hackerone-client 0.17.0 → 0.21.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/build.yml +5 -4
- data/CHANGELOG.md +13 -0
- data/Gemfile +2 -2
- data/README.md +11 -2
- data/fixtures/vcr_cassettes/create_report.yml +81 -0
- data/fixtures/vcr_cassettes/create_report_invalid.yml +79 -0
- data/fixtures/vcr_cassettes/get_balance.yml +80 -0
- data/fixtures/vcr_cassettes/lock_report.yml +156 -0
- data/fixtures/vcr_cassettes/report.yml +22 -1
- data/fixtures/vcr_cassettes/report_list_before.yml +271 -0
- data/fixtures/vcr_cassettes/report_list_triaged.yml +77 -0
- data/lib/hackerone/client.rb +58 -5
- data/lib/hackerone/client/activity.rb +11 -1
- data/lib/hackerone/client/attachment.rb +24 -0
- data/lib/hackerone/client/billing_balance.rb +18 -0
- data/lib/hackerone/client/program.rb +7 -0
- data/lib/hackerone/client/report.rb +28 -1
- data/lib/hackerone/client/version.rb +1 -1
- metadata +10 -2
@@ -191,7 +191,28 @@ http_interactions:
|
|
191
191
|
},
|
192
192
|
"attachments": {
|
193
193
|
"data": [
|
194
|
-
|
194
|
+
{
|
195
|
+
"id": "936424",
|
196
|
+
"type": "attachment",
|
197
|
+
"attributes": {
|
198
|
+
"expiring_url": "https://redacted.aws.s3.link",
|
199
|
+
"created_at": "2020-08-04T18:34:09.446Z",
|
200
|
+
"file_name": "2182_FtX8VdFq.jpg",
|
201
|
+
"content_type": "image/jpeg",
|
202
|
+
"file_size": 653695
|
203
|
+
}
|
204
|
+
},
|
205
|
+
{
|
206
|
+
"id": "936425",
|
207
|
+
"type": "attachment",
|
208
|
+
"attributes": {
|
209
|
+
"expiring_url": "https://redacted.aws.s3.link",
|
210
|
+
"created_at": "2020-08-04T18:34:28.970Z",
|
211
|
+
"file_name": "swagger_parse.py",
|
212
|
+
"content_type": "text/x-python-script",
|
213
|
+
"file_size": 482
|
214
|
+
}
|
215
|
+
}
|
195
216
|
]
|
196
217
|
},
|
197
218
|
"vulnerability_types": {
|
@@ -0,0 +1,271 @@
|
|
1
|
+
---
|
2
|
+
http_interactions:
|
3
|
+
- request:
|
4
|
+
method: get
|
5
|
+
uri: https://api.hackerone.com/v1/reports?filter%5Bcreated_at__lt%5D=2017-02-11T16:00:44-10:00&filter%5Bprogram%5D%5B0%5D=github&filter%5Bstate%5D%5B0%5D=new
|
6
|
+
body:
|
7
|
+
encoding: US-ASCII
|
8
|
+
string: ''
|
9
|
+
headers:
|
10
|
+
Authorization:
|
11
|
+
- Basic ==
|
12
|
+
User-Agent:
|
13
|
+
- Faraday v1.3.0
|
14
|
+
Accept-Encoding:
|
15
|
+
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
|
16
|
+
Accept:
|
17
|
+
- "*/*"
|
18
|
+
response:
|
19
|
+
status:
|
20
|
+
code: 200
|
21
|
+
message: OK
|
22
|
+
headers:
|
23
|
+
Date:
|
24
|
+
- Tue, 26 Jan 2021 01:59:08 GMT
|
25
|
+
Content-Type:
|
26
|
+
- application/json; charset=utf-8
|
27
|
+
Transfer-Encoding:
|
28
|
+
- chunked
|
29
|
+
Connection:
|
30
|
+
- keep-alive
|
31
|
+
Set-Cookie:
|
32
|
+
- __cfduid=d1825b95f694de8ff5c78cb985c261f491611626346; expires=Thu, 25-Feb-21
|
33
|
+
01:59:06 GMT; path=/; Domain=api.hackerone.com; HttpOnly; SameSite=Lax; Secure
|
34
|
+
X-Request-Id:
|
35
|
+
- 3d4375bc-4de0-4760-85b8-003b3e09420d
|
36
|
+
Etag:
|
37
|
+
- W/"f33bd1b1c69b6617410c264d74fffa56"
|
38
|
+
Cache-Control:
|
39
|
+
- max-age=0, private, must-revalidate
|
40
|
+
Strict-Transport-Security:
|
41
|
+
- max-age=31536000; includeSubDomains; preload
|
42
|
+
X-Frame-Options:
|
43
|
+
- DENY
|
44
|
+
X-Content-Type-Options:
|
45
|
+
- nosniff
|
46
|
+
X-Xss-Protection:
|
47
|
+
- 1; mode=block
|
48
|
+
X-Download-Options:
|
49
|
+
- noopen
|
50
|
+
X-Permitted-Cross-Domain-Policies:
|
51
|
+
- none
|
52
|
+
Referrer-Policy:
|
53
|
+
- strict-origin-when-cross-origin
|
54
|
+
Expect-Ct:
|
55
|
+
- enforce, max-age=86400
|
56
|
+
Content-Security-Policy:
|
57
|
+
- 'default-src ''none''; base-uri ''self''; block-all-mixed-content; child-src
|
58
|
+
www.youtube-nocookie.com; connect-src ''self'' www.google-analytics.com errors.hackerone.net;
|
59
|
+
font-src ''self''; form-action ''self''; frame-ancestors ''none''; img-src
|
60
|
+
''self'' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com
|
61
|
+
profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com;
|
62
|
+
media-src ''self'' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com;
