hackerone-client 0.15.0 → 0.20.0

data/lib/hackerone/client/program.rb

@@ -1,4 +1,6 @@
-require_relative './resource_helper'
+# frozen_string_literal: true
+
+require_relative "./resource_helper"
 
 module HackerOne
   module Client
@@ -71,7 +73,7 @@ module HackerOne
           "programs/#{id}/swag",
           params: { page: { number: page_number, size: page_size } }
         )
-        response_body.map{|r| Swag.new(r, self) }
+        response_body.map { |r| Swag.new(r, self) }
       end
 
       private

data/lib/hackerone/client/report.rb

@@ -1,6 +1,8 @@
-require_relative './resource_helper'
-require_relative './weakness'
-require_relative './activity'
+# frozen_string_literal: true
+
+require_relative "./resource_helper"
+require_relative "./weakness"
+require_relative "./activity"
 
 module HackerOne
   module Client
@@ -24,6 +26,22 @@ module HackerOne
         duplicate
       ).map(&:to_sym).freeze
 
+      RESOLVED_STATES = %w(
+        resolved
+        not-applicable
+        informative
+        duplicate
+        spam
+      ).map(&:to_sym).freeze
+
+      SEVERITY_RATINGS = %w(
+        none
+        low
+        medium
+        high
+        critical
+      ).freeze
+
       class << self
         def add_on_state_change_hook(proc)
           on_state_change_hooks << proc
@@ -62,6 +80,10 @@ module HackerOne
         attributes[:issue_tracker_reference_id]
       end
 
+      def severity
+        attributes[:severity]
+      end
+
       def state
         attributes[:state]
       end
@@ -118,7 +140,13 @@ module HackerOne
 
       # Bounty writeups just use the key, and not the label value.
       def writeup_classification
-        classification_label().split("-").first
+        classification_label.split("-").first
+      end
+
+      def attachments
+        @attachments ||= relationships.fetch(:attachments, {})
+            .fetch(:data, [])
+            .map { |attachment| HackerOne::Client::Attachment.new(attachment) }
       end
 
       def activities
@@ -159,6 +187,23 @@ module HackerOne
         Swag.new(response_body, program)
       end
 
+      def update_severity(rating:)
+        raise ArgumentError, "Invalid severity rating" unless SEVERITY_RATINGS.include?(rating.to_s)
+
+        request_body = {
+          type: "severity",
+          attributes: {
+            rating: rating
+          }
+        }
+        response_body = make_post_request(
+          "reports/#{id}/severities",
+          request_body: request_body
+        )
+        @report[:attributes][:severity] = { rating: rating }
+        Activities.build(response_body)
+      end
+
       def suggest_bounty(message:, amount:, bonus_amount: nil)
         request_body = {
           message: message,
@@ -261,6 +306,19 @@ module HackerOne
         HackerOne::Client::Activities.build(response_json)
       end
 
+      def lock!
+        unless RESOLVED_STATES.include? self.state.to_sym
+          raise ArgumentError, "Report must be closed before locking"
+        end
+
+        body = {
+          type: "activity-comments-closed"
+        }
+
+        response_json = make_put_request("reports/#{id}/close_comments", request_body: body)
+        HackerOne::Client::Activities.build(response_json)
+      end
+
       def assign_to_user(name)
         member = program.find_member(name)
         _assign_to(member.user.id, :user)
@@ -304,7 +362,7 @@ module HackerOne
         request_body[:id] = assignee_id if assignee_id
 
         response = HackerOne::Client::Api.hackerone_api_connection.put do |req|
-          req.headers['Content-Type'] = 'application/json'
+          req.headers["Content-Type"] = "application/json"
           req.url "reports/#{id}/assignee"
           req.body = { data: request_body }.to_json
         end

data/lib/hackerone/client/reporter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module HackerOne
   module Client
     class Reporter

data/lib/hackerone/client/resource_helper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module HackerOne
   module Client
     module ResourceHelper
@@ -14,7 +16,7 @@ module HackerOne
 
       def make_put_request(url, request_body:, extract_data: true)
         response = HackerOne::Client::Api.hackerone_api_connection.put do |req|
-          req.headers['Content-Type'] = 'application/json'
+          req.headers["Content-Type"] = "application/json"
           req.url url
           req.body = { data: request_body }.to_json
         end
@@ -24,7 +26,7 @@ module HackerOne
 
       def make_post_request(url, request_body:, extract_data: true)
         response = HackerOne::Client::Api.hackerone_api_connection.post do |req|
-          req.headers['Content-Type'] = 'application/json'
+          req.headers["Content-Type"] = "application/json"
           req.url url
           req.body = { data: request_body }.to_json
         end
@@ -34,7 +36,7 @@ module HackerOne
 
       def make_get_request(url, params: {}, extract_data: true)
         response = HackerOne::Client::Api.hackerone_api_connection.get do |req|
-          req.headers['Content-Type'] = 'application/json'
+          req.headers["Content-Type"] = "application/json"
           req.url url
           req.params = params
         end

data/lib/hackerone/client/structured_scope.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module HackerOne
   module Client
     class StructuredScope

