:
+      - __cfduid=dabd0c152e7e92db1c896d18efb3473911585059107; expires=Thu, 23-Apr-20
+        14:11:47 GMT; path=/; Domain=api.hackerone.com; HttpOnly; SameSite=Lax; Secure
+      X-Request-Id:
+      - 5ead5fa1-86fb-4b8f-ae8b-755d0b08b40c
+      Etag:
+      - W/"a9d3a797dc03972084547d21d1a4ebcd"
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Strict-Transport-Security:
+      - max-age=31536000; includeSubDomains; preload
+      X-Frame-Options:
+      - DENY
+      X-Content-Type-Options:
+      - nosniff
+      X-Xss-Protection:
+      - 1; mode=block
+      X-Download-Options:
+      - noopen
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      Referrer-Policy:
+      - strict-origin-when-cross-origin
+      Expect-Ct:
+      - enforce, max-age=86400
+      Content-Security-Policy:
+      - 'default-src ''none''; base-uri ''self''; block-all-mixed-content; child-src
+        www.youtube-nocookie.com; connect-src ''self'' www.google-analytics.com errors.hackerone.net;
+        font-src ''self''; form-action ''self''; frame-ancestors ''none''; img-src
+        ''self'' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com
+        profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com;
+        media-src ''self'' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com;
+        script-src ''self'' www.google-analytics.com; style-src ''self'' ''unsafe-inline'';
+        report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598'
+      Cf-Cache-Status:
+      - DYNAMIC
+      Server:
+      - cloudflare
+      Cf-Ray:
+      - 5790fbbbb977e4d8-ATL
+    body:
+      encoding: ASCII-8BIT
+      string: !binary |-
+        eyJkYXRhIjpbeyJpZCI6IjgxNTA5OSIsInR5cGUiOiJyZXBvcnQiLCJhdHRyaWJ1dGVzIjp7InRpdGxlIjoiSmFsIiwic3RhdGUiOiJ0cmlhZ2VkIiwiY3JlYXRlZF9hdCI6IjIwMjAtMDMtMDlUMTQ6NDU6MzIuNzQxWiIsInZ1bG5lcmFiaWxpdHlfaW5mb3JtYXRpb24iOiJLYWxcblxuIyMgSW1wYWN0XG5cbkxhbCIsInRyaWFnZWRfYXQiOiIyMDIwLTAzLTI0VDE0OjExOjM3LjcxMloiLCJjbG9zZWRfYXQiOm51bGwsImxhc3RfcmVwb3J0ZXJfYWN0aXZpdHlfYXQiOiIyMDIwLTAzLTI0VDE0OjExOjM3LjcxMloiLCJmaXJzdF9wcm9ncmFtX2FjdGl2aXR5X2F0IjoiMjAyMC0wMy0wOVQxNDo0NTozMi43OTZaIiwibGFzdF9wcm9ncmFtX2FjdGl2aXR5X2F0IjoiMjAyMC0wMy0yNFQxNDoxMTozNy43MTJaIiwiYm91bnR5X2F3YXJkZWRfYXQiOm51bGwsInN3YWdfYXdhcmRlZF9hdCI6bnVsbCwiZGlzY2xvc2VkX2F0IjpudWxsLCJyZXBvcnRlcl9hZ3JlZWRfb25fZ29pbmdfcHVibGljX2F0IjpudWxsLCJsYXN0X3B1YmxpY19hY3Rpdml0eV9hdCI6IjIwMjAtMDMtMjRUMTQ6MTE6MzcuNzEyWiIsImxhc3RfYWN0aXZpdHlfYXQiOiIyMDIwLTAzLTI0VDE0OjExOjM3LjcxMloiLCJzb3VyY2UiOm51bGx9LCJyZWxhdGlvbnNoaXBzIjp7InJlcG9ydGVyIjp7ImRhdGEiOnsiaWQiOiIyOTEwNzkiLCJ0eXBlIjoidXNlciIsImF0dHJpYnV0ZXMiOnsidXNlcm5hbWUiOiJyemhhZGUzIiwibmFtZSI6IlJhaHVsIFpoYWRlIiwiZGlzYWJsZWQiOmZhbHNlLCJjcmVhdGVkX2F0IjoiMjAxOC0wNi0xMlQxNzo0Mzo0MC44NTJaIiwicHJvZmlsZV9waWN0dXJlIjp7IjYyeDYyIjoiaHR0cHM6Ly9wcm9maWxlLXBob3Rvcy5oYWNrZXJvbmUtdXNlci1jb250ZW50LmNvbS92YXJpYW50cy8wMDAvMjkxLzA3OS9iNzljM2MzNDMxMzBiZDYzMTEzMWY2OTBlMmYwNGJjMGQxZmRlOGJmX29yaWdpbmFsLnBuZy8zYWZjYjVjODk2MjQ3ZTdlZThhZGEzMWIxYzFlYjg2NTdlMjIyNDFmOTExMDkzYWNmZTRlYzdlOTdhM2E5NTlhIiwiODJ4ODIiOiJodHRwczovL3Byb2ZpbGUtcGhvdG9zLmhhY2tlcm9uZS11c2VyLWNvbnRlbnQuY29tL3ZhcmlhbnRzLzAwMC8yOTEvMDc5L2I3OWMzYzM0MzEzMGJkNjMxMTMxZjY5MGUyZjA0YmMwZDFmZGU4YmZfb3JpZ2luYWwucG5nL2ViMzE4MjNhNGNjOWY2YjZiYjRkYjkzMGZmZGY1MTI1MzM5MjhhNjhhNDI1NWZiNTBhODMxODAyODFhNjBkYTUiLCIxMTB4MTEwIjoiaHR0cHM6Ly9wcm9maWxlLXBob3Rvcy5oYWNrZXJvbmUtdXNlci1jb250ZW50LmNvbS92YXJpYW50cy8wMDAvMjkxLzA3OS9iNzljM2MzNDMxMzBiZDYzMTEzMWY2OTBlMmYwNGJjMGQxZmRlOGJmX29yaWdpbmFsLnBuZy82OTIyMzdlYjk2OTFmYmRlOTJhMTcxNzRjZGI4MDlhNzg4YWNlMDJiYzc3YzcyODAzZjE3ZDMyYjQxZTRmMjEzIiwiMjYweDI2MCI6Imh0dHBzOi8vcHJvZmlsZS1waG90b3MuaGFja2Vyb25lLXVzZXItY29udGVudC5jb20vdmFyaWFudHMvMDAwLzI5MS8wNzkvYjc5YzNjMzQzMTMwYmQ2MzExMzFmNjkwZTJmMDRiYzBkMWZkZThiZl9vcmlnaW5hbC5wbmcvY2YxZTRiNWQ0NDAwNWNiNjFmYWIzNThkZDY5Njg0MTVmMjA1NDVkZTVmMDU1YmE0ZWQzM2NhNDM4Nzk0OGNkYyJ9LCJiaW8iOiJBcHBsaWNhdGlvbiBTZWN1cml0eSBAR2l0SHViIiwid2Vic2l0ZSI6Imh0dHBzOi8vemhhZGUuZGV2IiwibG9jYXRpb24iOiIiLCJoYWNrZXJvbmVfdHJpYWdlciI6ZmFsc2V9fX0sImFzc2lnbmVlIjp7ImRhdGEiOnsiaWQiOiI4NTA0OSIsInR5cGUiOiJ1c2VyIiwiYXR0cmlidXRlcyI6eyJ1c2VybmFtZSI6ImJyZW50am8tZ2giLCJuYW1lIjoiQnJlbnQgSm9obnNvbiIsImRpc2FibGVkIjpmYWxzZSwiY3JlYXRlZF9hdCI6IjIwMTYtMDYtMTRUMjA6MDE6MzAuODkxWiIsInByb2ZpbGVfcGljdHVyZSI6eyI2Mng2MiI6Ii9hc3NldHMvYXZhdGFycy9kZWZhdWx0LTcxYTMwMmQ3MDY0NTdmM2QzYTMxZWIzMGZhM2U3M2U2Y2YwYjFkNjc3YjhmYTIxOGVhZWFmZmQ2N2FlOTc5MTgucG5nIiwiODJ4ODIiOiIvYXNzZXRzL2F2YXRhcnMvZGVmYXVsdC03MWEzMDJkNzA2NDU3ZjNkM2EzMWViMzBmYTNlNzNlNmNmMGIxZDY3N2I4ZmEyMThlYWVhZmZkNjdhZTk3OTE4LnBuZyIsIjExMHgxMTAiOiIvYXNzZXRzL2F2YXRhcnMvZGVmYXVsdC03MWEzMDJkNzA2NDU3ZjNkM2EzMWViMzBmYTNlNzNlNmNmMGIxZDY3N2I4ZmEyMThlYWVhZmZkNjdhZTk3OTE4LnBuZyIsIjI2MHgyNjAiOiIvYXNzZXRzL2F2YXRhcnMvZGVmYXVsdC03MWEzMDJkNzA2NDU3ZjNkM2EzMWViMzBmYTNlNzNlNmNmMGIxZDY3N2I4ZmEyMThlYWVhZmZkNjdhZTk3OTE4LnBuZyJ9LCJzaWduYWwiOm51bGwsImltcGFjdCI6bnVsbCwicmVwdXRhdGlvbiI6bnVsbCwiYmlvIjoiIiwid2Vic2l0ZSI6bnVsbCwibG9jYXRpb24iOiIiLCJoYWNrZXJvbmVfdHJpYWdlciI6ZmFsc2V9fX0sInByb2dyYW0iOnsiZGF0YSI6eyJpZCI6IjExNzY3IiwidHlwZSI6InByb2dyYW0iLCJhdHRyaWJ1dGVzIjp7ImhhbmRsZSI6ImdpdGh1Yi10ZXN0IiwicG9saWN5IjoiIyBHaXRIdWIgVGVzdCBCdWcgQm91bnR5XHJcblxyXG5Tb2Z0d2FyZSBzZWN1cml0eSByZXNlYXJjaGVycyBhcmUgaW5jcmVhc2luZ2x5IGVuZ2FnaW5nIHdpdGggSW50ZXJuZXQgY29tcGFuaWVzIHRvIGh1bnQgZG93biB2dWxuZXJhYmlsaXRpZXMuIE91ciBib3VudHkgcHJvZ3JhbSBnaXZlcyBhIHRpcCBvZiB0aGUgaGF0IHRvIHRoZXNlIHJlc2VhcmNoZXJzIGFuZCBwcm92aWRlcyByZXdhcmRzIG9mICAkMzAsMDAwIG9yIG1vcmUgZm9yIGNyaXRpY2FsIHZ1bG5lcmFiaWxpdGllcy5cclxuXHJcblxyXG5Zb3UgY2FuIGZpbmQgbW9yZSBpbmZvcm1hdGlvbiBpbiBvdXIgW3J1bGVzXShodHRwczovL2JvdW50eS5naXRodWIuY29tLyNydWxlcyksIFtzY29wZV0oaHR0cHM6Ly9ib3VudHkuZ2l0aHViLmNvbS8jc2NvcGUpLCBbdGFyZ2V0c10oaHR0cHM6Ly9ib3VudHkuZ2l0aHViLmNvbS8jdGFyZ2V0cyksIGFuZCBbRkFRXShodHRwczovL2JvdW50eS5naXRodWIuY29tLyNmYXFzKSBzZWN0aW9ucy4gWW91IGNhbiBhbHNvIGNoZWNrIHRoZSBjdXJyZW50IHJhbmtpbmdzIG9uIHRoZSBbbGVhZGVyYm9hcmRdKGh0dHBzOi8vYm91bnR5LmdpdGh1Yi5jb20vI2xlYWRlcmJvYXJkKS5cclxuXHJcbkhhcHB5IGhhY2tpbmchXHJcblxyXG5cclxuIyMgUnVsZXNcclxuXHJcbiMjIyBCZWZvcmUgeW91IHN0YXJ0XHJcblxyXG4qIENoZWNrIHRoZSBsaXN0IG9mIGJ1Z3MgdGhhdCBoYXZlIGJlZW4gW2NsYXNzaWZpZWQgYXMgaW5lbGlnaWJsZV0oaHR0cHM6Ly9ib3VudHkuZ2l0aHViLmNvbS9pbmVsaWdpYmxlLmh0bWwpLiBTdWJtaXNzaW9ucyB3aGljaCBhcmUgaW5lbGlnaWJsZSB3aWxsIGxpa2VseSBiZSBjbG9zZWQgYXMgYE5vdCBBcHBsaWNhYmxlYC5cclxuKiBDaGVjayB0aGUgW0dpdEh1YiBDaGFuZ2Vsb2ddKGh0dHBzOi8vZ2l0aHViLmJsb2cvY2hhbmdlbG9nLykgZm9yIHJlY2VudGx5IGxhdW5jaGVkIGZlYXR1cmVzLlxyXG4qIE5ldmVyIGF0dGVtcHQgbm9uLXRlY2huaWNhbCBhdHRhY2tzIHN1Y2ggYXMgc29jaWFsIGVuZ2luZWVyaW5nLCBwaGlzaGluZywgb3IgcGh5c2ljYWwgYXR0YWNrcyBhZ2FpbnN0IG91ciBlbXBsb3llZXMsIHVzZXJzLCBvciBpbmZyYXN0cnVjdHVyZS5cclxuKiBXaGVuIGluIGRvdWJ0LCBjb250YWN0IHVzIGF0IGBib3VudHlAZ2l0aHViLmNvbWAuXHJcbiogQnkgcGFydGljaXBhdGluZyBpbiBHaXRIdWIncyBCdWcgQm91bnR5IHByb2dyYW0gKHRoZSBcIlByb2dyYW1cIiksIHlvdSBhY2tub3dsZWRnZSB0aGF0IHlvdSBoYXZlIHJlYWQgYW5kIGFncmVlIHRvIEdpdEh1YidzIFtUZXJtcyBvZiBTZXJ2aWNlXShodHRwczovL2hlbHAuZ2l0aHViLmNvbS9hcnRpY2xlcy9naXRodWItdGVybXMtb2Ytc2VydmljZSkgYXMgd2VsbCBhcyB0aGUgZm9sbG93aW5nOlxyXG5cclxuICAqIHlvdSdyZSBub3QgcGFydGljaXBhdGluZyBmcm9tIGEgY291bnRyeSBhZ2FpbnN0IHdoaWNoIHRoZSBVbml0ZWQgU3RhdGVzIGhhcyBpc3N1ZWQgZXhwb3J0IHNhbmN0aW9ucyBvciBvdGhlciB0cmFkZSByZXN0cmljdGlvbnMsIGluY2x1ZGluZyBDdWJhLCBJcmFuLCBOb3J0aCBLb3JlYSwgU3VkYW4sIGFuZCBTeXJpYS5cclxuXHJcbiAgKiB5b3VyIHBhcnRpY2lwYXRpb24gaW4gdGhlIFByb2dyYW0gd2lsbCBub3QgdmlvbGF0ZSBhbnkgbGF3IGFwcGxpY2FibGUgdG8geW91LCBvciBkaXNydXB0IG9yIGNvbXByb21pc2UgYW55IGRhdGEgdGhhdCBpcyBub3QgeW91ciBvd24uXHJcblxyXG4gICogeW91IGFyZSBzb2xlbHkgcmVzcG9uc2libGUgZm9yIGFueSBhcHBsaWNhYmxlIHRheGVzLCB3aXRoaG9sZGluZyBvciBvdGhlcndpc2UsIGFyaXNpbmcgZnJvbSBvciByZWxhdGluZyB0byB5b3VyIHBhcnRpY2lwYXRpb24gaW4gdGhlIFByb2dyYW0sIGluY2x1ZGluZyBmcm9tIGFueSBib3VudHkgcGF5bWVudHMuXHJcblxyXG4gICogR2l0SHViIHJlc2VydmVzIHRoZSByaWdodCB0byB0ZXJtaW5hdGUgb3IgZGlzY29udGludWUgdGhlIFByb2dyYW0gYXQgaXRzIGRpc2NyZXRpb24uXHJcblxyXG4gICogT25seSB0ZXN0IGZvciB2dWxuZXJhYmlsaXRpZXMgb24gc2l0ZXMgeW91IGtub3cgdG8gYmUgb3BlcmF0ZWQgYnkgR2l0SHViIGFuZCBhcmUgW2luLXNjb3BlXShodHRwczovL2JvdW50eS5naXRodWIuY29tI3Njb3BlKS4gU29tZSBzaXRlcyBob3N0ZWQgb24gc3ViZG9tYWlucyBvZiBgR2l0SHViLmNvbWAgYXJlIG9wZXJhdGVkIGJ5IHRoaXJkIHBhcnRpZXMgYW5kIHNob3VsZCBub3QgYmUgdGVzdGVkLlxyXG5cclxuXHJcbiMjIyBMZWdhbCBzYWZlIGhhcmJvclxyXG5cclxuWW91ciByZXNlYXJjaCBpcyBjb3ZlcmVkIGJ5IHRoZSBbR2l0SHViIEJ1ZyBCb3VudHkgUHJvZ3JhbSBMZWdhbCBTYWZlIEhhcmJvcl0oaHR0cHM6Ly9oZWxwLmdpdGh1Yi5jb20vYXJ0aWNsZXMvZ2l0aHViLWJ1Zy1ib3VudHktcHJvZ3JhbS1sZWdhbC1zYWZlLWhhcmJvci8pIHBvbGljeS4gSW4gc3VtbWFyeTpcclxuKiBXZSBjb25zaWRlciBzZWN1cml0eSByZXNlYXJjaCBhbmQgdnVsbmVyYWJpbGl0eSBkaXNjbG9zdXJlIGFjdGl2aXRpZXMgY29uZHVjdGVkIGNvbnNpc3RlbnQgd2l0aCB0aGlzIHBvbGljeSBhcyDigJxhdXRob3JpemVk4oCdIGNvbmR1Y3QgdW5kZXIgdGhlIENvbXB1dGVyIEZyYXVkIGFuZCBBYnVzZSBBY3QsIHRoZSBETUNBLCBhbmQgb3RoZXIgYXBwbGljYWJsZSBjb21wdXRlciB1c2UgbGF3cyBzdWNoIGFzIENhbC4gUGVuYWwgQ29kZSA1MDIoYykuIFdlIHdhaXZlIGFueSBwb3RlbnRpYWwgRE1DQSBjbGFpbSBhZ2FpbnN0IHlvdSBmb3IgY2lyY3VtdmVudGluZyB0aGUgdGVjaG5vbG9naWNhbCBtZWFzdXJlcyB3ZSBoYXZlIHVzZWQgdG8gcHJvdGVjdCB0aGUgYXBwbGljYXRpb25zIGluIHRoaXMgYnVnIGJvdW50eSBwcm9ncmFtJ3Mgc2NvcGUuXHJcbiogV2Ugd2FudCB5b3UgdG8gcmVzcG9uc2libHkgZGlzY2xvc2UgdGhyb3VnaCBvdXIgYnVnIGJvdW50eSBwcm9ncmFtLCBhbmQgZG9uJ3Qgd2FudCByZXNlYXJjaGVycyBwdXQgaW4gZmVhciBvZiBsZWdhbCBjb25zZXF1ZW5jZXMgYmVjYXVzZSBvZiB0aGVpciBnb29kIGZhaXRoIGF0dGVtcHRzIHRvIGNvbXBseSB3aXRoIG91ciBidWcgYm91bnR5IHBvbGljeS4gV2UgY2Fubm90IGJpbmQgYW55IHRoaXJkIHBhcnR5LCBzbyBkbyBub3QgYXNzdW1lIHRoaXMgcHJvdGVjdGlvbiBleHRlbmRzIHRvIGFueSB0aGlyZCBwYXJ0eS4gSWYgaW4gZG91YnQsIGFzayB1cyBiZWZvcmUgZW5nYWdpbmcgaW4gYW55IHNwZWNpZmljIGFjdGlvbiB5b3UgdGhpbmsgbWlnaHQgZ28gb3V0c2lkZSB0aGUgYm91bmRzIG9mIG91ciBwb2xpY3kuXHJcbiogQmVjYXVzZSBib3RoIGlkZW50aWZ5aW5nIGFuZCBub24taWRlbnRpZnlpbmcgaW5mb3JtYXRpb24gY2FuIHB1dCBhIHJlc2VhcmNoZXIgYXQgcmlzaywgd2UgbGltaXQgd2hhdCB3ZSBzaGFyZSB3aXRoIHRoaXJkIHBhcnRpZXMuIFdlIG1heSBwcm92aWRlIG5vbi1pZGVudGlmeWluZyBzdWJzdGFudGl2ZSBpbmZvcm1hdGlvbiBmcm9tIHlvdXIgcmVwb3J0IHRvIGFuIGFmZmVjdGVkIHRoaXJkIHBhcnR5LCBidXQgb25seSBhZnRlciBub3RpZnlpbmcgeW91IGFuZCByZWNlaXZpbmcgYSBjb21taXRtZW50IHRoYXQgdGhlIHRoaXJkIHBhcnR5IHdpbGwgbm90IHB1cnN1ZSBsZWdhbCBhY3Rpb24gYWdhaW5zdCB5b3UuIFdlIHdpbGwgb25seSBzaGFyZSBpZGVudGlmeWluZyBpbmZvcm1hdGlvbiAobmFtZSwgZW1haWwgYWRkcmVzcywgcGhvbmUgbnVtYmVyLCBldGMuKSB3aXRoIGEgdGhpcmQgcGFydHkgaWYgeW91IGdpdmUgeW91ciB3cml0dGVuIHBlcm1pc3Npb24uXHJcbiogSWYgeW91ciBzZWN1cml0eSByZXNlYXJjaCBhcyBwYXJ0IG9mIHRoZSBidWcgYm91bnR5IHByb2dyYW0gdmlvbGF0ZXMgY2VydGFpbiByZXN0cmljdGlvbnMgaW4gb3VyIHNpdGUgcG9saWNpZXMsIHRoZSBzYWZlIGhhcmJvciB0ZXJtcyBwZXJtaXQgYSBsaW1pdGVkIGV4ZW1wdGlvbi5cclxuXHJcblxyXG4jIyMgUGVyZm9ybWluZyB5b3VyIHJlc2VhcmNoXHJcblxyXG4qIERvIG5vdCBpbXBhY3Qgb3RoZXIgdXNlcnMgd2l0aCB5b3VyIHRlc3RpbmcsIHRoaXMgaW5jbHVkZXMgdGVzdGluZyB2dWxuZXJhYmlsaXRpZXMgaW4gcmVwb3NpdG9yaWVzIG9yIG9yZ2FuaXphdGlvbnMgeW91IGRvIG5vdCBvd24uIElmIHlvdSBhcmUgYXR0ZW1wdGluZyB0byBmaW5kIGFuIGF1dGhvcml6YXRpb24gYnlwYXNzLCB5b3UgbXVzdCB1c2UgYWNjb3VudHMgeW91IG93bi5cclxuKiBUaGUgZm9sbG93aW5nIGFyZSAqKm5ldmVyKiogYWxsb3dlZCBhbmQgYXJlIGluZWxpZ2libGUgZm9yIHJld2FyZC4gV2UgbWF5IHN1c3BlbmQgeW91ciBHaXRIdWIgYWNjb3VudCBhbmQgYmFuIHlvdXIgSVAgYWRkcmVzcyBmb3I6XHJcblxyXG4gICogUGVyZm9ybWluZyBkaXN0cmlidXRlZCBkZW5pYWwgb2Ygc2VydmljZSAoRERvUykgb3Igb3RoZXIgdm9sdW1ldHJpYyBhdHRhY2tzXHJcbiAgKiBTcGFtbWluZyBjb250ZW50XHJcbiAgKiBMYXJnZS1zY2FsZSB2dWxuZXJhYmlsaXR5IHNjYW5uZXJzLCBzY3JhcGVycywgb3IgYXV0b21hdGVkIHRvb2xzIHdoaWNoIHByb2R1Y2UgZXhjZXNzaXZlIGFtb3VudHMgb2YgdHJhZmZpYy5cclxuICAgICogTm90ZTogV2UgX2RvXyBhbGxvdyB0aGUgdXNlIG9mIGF1dG9tYXRlZCB0b29scyBzbyBsb25nIGFzIHRoZXkgZG8gbm90IHByb2R1Y2UgZXhjZXNzaXZlIGFtb3VudHMgb2YgdHJhZmZpYy4gRm9yIGV4YW1wbGUsIHJ1bm5pbmcgb25lIGBubWFwYCBzY2FuIGFnYWluc3Qgb25lIGhvc3QgaXMgYWxsb3dlZCwgYnV0IHNlbmRpbmcgNjUsMDAwIHJlcXVlc3RzIGluIHR3byBtaW51dGVzIHVzaW5nIEJ1cnAgU3VpdGUgSW50cnVkZXIgaXMgZXhjZXNzaXZlLlxyXG4qIFJlc2VhcmNoaW5nIGRlbmlhbC1vZi1zZXJ2aWNlIGF0dGFja3MgaXMgYWxsb3dlZCBhbmQgZWxpZ2libGUgZm9yIHJld2FyZHMgb25seSBpZiB5b3UgZm9sbG93IHRoZXNlIHJ1bGVzOlxyXG5cclxuICAqIFJlc2VhcmNoICoqbXVzdCoqIGJlIHBlcmZvcm1lZCBpbiBvcmdhbml6YXRpb25zIG9yIHJlcG9zaXRvcmllcyB5b3Ugb3duXHJcbiAgKiBTdG9wICoqaW1tZWRpYXRlbHkqKiBpZiB5b3UgYmVsaWV2ZSB5b3UgaGF2ZSBhZmZlY3RlZCB0aGUgYXZhaWxhYmlsaXR5IG9mIG91ciBzZXJ2aWNlcy4gRG9uJ3Qgd29ycnkgYWJvdXQgZGVtb25zdHJhdGluZyB0aGUgZnVsbCBpbXBhY3Qgb2YgeW91ciB2dWxuZXJhYmlsaXR5LCBHaXRIdWIncyBzZWN1cml0eSB0ZWFtIHdpbGwgYmUgYWJsZSB0byBkZXRlcm1pbmUgdGhlIGltcGFjdC5cclxuICAqIFRoZXJlIGFyZSBubyBsaW1pdHMgZm9yIHJlc2VhcmNoaW5nIGRlbmlhbCBvZiBzZXJ2aWNlIHZ1bG5lcmFiaWxpdGllcyBhZ2FpbnN0IHlvdXIgb3duIGluc3RhbmNlIG9mIFtHaXRIdWIgRW50ZXJwcmlzZSBTZXJ2ZXJdKGh0dHBzOi8vYm91bnR5LmdpdGh1Yi5jb20vdGFyZ2V0cy9naXRodWItZW50ZXJwcmlzZS1zZXJ2ZXIuaHRtbClcclxuXHJcblxyXG4jIyMgSGFuZGxpbmcgcGVyc29uYWxseSBpZGVudGlmaWFibGUgaW5mb3JtYXRpb24gKFBJSSlcclxuXHJcbiogUGVyc29uYWxseSBpZGVudGlmeWluZyBpbmZvcm1hdGlvbiAoUElJKSBpbmNsdWRlczpcclxuICAqIGxlZ2FsIGFuZC9vciBmdWxsIG5hbWVzXHJcbiAgKiBuYW1lcyBvciB1c2VybmFtZXMgY29tYmluZWQgd2l0aCBvdGhlciBpZGVudGlmaWVycyBsaWtlIHBob25lIG51bWJlcnMgb3IgZW1haWwgYWRkcmVzc2VzXHJcbiAgKiBoZWFsdGggb3IgZmluYW5jaWFsIGluZm9ybWF0aW9uIChpbmNsdWRpbmcgaW5zdXJhbmNlIGluZm9ybWF0aW9uLCBzb2NpYWwgc2VjdXJpdHkgbnVtYmVycywgZXRjLilcclxuICAqIGluZm9ybWF0aW9uIGFib3V0IHBvbGl0aWNhbCBvciByZWxpZ2lvdXMgYWZmaWxpYXRpb25zXHJcbiAgKiBpbmZvcm1hdGlvbiBhYm91dCByYWNlLCBldGhuaWNpdHksIHNleHVhbCBvcmllbnRhdGlvbiwgZ2VuZGVyLCBvciBvdGhlciBpZGVudGlmeWluZyBpbmZvcm1hdGlvbiB0aGF0IGNvdWxkIGJlIHVzZWQgZm9yIGRpc2NyaW1pbmF0b3J5IHB1cnBvc2VzXHJcbiogRG8gbm90IGludGVudGlvbmFsbHkgYWNjZXNzIG90aGVycycgUElJLiBJZiB5b3Ugc3VzcGVjdCBhIHNlcnZpY2UgcHJvdmlkZXMgYWNjZXNzIHRvIFBJSSwgbGltaXQgcXVlcmllcyB0byB5b3VyIG93biBwZXJzb25hbCBpbmZvcm1hdGlvbi5cclxuKiBSZXBvcnQgdGhlIHZ1bG5lcmFiaWxpdHkgKmltbWVkaWF0ZWx5KiBhbmQgZG8gbm90IGF0dGVtcHQgdG8gYWNjZXNzIGFueSBvdGhlciBkYXRhLiBUaGUgR2l0SHViIFNlY3VyaXR5IHRlYW0gd2lsbCBhc3Nlc3MgdGhlIHNjb3BlIGFuZCBpbXBhY3Qgb2YgdGhlIFBJSSBleHBvc3VyZS5cclxuKiBMaW1pdCB0aGUgYW1vdW50IG9mIGRhdGEgcmV0dXJuZWQgZnJvbSBzZXJ2aWNlcy4gRm9yIFNRTCBpbmplY3Rpb24sIGZvciBleGFtcGxlLCBsaW1pdCB0aGUgbnVtYmVyIG9mIHJvd3MgcmV0dXJuZWRcclxuKiBZb3UgbXVzdCBkZWxldGUgYWxsIHlvdXIgbG9jYWwsIHN0b3JlZCwgb3IgY2FjaGVkIGNvcGllcyBvZiBkYXRhIGNvbnRhaW5pbmcgUElJIGFzIHNvb24gYXMgcG9zc2libGUuIFdlIG1heSBhc2sgeW91IHRvIHNpZ24gYSBjZXJ0aWZpY2F0ZSBvZiBkZWxldGlvbiBhbmQgY29uZmlkZW50aWFsaXR5IGFncmVlbWVudCByZWdhcmRpbmcgdGhlIGV4YWN0IGluZm9ybWF0aW9uIHlvdSBhY2Nlc3NlZC4gVGhpcyBhZ3JlZW1lbnQgd2lsbCBub3QgYWZmZWN0IHlvdXIgYm91bnR5IHJld2FyZC5cclxuKiBXZSBtYXkgYXNrIHlvdSBmb3IgdGhlIHVzZXJuYW1lcyBhbmQgSVAgYWRkcmVzc2VzIHVzZWQgZHVyaW5nIHlvdXIgdGVzdGluZyB0byBhc3Nlc3MgdGhlIGltcGFjdCBvZiB0aGUgdnVsbmVyYWJpbGl0eVxyXG5cclxuXHJcbiMjIyBSZXBvcnRpbmcgeW91ciB2dWxuZXJhYmlsaXR5XHJcblxyXG4qIFN1Ym1pc3Npb25zIG11c3QgaW5jbHVkZSB3cml0dGVuIGluc3RydWN0aW9ucyBmb3IgcmVwcm9kdWNpbmcgdGhlIHZ1bG5lcmFiaWxpdHkuIFN1Ym1pc3Npb25zIHdpdGhvdXQgY2xlYXIgcmVwcm9kdWN0aW9uIHN0ZXBzIG9yIHdoaWNoIG9ubHkgaW5jbHVkZSByZXByb2R1Y3Rpb24gc3RlcHMgaW4gdmlkZW8gZm9ybSBtYXkgYmUgaW5lbGlnaWJsZSBmb3IgYSByZXdhcmQuXHJcbiogV2hlbiByZXBvcnRpbmcgdnVsbmVyYWJpbGl0aWVzIHlvdSBtdXN0IGtlZXAgYWxsIGluZm9ybWF0aW9uIG9uIEhhY2tlck9uZS4gRG8gbm90IHBvc3QgaW5mb3JtYXRpb24gdG8gdmlkZW8tc2hhcmluZyBvciBwYXN0ZWJpbiBzaXRlcy4gVmlkZW9zIGFuZCBpbWFnZXMgY2FuIGJlIHVwbG9hZGVkIGRpcmVjdGx5IHZpYSBIYWNrZXJPbmUuXHJcbiogRm9yIHZ1bG5lcmFiaWxpdGllcyBpbnZvbHZpbmcgcGVyc29uYWxseSBpZGVudGlmaWFibGUgaW5mb3JtYXRpb24sIHBsZWFzZSBleHBsYWluIHRoZSBraW5kIG9mIFBJSSB5b3UgYmVsaWV2ZSBpcyBleHBvc2VkIGFuZCBsaW1pdCB0aGUgYW1vdW50IG9mIFBJSSBkYXRhIGluY2x1ZGVkIGluIHlvdXIgc3VibWlzc2lvbnMuIEZvciB0ZXh0dWFsIGluZm9ybWF0aW9uIGFuZCBzY3JlZW5zaG90cywgcGxlYXNlIG9ubHkgaW5jbHVkZSByZWRhY3RlZCBkYXRhIGluIHlvdXIgc3VibWlzc2lvbi5cclxuKiBEbyBub3QgcHVibGljbHkgZGlzY2xvc2UgeW91ciBzdWJtaXNzaW9uIHVudGlsIEdpdEh1YiBoYXMgZXZhbHVhdGVkIHRoZSBpbXBhY3QuXHJcblxyXG5cclxuIyMjIFJlY2VpdmluZyB5b3VyIGF3YXJkXHJcblxyXG4qIEFsbCByZXdhcmQgYW1vdW50cyBhcmUgZGV0ZXJtaW5lZCBieSBvdXIgW3NldmVyaXR5IGd1aWRlbGluZXNdKGh0dHBzOi8vYm91bnR5LmdpdGh1Yi5jb20vI3NldmVyaXR5LWd1aWRlbGluZXMpLlxyXG4qIFdoZW4gZHVwbGljYXRlcyBvY2N1ciwgd2Ugb25seSBhd2FyZCB0aGUgZmlyc3QgcmVwb3J0IHRoYXQgd2FzIHJlY2VpdmVkIChwcm92aWRlZCB0aGF0IGl0IGNhbiBiZSBmdWxseSByZXByb2R1Y2VkKS5cclxuKiBZb3UgYXJlIGZyZWUgdG8gcHVibGlzaCB3cml0ZS11cHMgYWJvdXQgeW91ciB2dWxuZXJhYmlsaXR5IGFuZCBHaXRIdWIgd2lsbCBub3QgbGltaXQgd2hhdCB5b3Ugd3JpdGUuIFdlIG1heSBwYXkgb3V0IHlvdXIgcmV3YXJkIGJlZm9yZSB0aGUgdnVsbmVyYWJpbGl0eSBpcyBwYXRjaGVkIHNvIHdlIG1heSBhc2sgdGhhdCB5b3UgZGVsYXkgcHVibGlzaGluZyB0byBrZWVwIG90aGVyIEdpdEh1YiB1c2VycyBzYWZlLlxyXG4qIE1lZGl1bSwgaGlnaCwgYW5kIGNyaXRpY2FsIHNldmVyaXR5IGlzc3VlcyB3aWxsIGJlIHdyaXR0ZW4gdXAgb24gdGhlIEdpdEh1YiBCdWcgQm91bnR5IHNpdGUgYW5kIGluY2x1ZGVkIGluIG91ciBsZWFkZXJib2FyZC4gV2UgZG9uJ3QgY3VycmVudGx5IHBvc3Qgd3JpdGUtdXBzIGZvciBsb3cgc2V2ZXJpdHkgdnVsbmVyYWJpbGl0aWVzLlxyXG4qIFlvdSBtYXkgcHJlZmVyIHRoZSByZXdhcmQgZ28gdG93YXJkIGhlbHBpbmcgb3RoZXJzLiBJZiB5b3UgY2hvb3NlIHNvLCBHaXRIdWIgd2lsbCBkb25hdGUgeW91ciByZXdhcmQgdG8gYW4gZXN0YWJsaXNoZWQgNTAxKGMpKDMpIGNoYXJpdGFibGUgb3JnYW5pemF0aW9uIG9mIHlvdXIgY2hvaWNlLiBHaXRIdWIgd2lsbCBhbHNvIG1hdGNoIHlvdXIgZG9uYXRpb24gLSBzdWJqZWN0IHRvIG91ciBkaXNjcmV0aW9uLiBBbnkgcmV3YXJkcyB0aGF0IGdvIHVuY2xhaW1lZCBhZnRlciAxMiBtb250aHMgd2lsbCBiZSBkb25hdGVkIHRvIGEgY2hhcml0eSBvZiBHaXRIdWIncyBjaG9vc2luZy5cclxuXHJcblxyXG4jIyBTY29wZVxyXG5cclxuR2l0SHViIHJ1bnMgYSBudW1iZXIgb2Ygc2VydmljZXMgYnV0IG9ubHkgc3VibWlzc2lvbnMgdW5kZXIgdGhlIGZvbGxvd2luZyBkb21haW5zIGFyZSBlbGlnaWJsZSBmb3IgcmV3YXJkcy4gQW55IEdpdEh1Yi1vd25lZCBkb21haW5zIG5vdCBsaXN0ZWQgYmVsb3cgYXJlICpub3QqIGluLXNjb3BlLCAqbm90KiBlbGlnaWJsZSBmb3IgcmV3YXJkcyBhbmQgKm5vdCogY292ZXJlZCBieSBvdXIgW2xlZ2FsIHNhZmUgaGFyYm9yXShodHRwczovL2JvdW50eS5naXRodWIuY29tI2xlZ2FsX3NhZmVfaGFyYm9yKS5cclxuXHJcblxyXG4jIyMgZ2l0aHViLmNvbVxyXG5cclxuT3VyIG1haW4gZG9tYWluIGhvc3RpbmcgdXNlci1mYWNpbmcgR2l0SHViIHNlcnZpY2VzLi4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYGdpdGh1Yi5jb21gIGFyZSBpbi1zY29wZSAqZXhjZXB0KjpcclxuKiBgYmxvZy5naXRodWIuY29tYFxyXG4qIGBjb21tdW5pdHkuZ2l0aHViLmNvbWBcclxuKiBgZW1haWwuZW50ZXJwcmlzZS5naXRodWIuY29tYFxyXG4qIGBlbWFpbC5maW5hbmNlLmdpdGh1Yi5jb21gXHJcbiogYGVtYWlsLnN0YWdpbmcuZmluYW5jZS5naXRodWIuY29tYFxyXG4qIGBlbWFpbC5zdXBwb3J0LmdpdGh1Yi5jb21gXHJcbiogYGVtYWlsLnZlcmlmeS5naXRodWIuY29tYFxyXG4qIGBnb29nbGU3NjUwZGNmNjE0NmYwNGQ4LmdpdGh1Yi5jb21gXHJcbiogYGsxLl9kb21haW5rZXkuZ2l0aHViLmNvbWBcclxuKiBgazEuX2RvbWFpbmtleS5tY21haWwuZ2l0aHViLmNvbWBcclxuKiBgbWNtYWlsLmdpdGh1Yi5jb21gXHJcbiogYHJlc291cmNlcy5naXRodWIuY29tYFxyXG4qIGAqLnJlc291cmNlcy5naXRodWIuY29tYFxyXG4qIGBzZ21haWwuZ2l0aHViLmNvbWBcclxuKiBgKi5zZ21haWwuZ2l0aHViLmNvbWBcclxuKiBgc2hvcC5naXRodWIuY29tYFxyXG4qIGBzbXRwLmdpdGh1Yi5jb21gXHJcbiogYCouc210cC5naXRodWIuY29tYFxyXG4qIGBzdXBwb3J0LmdpdGh1Yi5jb21gXHJcblxyXG4jIyMgZ2l0aHViYXNzZXRzLmNvbVxyXG5cclxuT3VyIGRvbWFpbiBmb3IgaG9zdGluZyBzdGF0aWMgYXNzZXRzLi4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYGdpdGh1YmFzc2V0cy5jb21gIGFyZSBpbi1zY29wZVxyXG5cclxuIyMjIGdpdGh1YnVzZXJjb250ZW50LmNvbVxyXG5cclxuT3VyIGRvbWFpbiBmb3IgaG9zdGluZyBhbmQgcmVuZGVyaW5nIHVzZXJzJyBkYXRhLi4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYGdpdGh1YnVzZXJjb250ZW50LmNvbWAgYXJlIGluLXNjb3BlXHJcblxyXG4jIyMgZ2l0aHViYXBwLmNvbVxyXG5cclxuT3VyIGRvbWFpbiBmb3IgaG9zdGluZyBlbXBsb3llZS1mYWNpbmcgc2VydmljZXMuLiBBbGwgc3ViZG9tYWlucyB1bmRlciBgZ2l0aHViYXBwLmNvbWAgYXJlIGluLXNjb3BlICpleGNlcHQqOlxyXG4qIGBhdG9tLWlvLmdpdGh1YmFwcC5jb21gXHJcbiogYGF0b20taW8tc3RhZ2luZy5naXRodWJhcHAuY29tYFxyXG4qIGBlbWFpbC5lbnRlcnByaXNlLXN0YWdpbmcuZ2l0aHViYXBwLmNvbWBcclxuKiBgZW1haWwuaGF5c3RhY2suZ2l0aHViYXBwLmNvbWBcclxuKiBgcmVwbHkuZ2l0aHViYXBwLmNvbWBcclxuXHJcbiMjIyBnaXRodWIubmV0XHJcblxyXG5PdXIgZG9tYWluIGZvciBob3N0aW5nIEdpdEh1YidzIGludGVybmFsIHByb2R1Y3Rpb24gc2VydmljZXMuIE1hbnkgb2YgdGhlc2Ugc2VydmljZXMgYXJlIG5vdCBhY2Nlc3NpYmxlIGZyb20gb3V0c2lkZSBvdXIgaW50ZXJuYWwgbmV0d29yay4uIEFsbCBzdWJkb21haW5zIHVuZGVyIGBnaXRodWIubmV0YCBhcmUgaW4tc2NvcGVcclxuXHJcbiMjIyBzZW1tbGUuY29tXHJcblxyXG5PdXIgbWFpbiBkb21haW4gZm9yIFNlbW1sZSBhbmQgTEdUTSBzZXJ2aWNlcy4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYHNlbW1sZS5jb21gIGFyZSBpbi1zY29wZSAqZXhjZXB0KjpcclxuKiBgZGV2LnNlbW1sZS5jb21gXHJcbiogYGdpdC5zZW1tbGUuY29tYFxyXG4qIGBqaXJhLnNlbW1sZS5jb21gXHJcbiogYHdpa2kuc2VtbWxlLmNvbWBcclxuXHJcbiMjIyBzZW1tbGUubmV0XHJcblxyXG5PdXIgZG9tYWluIGZvciBub24tcHJvZHVjdGlvbiBTZW1tbGUgc2VydmljZXMuIEFsbCBzdWJkb21haW5zIHVuZGVyIGBzZW1tbGUubmV0YCBhcmUgaW4tc2NvcGVcclxuXHJcbiMjIyBkb3dubG9hZHMubGd0bS5jb21cclxuXHJcbk91ciBkb21haW4gZm9yIHNlcnZpbmcgTEdUTSBkb3dubG9hZHMuLiBBbGwgc3ViZG9tYWlucyB1bmRlciBgZG93bmxvYWRzLmxndG0uY29tYCBhcmUgaW4tc2NvcGVcclxuXHJcbiMjIyBsZ3RtLWNvbS5wZW50ZXN0aW5nLnNlbW1sZS5uZXRcclxuXHJcbkFuIGluc3RhbmNlIG9mIFtMR1RNXShodHRwczovL2JvdW50eS5naXRodWIuY29tL3RhcmdldHMvbGd0bS5odG1sKSBlc3BlY2lhbGx5IGZvciBCdWcgQm91bnR5IHJlc2VhcmNoLi4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYGxndG0tY29tLnBlbnRlc3Rpbmcuc2VtbWxlLm5ldGAgYXJlIGluLXNjb3BlXHJcblxyXG4jIyMgYmFja2VuZC1kb3QtbGd0bS1wZW5ldHJhdGlvbi10ZXN0aW5nLmFwcHNwb3QuY29tXHJcblxyXG5BbiBpbnN0YW5jZSBvZiBbTEdUTV0oaHR0cHM6Ly9ib3VudHkuZ2l0aHViLmNvbS90YXJnZXRzL2xndG0uaHRtbCkncyBiYWNrZW5kIHVzZWQgZm9yIHRyaWdnZXJpbmcgYXV0b21hdGVkIHRhc2tzLi4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYGJhY2tlbmQtZG90LWxndG0tcGVuZXRyYXRpb24tdGVzdGluZy5hcHBzcG90LmNvbWAgYXJlIGluLXNjb3BlXHJcblxyXG4jIyBTZXZlcml0eSBHdWlkZWxpbmVzXHJcblxyXG5BbGwgYm91bnR5IHN1Ym1pc3Npb25zIGFyZSByYXRlZCBieSBHaXRIdWIgdXNpbmcgYSBwdXJwb3NlZnVsbHkgc2ltcGxlIHNjYWxlLiBFYWNoIHZ1bG5lcmFiaWxpdHkgaXMgdW5pcXVlIGJ1dCB0aGUgZm9sbG93aW5nIGlzIGEgcm91Z2ggZ3VpZGVsaW5lIHdlIHVzZSBpbnRlcm5hbGx5IGZvciByYXRpbmcgYW5kIHJld2FyZGluZyBzdWJtaXNzaW9uczpcclxuXHJcblxyXG4jIyMgQ3JpdGljYWw6ICQyMCwwMDAgLSAkMzAsMDAwXHJcblxyXG5Dcml0aWNhbCBzZXZlcml0eSBpc3N1ZXMgcHJlc2VudCBhIGRpcmVjdCBhbmQgaW1tZWRpYXRlIHJpc2sgdG8gYSBicm9hZCBhcnJheSBvZiBvdXIgdXNlcnMgb3IgdG8gR2l0SHViIGl0c2VsZi4gVGhleSBvZnRlbiBhZmZlY3QgcmVsYXRpdmVseSBsb3ctbGV2ZWwvZm91bmRhdGlvbmFsIGNvbXBvbmVudHMgaW4gb25lIG9mIG91ciBhcHBsaWNhdGlvbiBzdGFja3Mgb3IgaW5mcmFzdHJ1Y3R1cmUuIEZvciBleGFtcGxlOlxyXG4qIGFyYml0cmFyeSBjb2RlL2NvbW1hbmQgZXhlY3V0aW9uIG9uIGEgR2l0SHViIHNlcnZlciBpbiBvdXIgcHJvZHVjdGlvbiBuZXR3b3JrLlxyXG4qIGFyYml0cmFyeSBTUUwgcXVlcmllcyBvbiB0aGUgR2l0SHViIHByb2R1Y3Rpb24gZGF0YWJhc2UuXHJcbiogYnlwYXNzaW5nIHRoZSBHaXRIdWIgbG9naW4gcHJvY2VzcywgZWl0aGVyIHBhc3N3b3JkIG9yIDJGQS5cclxuKiBhY2Nlc3MgdG8gc2Vuc2l0aXZlIHByb2R1Y3Rpb24gdXNlciBkYXRhIG9yIGFjY2VzcyB0byBpbnRlcm5hbCBwcm9kdWN0aW9uIHN5c3RlbXMuXHJcbiogYWNjZXNzaW5nIGFub3RoZXIgdXNlcidzIGRhdGEgaW4gdGhlIEdpdEh1YiBBY3Rpb25zIHNlcnZpY2UuXHJcblxyXG5UaGUgdXBwZXIgYm91bmQgZm9yIGNyaXRpY2FsIHZ1bG5lcmFiaWxpdGllcywgJDMwLDAwMCwgaXMgb25seSBhIGd1aWRlbGluZSBhbmQgR2l0SHViIG1heSByZXdhcmQgaGlnaGVyIGFtb3VudHMgZm9yIGV4Y2VwdGlvbmFsIHJlcG9ydHMuXHJcblxyXG5cclxuIyMjIEhpZ2g6ICQxMCwwMDAgLSAkMjAsMDAwXHJcblxyXG5IaWdoIHNldmVyaXR5IGlzc3VlcyBhbGxvdyBhbiBhdHRhY2tlciB0byByZWFkIG9yIG1vZGlmeSBoaWdobHkgc2Vuc2l0aXZlIGRhdGEgdGhhdCB0aGV5IGFyZSBub3QgYXV0aG9yaXplZCB0byBhY2Nlc3MuIFRoZXkgYXJlIGdlbmVyYWxseSBtb3JlIG5hcnJvdyBpbiBzY29wZSB0aGFuIGNyaXRpY2FsIGlzc3VlcywgdGhvdWdoIHRoZXkgbWF5IHN0aWxsIGdyYW50IGFuIGF0dGFja2VyIGV4dGVuc2l2ZSBhY2Nlc3MuIEZvciBleGFtcGxlOlxyXG4qIGluamVjdGluZyBhdHRhY2tlciBjb250cm9sbGVkIGNvbnRlbnQgaW50byBHaXRIdWIuY29tIChYU1MpIHdoaWNoIGJ5cGFzc2VzIENTUC5cclxuKiBieXBhc3NpbmcgYXV0aG9yaXphdGlvbiBsb2dpYyB0byBncmFudCBhIHJlcG9zaXRvcnkgY29sbGFib3JhdG9yIG1vcmUgYWNjZXNzIHRoYW4gaW50ZW5kZWQuXHJcbiogZGlzY292ZXJpbmcgc2Vuc2l0aXZlIHVzZXIgb3IgR2l0SHViIGRhdGEgaW4gYSBwdWJsaWNseSBleHBvc2VkIHJlc291cmNlLCBzdWNoIGFzIGFuIFMzIGJ1Y2tldC5cclxuKiBnYWluaW5nIGFjY2VzcyB0byBhIG5vbi1jcml0aWNhbCByZXNvdXJjZSB0aGF0IG9ubHkgR2l0SHViIGVtcGxveWVlcyBzaG91bGQgYmUgYWJsZSB0byByZWFjaC5cclxuKiB1c2luZyB0aGUgR2l0SHViIEFjdGlvbnMgcmVwby1zY29wZWQgR2l0SHViIHRva2VuIHRvIGFjY2VzcyBoaWdoLXJpc2sgcHJpdmF0ZSBjb250ZW50IG91dHNpZGUgb2YgdGhhdCByZXBvc2l0b3J5LlxyXG4qIGNvZGUgZXhlY3V0aW9uIGluIGEgZGVza3RvcCBhcHAgdGhhdCByZXF1aXJlcyBubyB1c2VyIGludGVyYWN0aW9uLlxyXG5cclxuXHJcbiMjIyBNZWRpdW06ICQ0LDAwMCAtICQxMCwwMDBcclxuXHJcbk1lZGl1bSBzZXZlcml0eSBpc3N1ZXMgYWxsb3cgYW4gYXR0YWNrZXIgdG8gcmVhZCBvciBtb2RpZnkgbGltaXRlZCBhbW91bnRzIG9mIGRhdGEgdGhhdCB0aGV5IGFyZSBub3QgYXV0aG9yaXplZCB0byBhY2Nlc3MuIFRoZXkgZ2VuZXJhbGx5IGdyYW50IGFjY2VzcyB0byBsZXNzIHNlbnNpdGl2ZSBpbmZvcm1hdGlvbiB0aGFuIGhpZ2ggc2V2ZXJpdHkgaXNzdWVzLiBGb3IgZXhhbXBsZTpcclxuKiBkaXNjbG9zaW5nIHRoZSB0aXRsZSBvZiBpc3N1ZXMgaW4gcHJpdmF0ZSByZXBvc2l0b3JpZXMgd2hpY2ggc2hvdWxkIGJlIGJlIGluYWNjZXNzaWJsZS5cclxuKiBpbmplY3RpbmcgYXR0YWNrZXIgY29udHJvbGxlZCBjb250ZW50IGludG8gR2l0SHViLmNvbSAoWFNTKSBidXQgbm90IGJ5cGFzc2luZyBDU1Agb3IgZXhlY3V0aW5nIHNlbnNpdGl2ZSBhY3Rpb25zIHdpdGggYW5vdGhlciB1c2VyJ3Mgc2Vzc2lvbi5cclxuKiBieXBhc3NpbmcgQ1NSRiB2YWxpZGF0aW9uIGZvciBsb3cgcmlzayBhY3Rpb25zLCBzdWNoIGFzIHN0YXJyaW5nIGEgcmVwb3NpdG9yeSBvciB1bnN1YnNjcmliaW5nIGZyb20gYSBtYWlsaW5nIGxpc3QuXHJcbiogZXNjYXBpbmcgdGhlIExHVE0gd29ya2VyIHNhbmRib3ggdG8gYWNjZXNzIG90aGVyIHVzZXIncyBkYXRhIG9yIHByaXZhdGUgbmV0d29ya2VkIHJlc291cmNlc1xyXG5cclxuXHJcbiMjIyBMb3c6ICQ2MTcgLSAkMiwwMDBcclxuXHJcbkxvdyBzZXZlcml0eSBpc3N1ZXMgYWxsb3cgYW4gYXR0YWNrZXIgdG8gYWNjZXNzIGV4dHJlbWVseSBsaW1pdGVkIGFtb3VudHMgb2YgZGF0YS4gVGhleSBtYXkgdmlvbGF0ZSBhbiBleHBlY3RhdGlvbiBmb3IgaG93IHNvbWV0aGluZyBpcyBpbnRlbmRlZCB0byB3b3JrLCBidXQgaXQgYWxsb3dzIG5lYXJseSBubyBlc2NhbGF0aW9uIG9mIHByaXZpbGVnZSBvciBhYmlsaXR5IHRvIHRyaWdnZXIgdW5pbnRlbmRlZCBiZWhhdmlvciBieSBhbiBhdHRhY2tlci4gRm9yIGV4YW1wbGU6XHJcbiogc2lnbmluZyB1cCBhcmJpdHJhcnkgdXNlcnMgZm9yIGFjY2VzcyB0byBhbiBcImVhcmx5IGFjY2VzcyBmZWF0dXJlXCIgd2l0aG91dCB0aGVpciBjb25zZW50LlxyXG4qIGNyZWF0aW5nIGFuIGlzc3VlIGNvbW1lbnQgdGhhdCBieXBhc3NlcyBvdXIgaW1hZ2UgcHJveHlpbmcgZmlsdGVyIGJ5IHByb3ZpZGluZyBhIG1hbGZvcm1lZCBVUkwuXHJcbiogYnlwYXNzaW5nIGNvbW11bml0eS1hbmQtc2FmZXR5IGZlYXR1cmVzIHN1Y2ggYXMgbG9ja2VkIGNvbnZlcnNhdGlvbnMuXHJcbiogYnlwYXNzaW5nIGJpbGxpbmcgJiBwbGFuIHJlc3RyaWN0aW9ucyB0byBnYWluIGFjY2VzcyB0byBwYWlkIGZlYXR1cmVzLlxyXG4qIHRyaWdnZXJpbmcgdmVyYm9zZSBvciBkZWJ1ZyBlcnJvciBwYWdlcyB3aXRob3V0IHByb29mIG9mIGV4cGxvaXRhYmlsaXR5IG9yIG9idGFpbmluZyBzZW5zaXRpdmUgaW5mb3JtYXRpb24uXHJcbiogdHJpZ2dlcmluZyBhcHBsaWNhdGlvbiBleGNlcHRpb25zIHRoYXQgY291bGQgYWZmZWN0IG1hbnkgR2l0SHViIHVzZXJzLlxyXG4qIHRyaWdnZXJpbmcgWFNTIG9yIENTUkYgdnVsbmVyYWJpbGl0aWVzIGluIExHVE1cclxuIiwiY3JlYXRlZF9hdCI6IjIwMTYtMDQtMTVUMTc6MTA6MzEuMjYxWiIsInVwZGF0ZWRfYXQiOiIyMDIwLTAzLTA5VDIwOjI0OjUyLjQxOFoifX19LCJ3ZWFrbmVzcyI6eyJkYXRhIjp7ImlkIjoiOSIsInR5cGUiOiJ3ZWFrbmVzcyIsImF0dHJpYnV0ZXMiOnsibmFtZSI6IkJ1ZmZlciBPdmVyLXJlYWQiLCJkZXNjcmlwdGlvbiI6IlRoZSBzb2Z0d2FyZSByZWFkcyBmcm9tIGEgYnVmZmVyIHVzaW5nIGJ1ZmZlciBhY2Nlc3MgbWVjaGFuaXNtcyBzdWNoIGFzIGluZGV4ZXMgb3IgcG9pbnRlcnMgdGhhdCByZWZlcmVuY2UgbWVtb3J5IGxvY2F0aW9ucyBhZnRlciB0aGUgdGFyZ2V0ZWQgYnVmZmVyLiIsImV4dGVybmFsX2lkIjoiY3dlLTEyNiIsImNyZWF0ZWRfYXQiOiIyMDE3LTAxLTA1VDAxOjUxOjE5LjAwMFoifX19LCJzdHJ1Y3R1cmVkX3Njb3BlIjp7ImRhdGEiOnsiaWQiOiIxNTQ1NSIsInR5cGUiOiJzdHJ1Y3R1cmVkLXNjb3BlIiwiYXR0cmlidXRlcyI6eyJhc3NldF90eXBlIjoiVVJMIiwiYXNzZXRfaWRlbnRpZmllciI6InJlbmRlci5naXRodWIuY29tIiwiZWxpZ2libGVfZm9yX2JvdW50eSI6dHJ1ZSwiZWxpZ2libGVfZm9yX3N1Ym1pc3Npb24iOnRydWUsImluc3RydWN0aW9uIjoiIiwibWF4X3NldmVyaXR5IjoiY3JpdGljYWwiLCJjcmVhdGVkX2F0IjoiMjAxOC0xMC0xMFQwMDo0MDo1MS40NzlaIiwidXBkYXRlZF9hdCI6IjIwMTgtMTAtMTBUMDA6NDA6NTEuNDc5WiIsInJlZmVyZW5jZSI6IiIsImNvbmZpZGVudGlhbGl0eV9yZXF1aXJlbWVudCI6Im1lZGl1bSIsImludGVncml0eV9yZXF1aXJlbWVudCI6Im1lZGl1bSIsImF2YWlsYWJpbGl0eV9yZXF1aXJlbWVudCI6ImxvdyJ9fX0sImJvdW50aWVzIjp7ImRhdGEiOltdfSwiY3VzdG9tX2ZpZWxkX3ZhbHVlcyI6eyJkYXRhIjpbXX19fV0sImxpbmtzIjp7fX0=
+    http_version: null
+  recorded_at: Tue, 24 Mar 2020 14:11:47 GMT
+recorded_with: VCR 5.1.0