|
63
|
+
script-src ''self'' www.google-analytics.com; style-src ''self'' ''unsafe-inline'';
|
64
|
+
report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d'
|
65
|
+
Cf-Cache-Status:
|
66
|
+
- DYNAMIC
|
67
|
+
Cf-Request-Id:
|
68
|
+
- 07de0391de0000fda912ab2000000001
|
69
|
+
Server:
|
70
|
+
- cloudflare
|
71
|
+
Cf-Ray:
|
72
|
+
- 6176a1fc9fcefda9-PDX
|
73
|
+
body:
|
74
|
+
encoding: ASCII-8BIT
|
75
|
+
string: '{"data":[{"id":"440362","type":"report","attributes":{"title":"gewgwe","state":"new","created_at":"2016-11-13T23:01:55.070Z","vulnerability_information":"gewewg\n\n##
|
76
|
+
Impact\n\ngwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-13T23:01:55.139Z","first_program_activity_at":"2016-11-13T23:01:55.139Z","last_program_activity_at":"2016-11-13T23:01:55.139Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-13T23:01:55.139Z","last_activity_at":"2016-11-13T23:05:46.933Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
77
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
|
78
|
+
Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"240715","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-13T23:01:55.102Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
79
|
+
Underflow","description":"The software writes to a buffer using an index or
|
80
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"434162","type":"report","attributes":{"title":"fewew","state":"new","created_at":"2016-11-05T02:24:29.286Z","vulnerability_information":"fewfew\n\n##
|
81
|
+
Impact\n\nfewfwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-05T02:24:29.343Z","first_program_activity_at":"2016-11-05T02:24:29.343Z","last_program_activity_at":"2016-11-05T02:24:29.343Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"issue_tracker_reference_id":"abc","last_public_activity_at":"2016-11-05T02:24:29.343Z","last_activity_at":"2016-11-13T23:14:58.672Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
82
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
83
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"234626","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-05T02:24:29.316Z"}}},"weakness":{"data":{"id":"73","type":"weakness","attributes":{"name":"Phishing","description":"Phishing
|
84
|
+
is a social engineering technique where an attacker masquerades as a legitimate
|
85
|
+
entity with which the victim might do business in order to prompt the user
|
86
|
+
to reveal some confidential information (very frequently authentication credentials)
|
87
|
+
that can later be used by an attacker. Phishing is essentially a form of information
|
88
|
+
gathering or \"fishing\" for information.","external_id":"capec-98","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"434100","type":"report","attributes":{"title":"gewgwe","state":"new","created_at":"2016-11-04T20:11:35.887Z","vulnerability_information":"gewgew\n\n##
|
89
|
+
Impact\n\ngwegwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-04T20:11:36.005Z","first_program_activity_at":"2016-11-04T20:11:36.005Z","last_program_activity_at":"2016-11-04T20:11:36.005Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-04T20:11:36.005Z","last_activity_at":"2016-11-04T20:11:37.381Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
90
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"234571","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-04T20:11:35.963Z"}}},"weakness":{"data":{"id":"76","type":"weakness","attributes":{"name":"Malware","description":"An
|
91
|
+
adversary installs and executes malicious code on the target system in an
|
92
|
+
effort to achieve a negative technical impact.","external_id":"capec-549","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"434096","type":"report","attributes":{"title":"Testing","state":"new","created_at":"2016-11-04T19:50:18.883Z","vulnerability_information":"lfkjewjl\n\n##
|
93
|
+