data/lib/hackerone/client/swag.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module HackerOne
   module Client
     class Swag

data/lib/hackerone/client/user.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module HackerOne
   module Client
     class User

data/lib/hackerone/client/version.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 module Hackerone
   module Client
-    VERSION = "0.15.0"
+    VERSION = "0.20.0"
   end
 end

data/lib/hackerone/client/weakness.rb

@@ -1,17 +1,19 @@
+# frozen_string_literal: true
+
 module HackerOne
   module Client
     class Weakness
       class << self
         def validate_cwe!(cwe)
-          fail NotAnOwaspWeaknessError if cwe.upcase.start_with?('CAPEC-')
-          fail StandardError::ArgumentError unless cwe.upcase.start_with?('CWE-')
+          fail NotAnOwaspWeaknessError if cwe.upcase.start_with?("CAPEC-")
+          fail StandardError::ArgumentError unless cwe.upcase.start_with?("CWE-")
         end
 
         def extract_cwe_number(cwe)
           return if cwe.nil?
           validate_cwe!(cwe)
 
-          cwe.split('CWE-').last.to_i
+          cwe.split("CWE-").last.to_i
         end
       end
 
@@ -39,20 +41,20 @@ module HackerOne
       }
 
       OWASP_TOP_10_2013_TO_CWE = {
-        'A1-Injection' => [77, 78, 88, 89, 90, 91, 564],
-        'A2-AuthSession' =>
+        "A1-Injection" => [77, 78, 88, 89, 90, 91, 564],
+        "A2-AuthSession" =>
           [287, 613, 522, 256, 384, 472, 346, 441, 523, 620, 640, 319, 311],
-        'A3-XSS' => [79],
-        'A4-DirectObjRef' => [639, 99, 22],
-        'A5-Misconfig' => [16, 2, 215, 548, 209],
-        'A6-DataExposure' => [312, 319, 310, 326, 320, 311, 325, 328, 327],
-        'A7-MissingACL' => [285, 287],
-        'A8-CSRF' => [352, 642, 613, 346, 441],
-        'A9-KnownVuln' => [],
-        'A10-Redirects' => [601],
+        "A3-XSS" => [79],
+        "A4-DirectObjRef" => [639, 99, 22],
+        "A5-Misconfig" => [16, 2, 215, 548, 209],
+        "A6-DataExposure" => [312, 319, 310, 326, 320, 311, 325, 328, 327],
+        "A7-MissingACL" => [285, 287],
+        "A8-CSRF" => [352, 642, 613, 346, 441],
+        "A9-KnownVuln" => [],
+        "A10-Redirects" => [601],
       }.freeze
 
-      OWASP_DEFAULT = 'A0-Other'.freeze
+      OWASP_DEFAULT = "A0-Other".freeze
 
       def initialize(weakness)
         @attributes = weakness

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hackerone-client
 version: !ruby/object:Gem::Version
-  version: 0.15.0
+  version: 0.20.0
 platform: ruby
 authors:
 - Neil Matatall
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-03-09 00:00:00.000000000 Z
+date: 2021-01-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -118,6 +118,7 @@ files:
 - ".github/workflows/build.yml"
 - ".gitignore"
 - ".rspec"
+- ".rubocop.yml"
 - ".travis.yml"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
@@ -141,12 +142,16 @@ files:
 - fixtures/vcr_cassettes/award_a_bounty.yml
 - fixtures/vcr_cassettes/award_swag.yml
 - fixtures/vcr_cassettes/common_responses.yml
+- fixtures/vcr_cassettes/create_report.yml
+- fixtures/vcr_cassettes/create_report_invalid.yml
 - fixtures/vcr_cassettes/dup.yml
 - fixtures/vcr_cassettes/empty_report_list.yml
+- fixtures/vcr_cassettes/lock_report.yml
 - fixtures/vcr_cassettes/missing_report.yml
 - fixtures/vcr_cassettes/programs.yml
 - fixtures/vcr_cassettes/report.yml
 - fixtures/vcr_cassettes/report_list.yml
+- fixtures/vcr_cassettes/report_list_triaged.yml
 - fixtures/vcr_cassettes/reporters.yml
 - fixtures/vcr_cassettes/server_error.yml
 - fixtures/vcr_cassettes/server_error_when_assigning_report_to_user.yml
@@ -158,11 +163,13 @@ files:
 - fixtures/vcr_cassettes/traverse_through_all_activities.yml
 - fixtures/vcr_cassettes/triage_and_hook_assign_report_to_user.yml
 - fixtures/vcr_cassettes/update_policy.yml
+- fixtures/vcr_cassettes/update_severity.yml
 - fixtures/vcr_cassettes/user_find_fransrosen.yml
 - hackerone-client.gemspec
 - lib/hackerone/client.rb
 - lib/hackerone/client/activity.rb
 - lib/hackerone/client/address.rb
+- lib/hackerone/client/attachment.rb
 - lib/hackerone/client/bounty.rb
 - lib/hackerone/client/group.rb
 - lib/hackerone/client/incremental/activities.rb