data/fixtures/vcr_cassettes/update_severity.yml

@@ -0,0 +1,78 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.hackerone.com/v1/reports/200/severities
+    body:
+      encoding: UTF-8
+      string: '{"data":{"type":"severity","attributes":{"rating":"high"}}}'
+    headers:
+      Authorization:
+      - Basic NOPE
+      User-Agent:
+      - Faraday v1.0.0
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Date:
+      - Mon, 23 Mar 2020 22:11:50 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Set-Cookie:
+      - __cfduid=defc457f4849bd5da92f0d0a9e21f70cf1585001510; expires=Wed, 22-Apr-20
+        22:11:50 GMT; path=/; Domain=api.hackerone.com; HttpOnly; SameSite=Lax; Secure
+      X-Request-Id:
+      - bc58a27f-3140-4457-b7b0-12a3c86f4f03
+      Etag:
+      - W/"30c2790e73edc770a9ed3fea69f0e8ea"
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Strict-Transport-Security:
+      - max-age=31536000; includeSubDomains; preload
+      X-Frame-Options:
+      - DENY
+      X-Content-Type-Options:
+      - nosniff
+      X-Xss-Protection:
+      - 1; mode=block
+      X-Download-Options:
+      - noopen
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      Referrer-Policy:
+      - strict-origin-when-cross-origin
+      Expect-Ct:
+      - enforce, max-age=86400
+      Content-Security-Policy:
+      - 'default-src ''none''; base-uri ''self''; block-all-mixed-content; child-src
+        www.youtube-nocookie.com; connect-src ''self'' www.google-analytics.com errors.hackerone.net;
+        font-src ''self''; form-action ''self''; frame-ancestors ''none''; img-src
+        ''self'' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com
+        profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com;
+        media-src ''self'' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com;
+        script-src ''self'' www.google-analytics.com; style-src ''self'' ''unsafe-inline'';
+        report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598'
+      Cf-Cache-Status:
+      - DYNAMIC
+      Server:
+      - cloudflare
+      Cf-Ray:
+      - 578b7d8e9faa3856-ATL
+    body:
+      encoding: ASCII-8BIT
+      string: '{"data":{"id":"668494","type":"severity","attributes":{"rating":"high","author_type":"Team","user_id":983615,"created_at":"2020-03-23T22:11:50.360Z"}}}'
+    http_version: null
+  recorded_at: Mon, 23 Mar 2020 22:11:50 GMT
+recorded_with: VCR 5.1.0

data/hackerone-client.gemspec

@@ -1,7 +1,9 @@
 # coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
+# frozen_string_literal: true
+
+lib = File.expand_path("../lib", __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'hackerone/client/version'
+require "hackerone/client/version"
 