Impact\n\nflejwljkwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-04T19:50:18.960Z","first_program_activity_at":"2016-11-04T19:50:18.960Z","last_program_activity_at":"2016-11-04T19:50:18.960Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-04T19:50:18.960Z","last_activity_at":"2016-11-04T19:50:18.960Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
94
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"234568","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-04T19:50:18.923Z"}}},"weakness":{"data":{"id":"76","type":"weakness","attributes":{"name":"Malware","description":"An
|
95
|
+
adversary installs and executes malicious code on the target system in an
|
96
|
+
effort to achieve a negative technical impact.","external_id":"capec-549","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15939","type":"structured-scope","attributes":{"asset_type":"HARDWARE","asset_identifier":"GitHub
|
97
|
+
Enterprise","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"GitHub
|
98
|
+
Enterprise is the on-premises version of GitHub. GitHub Enterprise shares
|
99
|
+
a code-base with GitHub.com, is built on Ruby on Rails and leverages a number
|
100
|
+
of open source technologies.\n\nGitHub Enterprise adds a number of features
|
101
|
+
for enterprise infrastructures. This includes additional authentication backends
|
102
|
+
and clustering options. Below is a subset of features unique to GitHub Enterprise
|
103
|
+
that might be interesting to investigate.\n\n- Instance-wide authentication
|
104
|
+
([*private mode*](https://help.github.com/enterprise/admin/guides/installation/enabling-private-mode/))\n-
|
105
|
+
External authentication backends including [CAS, LDAP, and SAML](https://help.github.com/enterprise/admin/guides/user-management/)\n-
|
106
|
+
In-app administration of the instance using a site administrator control panel\n-
|
107
|
+
[User, organization, and repository migration](https://help.github.com/enterprise/admin/guides/migrations/)\n-
|
108
|
+
[Web-based management console](https://help.github.com/enterprise/admin/guides/installation/web-based-management-console/)
|
109
|
+
and [SSH access](https://help.github.com/enterprise/admin/guides/installation/administrative-shell-ssh-access/)
|
110
|
+
to configure and update the instance\n- [Pre-receive hook scripts](https://help.github.com/enterprise/admin/guides/developer-workflow/creating-a-pre-receive-hook-script/)\n\nYou
|
111
|
+
can request a trial of GitHub Enterprise for security testing at [https://enterprise.github.com/bounty](https://enterprise.github.com/bounty).\n\n-
|
112
|
+
Resources and features provided by the latest patch release of each non-deprecated
|
113
|
+
version of the GitHub Enterprise virtual machine. Major versions of GitHub
|
114
|
+
Enterprise are deprecated one year after release. For more information see
|
115
|
+
[this list of releases](https://enterprise.github.com/releases/).\n- All listening
|
116
|
+
services hosted on a GitHub Enterprise instance. See [our documentation](https://help.github.com/enterprise/admin/guides/installation/network-ports-to-open/)
|
117
|
+
for a reference of ports typically opened on a GitHub Enterprise instance.\n-
|
118
|
+
Code de-obfuscation may be explored to further investigate GitHub Enterprise,
|
119
|
+
but only for the purpose of the bounty program. Bounty hunters still need
|
120
|
+
to abide by all of our other Bounty program rules and terms and the applicable
|
121
|
+
software license terms.\n\nIneligible submissions:\n- Vulnerabilities caused
|
122
|
+
by lack of subdomain isolation\n- Escalation to the root user via sudo\n-
|
123
|
+
Bypassing source code de-obfuscation\n","max_severity":"critical","created_at":"2016-10-29T20:48:48.915Z","updated_at":"2016-10-29T20:48:48.915Z","reference":""}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"430397","type":"report","attributes":{"title":"Demo
|
124
|
+
report: XSS in GitHub test home page","state":"new","created_at":"2016-10-29T18:07:20.617Z","vulnerability_information":"In
|
125
|
+
some ***fantasy world***, the home page of GitHub test is vulnerable to an
|
126
|
+
*imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2.
|
127
|
+
Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press
|
128
|
+
enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability
|
129
|
+
allows us to run an external script on your website that for example steals
|
130
|
+
the cookies of the users that''s facing the XSS and thus gaining access to
|
131
|
+
the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-01T18:07:30.449Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-01T18:07:30.449Z","last_activity_at":"2016-11-01T18:07:30.449Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo
|
132
|
+
Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"170761","type":"user","attributes":{"username":"philipturnbull","name":"Phil
|
133
|
+
Turnbull","disabled":false,"created_at":"2017-05-24T18:37:20.644Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/170/761/32db5fe3b68ab940c08762597cf6dc218ea569ab_original.jpeg/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/170/761/32db5fe3b68ab940c08762597cf6dc218ea569ab_original.jpeg/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbHhqIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--1288f07999072babe0cdf90162e1f6f7da35aa14/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9VWTI5dFltbHVaVjl2Y0hScGIyNXpld2c2REdkeVlYWnBkSGxKSWd0RFpXNTBaWElHT2daRlZEb0xjbVZ6YVhwbFNTSU5NVEV3ZURFeE1GNEdPd2RVT2dsamNtOXdTU0lRTVRFd2VERXhNQ3N3S3pBR093ZFUiLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--955e4ecf4dcd6b5873333833a7d869bd60c7dd7b/45588_orig.jpeg","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbHhqIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--1288f07999072babe0cdf90162e1f6f7da35aa14/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/45588_orig.jpeg"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
134
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
135
|
+
or using an array index, but the product does not validate or incorrectly
|
136
|
+
validates the index to ensure the index references a valid position within
|
137
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425480","type":"report","attributes":{"title":"greg","state":"new","created_at":"2016-10-18T20:05:44.316Z","vulnerability_information":"gregr\n\n##
|
138
|
+
Impact\n\ngregre","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-18T20:05:44.403Z","first_program_activity_at":"2016-10-18T20:05:44.403Z","last_program_activity_at":"2016-10-18T20:05:44.403Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-18T20:05:44.403Z","last_activity_at":"2016-10-18T20:08:09.264Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
139
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
|
140
|
+
Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225991","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-18T20:05:44.360Z"}}},"weakness":{"data":{"id":"9","type":"weakness","attributes":{"name":"Buffer
|
141
|
+
Over-read","description":"The software reads from a buffer using buffer access
|
142
|
+
mechanisms such as indexes or pointers that reference memory locations after
|
143
|
+
the targeted buffer.","external_id":"cwe-126","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425470","type":"report","attributes":{"title":"htht","state":"new","created_at":"2016-10-18T19:13:48.758Z","vulnerability_information":"htrhtr\n\n##
|
144
|
+
Impact\n\nhrthht","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-18T19:13:48.849Z","first_program_activity_at":"2016-10-18T19:13:48.849Z","last_program_activity_at":"2016-10-18T19:13:48.849Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-18T19:13:48.849Z","last_activity_at":"2016-10-18T19:13:51.079Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
145
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225980","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-18T19:13:48.798Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer
|
146
|
+
Under-read","description":"The software reads from a buffer using buffer access
|
147
|
+
mechanisms such as indexes or pointers that reference memory locations prior
|
148
|
+
to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425425","type":"report","attributes":{"title":"fewfewfew","state":"new","created_at":"2016-10-18T17:02:37.361Z","vulnerability_information":"fwefawefe\n\n##
|
149
|
+
Impact\n\nfewfewfew","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2019-09-19T05:23:10.079Z","first_program_activity_at":"2016-10-18T17:02:37.427Z","last_program_activity_at":"2019-09-19T05:24:01.166Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2019-09-19T05:24:01.166Z","last_activity_at":"2019-09-19T05:24:01.166Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
150
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"519534","type":"severity","attributes":{"rating":"low","author_type":"Team","user_id":516261,"created_at":"2019-09-19T05:24:01.145Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
151
|
+
Underflow","description":"The software writes to a buffer using an index or
|
152
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425399","type":"report","attributes":{"title":"htehre","state":"new","created_at":"2016-10-18T15:34:27.207Z","vulnerability_information":"hrehreh\n\n##
|
153
|
+
Impact\n\nhreherrehrhh","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-18T15:34:27.260Z","first_program_activity_at":"2016-10-18T15:34:27.260Z","last_program_activity_at":"2016-10-18T15:34:27.260Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-18T15:34:27.260Z","last_activity_at":"2016-10-18T15:35:58.276Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
154
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225912","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-18T15:34:27.234Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
155
|
+
Underflow","description":"The software writes to a buffer using an index or
|
156
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425184","type":"report","attributes":{"title":"htrhtr","state":"new","created_at":"2016-10-17T23:23:07.652Z","vulnerability_information":"htrhrt\n\n##
|
157
|
+
Impact\n\nhtrhtr","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-17T23:23:07.736Z","first_program_activity_at":"2016-10-17T23:23:07.736Z","last_program_activity_at":"2016-10-17T23:23:07.736Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-17T23:23:07.736Z","last_activity_at":"2016-10-17T23:26:41.323Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
158
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
|
159
|
+
Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225660","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-17T23:23:07.689Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer
|
160
|
+
Under-read","description":"The software reads from a buffer using buffer access
|
161
|
+
mechanisms such as indexes or pointers that reference memory locations prior
|
162
|
+
to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"424694","type":"report","attributes":{"title":"gregre","state":"new","created_at":"2016-10-16T16:16:11.476Z","vulnerability_information":"gregregre\n\n##
|
163
|
+