 Gem::Specification.new do |spec|
   spec.name          = "hackerone-client"

data/lib/hackerone/client.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "faraday"
 require "json"
 require "active_support/time"
@@ -12,8 +14,10 @@ require_relative "client/group"
 require_relative "client/structured_scope"
 require_relative "client/swag"
 require_relative "client/address"
+require_relative "client/attachment"
 require_relative "client/bounty"
 require_relative "client/incremental/activities"
+require "active_support/core_ext/hash"
 
 module HackerOne
   module Client
@@ -24,7 +28,18 @@ module HackerOne
     DEFAULT_HIGH_RANGE = 2500...4999
     DEFAULT_CRITICAL_RANGE = 5000...100_000_000
 
-    LENIENT_MODE_ENV_VARIABLE = 'HACKERONE_CLIENT_LENIENT_MODE'
+    LENIENT_MODE_ENV_VARIABLE = "HACKERONE_CLIENT_LENIENT_MODE"
+
+    REPORT_STATES = %w(
+      new
+      triaged
+      needs-more-info
+      resolved
+      not-applicable
+      informative
+      duplicate
+      spam
+    )
 
     class << self
       ATTRS = [:low_range, :medium_range, :high_range, :critical_range].freeze
@@ -64,17 +79,20 @@ module HackerOne
         end
       end
 
-      ## Returns all open reports, optionally with a time bound
+      ## Returns all reports in a given state, optionally with a time bound
       #
       # program: the HackerOne program to search on (configure globally with Hackerone::Client.program=)
       # since (optional): a time bound, don't include reports earlier than +since+. Must be a DateTime object.
+      # state (optional): state that a report is in, by default new
       #
       # returns all open reports or an empty array
-      def reports(since: 3.days.ago)
+      def reports(since: 3.days.ago, state: :new)
         raise ArgumentError, "Program cannot be nil" unless program
+        raise ArgumentError, "State is invalid" unless REPORT_STATES.include?(state.to_s)
+
         response = self.class.hackerone_api_connection.get do |req|
           options = {
-            "filter[state][]" => "new",
+            "filter[state][]" => state,
             "filter[program][]" => program,
             "filter[created_at__gt]" => since.iso8601
           }
@@ -88,6 +106,35 @@ module HackerOne
         end
       end
 
+      ## Public: create a new report
+      #
+      # title: The title of the report
+      # summary: Summary of the report
+      # impact: Impact of the report
+      # severity_rating: severity of report, must be one of https://api.hackerone.com/reference/#severity-ratings
+      # source: where the report came from, i.e. API, Bugcrowd, etc.
+      #
+      # returns an HackerOne::Client::Report object or raises an error if
+      # error during creation
+      def create_report(title:, summary:, impact:, severity_rating:, source:)
+        raise ArgumentError, "Program cannot be nil" unless program
+
+        data = {
+          "data": {
+            "type": "report",
+            "attributes": {
+              "team_handle": program,
+              "title": title,
+              "vulnerability_information": summary,
+              "impact": impact,
+              "severity_rating": severity_rating,
+              "source": source
+            }
+          }
+        }
+        Report.new(post("reports", data))
+      end
+
       ## Public: retrieve a report
       #
       # id: the ID of a specific report
@@ -102,7 +149,7 @@ module HackerOne
       def post(endpoint, body)
         response = with_retry do
           self.class.hackerone_api_connection.post do |req|
-            req.headers['Content-Type'] = 'application/json'
+            req.headers["Content-Type"] = "application/json"
             req.body = body.to_json
             req.url endpoint
           end
@@ -114,7 +161,7 @@ module HackerOne
       def get(endpoint, params = nil)
         response = with_retry do
           self.class.hackerone_api_connection.get do |req|
-            req.headers['Content-Type'] = 'application/json'
+            req.headers["Content-Type"] = "application/json"
             req.params = params || {}
             req.url endpoint
           end
@@ -129,7 +176,7 @@ module HackerOne
         elsif response.status.to_s.start_with?("5")
           raise RuntimeError, "API called failed, probably their fault: #{response.body}"
         elsif response.success?
-          response_body_json = JSON.parse(response.body, :symbolize_names => true)
+          response_body_json = JSON.parse(response.body, symbolize_names: true)
           if extract_data && response_body_json.key?(:data)
             response_body_json[:data]
           else
@@ -145,13 +192,13 @@ module HackerOne
           raise NotConfiguredError, "HACKERONE_TOKEN_NAME HACKERONE_TOKEN environment variables must be set"
         end
 
-        @connection ||= Faraday.new(:url => "https://api.hackerone.com/v1") do |faraday|
+        @connection ||= Faraday.new(url: "https://api.hackerone.com/v1") do |faraday|
           faraday.basic_auth(ENV["HACKERONE_TOKEN_NAME"], ENV["HACKERONE_TOKEN"])
           faraday.adapter Faraday.default_adapter
         end
       end
 
-      def with_retry(attempts=3, &block)
+      def with_retry(attempts = 3, &block)
         attempts_remaining = attempts
 
         begin

data/lib/hackerone/client/activity.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module HackerOne
   module Client
     module Activities
@@ -13,6 +15,12 @@ module HackerOne
           attributes.internal
         end
 
+        def attachments
+          @attachments ||= activity.relationships.fetch(:attachments, {})
+              .fetch(:data, [])
+              .map { |attachment| HackerOne::Client::Attachment.new(attachment) }
+        end
+
         private
 
         def relationships
@@ -83,15 +91,19 @@ module HackerOne
         delegate :message, :bounty_amount, :bonus_amount, to: :attributes
       end
 
+      class ReportLocked < Activity
+      end
+
       ACTIVITY_TYPE_CLASS_MAPPING = {
-        'activity-bounty-awarded' => BountyAwarded,
-        'activity-swag-awarded' => SwagAwarded,
-        'activity-user-assigned-to-bug' => UserAssignedToBug,
-        'activity-group-assigned-to-bug' => GroupAssignedToBug,
-        'activity-bug-triaged' => BugTriaged,
-        'activity-reference-id-added' => ReferenceIdAdded,
-        'activity-comment' => CommentAdded,
-        'activity-bounty-suggested' => BountySuggested
+        "activity-bounty-awarded" => BountyAwarded,
+        "activity-swag-awarded" => SwagAwarded,
+        "activity-user-assigned-to-bug" => UserAssignedToBug,
+        "activity-group-assigned-to-bug" => GroupAssignedToBug,
+        "activity-bug-triaged" => BugTriaged,
+        "activity-reference-id-added" => ReferenceIdAdded,
+        "activity-comment" => CommentAdded,
+        "activity-bounty-suggested" => BountySuggested,
+        "activity-comments-closed" => ReportLocked
       }.freeze
 
       def self.build(activity_data)

data/lib/hackerone/client/address.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module HackerOne
   module Client
     class Address

data/lib/hackerone/client/attachment.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module HackerOne
+  module Client
+    class Attachment
+      delegate :expiring_url, :file_name, :content_type, :created_at, \
+        :file_size, to: :attributes
+
+      def initialize(attachment)
+        @attachment = attachment
+      end
+
+      def id
+        @attachment[:id]
+      end
+
+      private
+
+      def attributes
+        OpenStruct.new(@attachment[:attributes])
+      end
+    end
+  end
+end

data/lib/hackerone/client/bounty.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module HackerOne
   module Client
     class Bounty

data/lib/hackerone/client/group.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module HackerOne
   module Client
     class Group

data/lib/hackerone/client/incremental/activities.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module HackerOne
   module Client
     module Incremental
@@ -48,7 +50,7 @@ module HackerOne
 
         def current_page
           @current_page ||= make_get_request(
-            'incremental/activities',
+            "incremental/activities",
             extract_data: false,
             params: {
               handle: program.handle,

data/lib/hackerone/client/member.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module HackerOne
   module Client
     class Member