Impact\n\ngregerg","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-16T16:16:11.543Z","first_program_activity_at":"2016-10-16T16:16:11.543Z","last_program_activity_at":"2016-10-16T16:16:11.543Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-16T16:16:11.543Z","last_activity_at":"2016-10-16T16:16:46.459Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
164
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225129","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-16T16:16:11.512Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer
|
165
|
+
Under-read","description":"The software reads from a buffer using buffer access
|
166
|
+
mechanisms such as indexes or pointers that reference memory locations prior
|
167
|
+
to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415344","type":"report","attributes":{"title":"htrhtr","state":"new","created_at":"2016-09-27T16:32:05.063Z","vulnerability_information":"thrhtrhtr\n\n##
|
168
|
+
Impact\n\nthrrthtr","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-27T16:32:05.126Z","first_program_activity_at":"2016-09-27T16:32:05.126Z","last_program_activity_at":"2016-09-27T16:32:05.126Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"issue_tracker_reference_id":"12","last_public_activity_at":"2016-09-27T16:32:05.126Z","last_activity_at":"2016-09-27T17:12:54.153Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
169
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
|
170
|
+
Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215876","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-27T16:32:05.095Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute
|
171
|
+
Force","description":"The software does not implement sufficient measures
|
172
|
+
to prevent multiple failed authentication attempts within in a short time
|
173
|
+
frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415144","type":"report","attributes":{"title":"htrh","state":"new","created_at":"2016-09-27T01:00:56.238Z","vulnerability_information":"hhtrhrt\n\n##
|
174
|
+
Impact\n\nhtr","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-27T01:00:56.317Z","first_program_activity_at":"2016-09-27T01:00:56.317Z","last_program_activity_at":"2016-09-27T01:01:24.428Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-27T01:01:24.428Z","last_activity_at":"2016-09-27T01:01:25.509Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":28,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
175
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
176
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215668","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-27T01:00:56.277Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
177
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
178
|
+
or using an array index, but the product does not validate or incorrectly
|
179
|
+
validates the index to ensure the index references a valid position within
|
180
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415133","type":"report","attributes":{"title":"k78k87","state":"new","created_at":"2016-09-26T23:51:35.228Z","vulnerability_information":"k87k87k87\n\n##
|
181
|
+
Impact\n\nk8787kk7k7k78likuj","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-26T23:51:35.299Z","first_program_activity_at":"2016-09-26T23:51:35.299Z","last_program_activity_at":"2016-09-27T00:05:08.131Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-27T00:05:08.131Z","last_activity_at":"2016-09-27T00:05:08.723Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":812,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
182
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
183
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215658","type":"severity","attributes":{"rating":"high","author_type":"User","user_id":175595,"created_at":"2016-09-26T23:51:35.266Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
184
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
185
|
+
or using an array index, but the product does not validate or incorrectly
|
186
|
+
validates the index to ensure the index references a valid position within
|
187
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415035","type":"report","attributes":{"title":"greergregreg","state":"new","created_at":"2016-09-26T19:49:53.207Z","vulnerability_information":"ergrgre\n\n##
|
188
|
+
Impact\n\ngregreer","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-26T19:49:53.410Z","first_program_activity_at":"2016-09-26T19:49:53.410Z","last_program_activity_at":"2016-09-26T19:53:19.020Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-26T19:53:19.020Z","last_activity_at":"2016-09-26T19:53:20.310Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":205,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
189
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
190
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215530","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-26T19:49:53.250Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute
|
191
|
+
Force","description":"The software does not implement sufficient measures
|
192
|
+
to prevent multiple failed authentication attempts within in a short time
|
193
|
+
frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412631","type":"report","attributes":{"title":"jt","state":"new","created_at":"2016-09-22T00:33:43.979Z","vulnerability_information":"yjt\n\n##
|
194
|
+
Impact\n\ntyj","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:33:44.071Z","first_program_activity_at":"2016-09-22T00:33:44.071Z","last_program_activity_at":"2016-09-22T00:33:56.364Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:33:56.364Z","last_activity_at":"2016-09-22T00:33:57.403Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":0,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
195
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
196
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213177","type":"severity","attributes":{"rating":"critical","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:33:44.028Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer
|
197
|
+
Under-read","description":"The software reads from a buffer using buffer access
|
198
|
+
mechanisms such as indexes or pointers that reference memory locations prior
|
199
|
+
to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412630","type":"report","attributes":{"title":"hfg","state":"new","created_at":"2016-09-22T00:32:25.134Z","vulnerability_information":"ghgfh\n\n##
|
200
|
+
Impact\n\nhgfgfh","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:32:25.284Z","first_program_activity_at":"2016-09-22T00:32:25.284Z","last_program_activity_at":"2016-09-22T00:32:25.284Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:32:25.284Z","last_activity_at":"2016-09-22T00:32:25.284Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
201
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213176","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:32:25.185Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
202
|
+
Underflow","description":"The software writes to a buffer using an index or
|
203
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412629","type":"report","attributes":{"title":"hfghgfh","state":"new","created_at":"2016-09-22T00:31:06.361Z","vulnerability_information":"hfghfg\n\n##
|
204
|
+
Impact\n\nhgfgh","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:31:06.480Z","first_program_activity_at":"2016-09-22T00:31:06.480Z","last_program_activity_at":"2016-09-22T00:31:21.708Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:31:21.708Z","last_activity_at":"2016-09-22T00:31:23.038Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":0,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
205
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
206
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213175","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:31:06.427Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
207
|
+
Underflow","description":"The software writes to a buffer using an index or
|
208
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412628","type":"report","attributes":{"title":"fgdgfdfgd","state":"new","created_at":"2016-09-22T00:29:45.651Z","vulnerability_information":"gfdgfdfggfd\n\n##
|
209
|
+
Impact\n\nfgdfgdfgdfgd","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:29:45.767Z","first_program_activity_at":"2016-09-22T00:29:45.767Z","last_program_activity_at":"2016-09-22T00:30:17.747Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:30:17.747Z","last_activity_at":"2016-09-22T00:30:18.925Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":0,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
210
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
211
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213174","type":"severity","attributes":{"rating":"high","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:29:45.705Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
212
|
+
Underflow","description":"The software writes to a buffer using an index or
|
213
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412553","type":"report","attributes":{"title":"fgdfgdfgd","state":"new","created_at":"2016-09-21T19:00:54.504Z","vulnerability_information":"gfdgfdfgd\n\n##
|
214
|
+
Impact\n\nfgdgfd","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-21T19:00:54.614Z","first_program_activity_at":"2016-09-21T19:00:54.614Z","last_program_activity_at":"2016-09-22T00:28:56.690Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:28:56.690Z","last_activity_at":"2016-09-22T00:28:58.458Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":17945,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
215
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
216
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213079","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-21T19:00:54.556Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute
|
217
|
+
Force","description":"The software does not implement sufficient measures
|
218
|
+
to prevent multiple failed authentication attempts within in a short time
|
219
|
+
frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"411276","type":"report","attributes":{"title":"Demo
|
220
|
+
report: XSS in GitHub test home page","state":"new","created_at":"2016-09-18T22:37:10.591Z","vulnerability_information":"In
|
221
|
+
some ***fantasy world***, the home page of GitHub test is vulnerable to an
|
222
|
+
*imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2.
|
223
|
+
Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press
|
224
|
+
enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability
|
225
|
+
allows us to run an external script on your website that for example steals
|
226
|
+
the cookies of the users that''s facing the XSS and thus gaining access to
|
227
|
+
the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-21T22:37:12.860Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-21T22:37:12.860Z","last_activity_at":"2016-09-21T22:37:12.860Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo
|
228
|
+
Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
|
229
|
+
Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
230
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
231
|
+
or using an array index, but the product does not validate or incorrectly
|
232
|
+
validates the index to ensure the index references a valid position within
|
233
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"411263","type":"report","attributes":{"title":"Demo
|
234
|
+
report: XSS in GitHub test home page","state":"new","created_at":"2016-09-18T21:17:14.574Z","vulnerability_information":"In
|
235
|
+
some ***fantasy world***, the home page of GitHub test is vulnerable to an
|
236
|
+
*imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2.
|
237
|
+
Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press
|
238
|
+
enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability
|
239
|
+
allows us to run an external script on your website that for example steals
|
240
|
+
the cookies of the users that''s facing the XSS and thus gaining access to
|
241
|
+
the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-21T21:17:28.659Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-21T21:17:28.659Z","last_activity_at":"2016-09-21T21:17:28.659Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo
|
242
|
+
Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
243
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
244
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
245
|
+
or using an array index, but the product does not validate or incorrectly
|
246
|
+
validates the index to ensure the index references a valid position within
|
247
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"391124","type":"report","attributes":{"title":"HACK
|
248
|
+
FOUND","state":"new","created_at":"2016-08-07T00:13:41.128Z","vulnerability_information":"YOU
|
249
|
+
HAVE BEEN HACKED LOLOLOLOL\n\n## Impact\n\nHACK YOU","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-08-07T00:13:41.292Z","first_program_activity_at":"2016-08-07T00:13:41.292Z","last_program_activity_at":"2016-08-07T00:13:41.292Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-08-07T00:13:41.292Z","last_activity_at":"2016-08-07T00:13:41.292Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"291079","type":"user","attributes":{"username":"rzhade3","name":"Rahul
|
250
|
+
Zhade","disabled":false,"created_at":"2016-06-12T17:43:40.852Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBdW1YIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--ccec2bdbe3c2291cc1ccf84fb84723b0809a1cb6/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/octocat.png"},"bio":"Application
|
251
|
+
Security @GitHub","website":"https://zhade.dev","location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"192505","type":"severity","attributes":{"rating":"critical","author_type":"User","user_id":291079,"created_at":"2016-08-07T00:13:41.194Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute
|
252
|
+
Force","description":"The software does not implement sufficient measures
|
253
|
+
to prevent multiple failed authentication attempts within in a short time
|
254
|
+
frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"389780","type":"report","attributes":{"title":"Demo
|
255
|
+
report: XSS in GitHub test home page","state":"new","created_at":"2016-08-02T21:24:11.500Z","vulnerability_information":"In
|
256
|
+
some ***fantasy world***, the home page of GitHub test is vulnerable to an
|
257
|
+
*imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2.
|
258
|
+
Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press
|
259
|
+
enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability
|
260
|
+
allows us to run an external script on your website that for example steals
|
261
|
+
the cookies of the users that''s facing the XSS and thus gaining access to
|
262
|
+
the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-08-05T21:24:26.989Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-08-05T21:24:26.989Z","last_activity_at":"2016-08-05T21:24:26.989Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":"2016-09-14T21:24:11.500Z","timer_first_program_response_miss_at":"2016-08-03T21:24:11.500Z","timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":"2016-09-14T21:24:11.500Z","timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":"2016-08-06T21:24:11.500Z","timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo
|
263
|
+
Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"291079","type":"user","attributes":{"username":"rzhade3","name":"Rahul
|
264
|
+
Zhade","disabled":false,"created_at":"2016-06-12T17:43:40.852Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBdW1YIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--ccec2bdbe3c2291cc1ccf84fb84723b0809a1cb6/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/octocat.png"},"signal":null,"impact":null,"reputation":null,"bio":"Application
|
265
|
+
Security @GitHub","website":"https://zhade.dev","location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
266
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
267
|
+
or using an array index, but the product does not validate or incorrectly
|
268
|
+
validates the index to ensure the index references a valid position within
|
269
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}}],"links":{}}'
|
270
|
+
recorded_at: Tue, 26 Jan 2021 01:59:08 GMT
|
271
|
+
recorded_with: VCR 6.0.0
|
@@ -0,0 +1,77 @@
|
|
1
|
+
---
|
2
|
+
http_interactions:
|
3
|
+
- request:
|
4
|
+
method: get
|
5
|
+
uri: https://api.hackerone.com/v1/reports?filter%5Bcreated_at__gt%5D=2017-02-11T16:00:44-10:00&filter%5Bprogram%5D%5B0%5D=github&filter%5Bstate%5D%5B0%5D=triaged
|
6
|
+
body:
|
7
|
+
encoding: US-ASCII
|
8
|
+
string: ''
|
9
|
+
headers:
|
10
|
+
Authorization:
|
11
|
+
- Basic NOPE
|
12
|
+
User-Agent:
|
13
|
+
- Faraday v1.0.0
|
14
|
+
Accept-Encoding:
|
15
|
+
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
|
16
|
+
Accept:
|
17
|
+
- "*/*"
|
18
|
+
response:
|
19
|
+
status:
|
20
|
+
code: 200
|
21
|
+
message: OK
|
22
|
+
headers:
|
23
|
+
Date:
|
24
|
+
- Tue, 24 Mar 2020 14:11:47 GMT
|
25
|
+
Content-Type:
|
26
|
+
- application/json; charset=utf-8
|
27
|
+
Transfer-Encoding:
|
28
|
+
- chunked
|
29
|
+
Connection:
|
30
|
+
- keep-alive
|
31
|
+
Set-Cookie:
|
32
|
+
- __cfduid=dabd0c152e7e92db1c896d18efb3473911585059107; expires=Thu, 23-Apr-20
|
33
|
+
14:11:47 GMT; path=/; Domain=api.hackerone.com; HttpOnly; SameSite=Lax; Secure
|
34
|
+
X-Request-Id:
|
35
|
+
- 5ead5fa1-86fb-4b8f-ae8b-755d0b08b40c
|
36
|
+
Etag:
|
37
|
+
- W/"a9d3a797dc03972084547d21d1a4ebcd"
|
38
|
+
Cache-Control:
|
39
|
+
- max-age=0, private, must-revalidate
|
40
|
+
Strict-Transport-Security:
|
41
|
+
- max-age=31536000; includeSubDomains; preload
|
42
|
+
X-Frame-Options:
|
43
|
+
- DENY
|
44
|
+
X-Content-Type-Options:
|
45
|
+
- nosniff
|
46
|
+
X-Xss-Protection:
|
47
|
+
- 1; mode=block
|
48
|
+
X-Download-Options:
|
49
|
+
- noopen
|
50
|
+
X-Permitted-Cross-Domain-Policies:
|
51
|
+
- none
|
52
|
+
Referrer-Policy:
|
53
|
+
- strict-origin-when-cross-origin
|
54
|
+
Expect-Ct:
|
55
|
+
- enforce, max-age=86400
|
56
|
+
Content-Security-Policy:
|
57
|
+
- 'default-src ''none''; base-uri ''self''; block-all-mixed-content; child-src
|
58
|
+
www.youtube-nocookie.com; connect-src ''self'' www.google-analytics.com errors.hackerone.net;
|
59
|
+
font-src ''self''; form-action ''self''; frame-ancestors ''none''; img-src
|
60
|
+
''self'' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com
|
61
|
+
profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com;
|
62
|
+
media-src ''self'' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com;
|
63
|
+
script-src ''self'' www.google-analytics.com; style-src ''self'' ''unsafe-inline'';
|
64
|
+
report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598'
|
65
|
+
Cf-Cache-Status:
|
66
|
+
- DYNAMIC
|
67
|
+
Server:
|
68
|
+
- cloudflare
|
69
|
+
Cf-Ray:
|
70
|
+
- 5790fbbbb977e4d8-ATL
|
71
|
+
body:
|
72
|
+
encoding: ASCII-8BIT
|
73
|
+
string: !binary |-
|
74
|
+
eyJkYXRhIjpbeyJpZCI6IjgxNTA5OSIsInR5cGUiOiJyZXBvcnQiLCJhdHRyaWJ1dGVzIjp7InRpdGxlIjoiSmFsIiwic3RhdGUiOiJ0cmlhZ2VkIiwiY3JlYXRlZF9hdCI6IjIwMjAtMDMtMDlUMTQ6NDU6MzIuNzQxWiIsInZ1bG5lcmFiaWxpdHlfaW5mb3JtYXRpb24iOiJLYWxcblxuIyMgSW1wYWN0XG5cbkxhbCIsInRyaWFnZWRfYXQiOiIyMDIwLTAzLTI0VDE0OjExOjM3LjcxMloiLCJjbG9zZWRfYXQiOm51bGwsImxhc3RfcmVwb3J0ZXJfYWN0aXZpdHlfYXQiOiIyMDIwLTAzLTI0VDE0OjExOjM3LjcxMloiLCJmaXJzdF9wcm9ncmFtX2FjdGl2aXR5X2F0IjoiMjAyMC0wMy0wOVQxNDo0NTozMi43OTZaIiwibGFzdF9wcm9ncmFtX2FjdGl2aXR5X2F0IjoiMjAyMC0wMy0yNFQxNDoxMTozNy43MTJaIiwiYm91bnR5X2F3YXJkZWRfYXQiOm51bGwsInN3YWdfYXdhcmRlZF9hdCI6bnVsbCwiZGlzY2xvc2VkX2F0IjpudWxsLCJyZXBvcnRlcl9hZ3JlZWRfb25fZ29pbmdfcHVibGljX2F0IjpudWxsLCJsYXN0X3B1YmxpY19hY3Rpdml0eV9hdCI6IjIwMjAtMDMtMjRUMTQ6MTE6MzcuNzEyWiIsImxhc3RfYWN0aXZpdHlfYXQiOiIyMDIwLTAzLTI0VDE0OjExOjM3LjcxMloiLCJzb3VyY2UiOm51bGx9LCJyZWxhdGlvbnNoaXBzIjp7InJlcG9ydGVyIjp7ImRhdGEiOnsiaWQiOiIyOTEwNzkiLCJ0eXBlIjoidXNlciIsImF0dHJpYnV0ZXMiOnsidXNlcm5hbWUiOiJyemhhZGUzIiwibmFtZSI6IlJhaHVsIFpoYWRlIiwiZGlzYWJsZWQiOmZhbHNlLCJjcmVhdGVkX2F0IjoiMjAxOC0wNi0xMlQxNzo0Mzo0MC44NTJaIiwicHJvZmlsZV9waWN0dXJlIjp7IjYyeDYyIjoiaHR0cHM6Ly9wcm9maWxlLXBob3Rvcy5oYWNrZXJvbmUtdXNlci1jb250ZW50LmNvbS92YXJpYW50cy8wMDAvMjkxLzA3OS9iNzljM2MzNDMxMzBiZDYzMTEzMWY2OTBlMmYwNGJjMGQxZmRlOGJmX29yaWdpbmFsLnBuZy8zYWZjYjVjODk2MjQ3ZTdlZThhZGEzMWIxYzFlYjg2NTdlMjIyNDFmOTExMDkzYWNmZTRlYzdlOTdhM2E5NTlhIiwiODJ4ODIiOiJodHRwczovL3Byb2ZpbGUtcGhvdG9zLmhhY2tlcm9uZS11c2VyLWNvbnRlbnQuY29tL3ZhcmlhbnRzLzAwMC8yOTEvMDc5L2I3OWMzYzM0MzEzMGJkNjMxMTMxZjY5MGUyZjA0YmMwZDFmZGU4YmZfb3JpZ2luYWwucG5nL2ViMzE4MjNhNGNjOWY2YjZiYjRkYjkzMGZmZGY1MTI1MzM5MjhhNjhhNDI1NWZiNTBhODMxODAyODFhNjBkYTUiLCIxMTB4MTEwIjoiaHR0cHM6Ly9wcm9maWxlLXBob3Rvcy5oYWNrZXJvbmUtdXNlci1jb250ZW50LmNvbS92YXJpYW50cy8wMDAvMjkxLzA3OS9iNzljM2MzNDMxMzBiZDYzMTEzMWY2OTBlMmYwNGJjMGQxZmRlOGJmX29yaWdpbmFsLnBuZy82OTIyMzdlYjk2OTFmYmRlOTJhMTcxNzRjZGI4MDlhNzg4YWNlMDJiYzc3YzcyODAzZjE3ZDMyYjQxZTRmMjEzIiwiMjYweDI2MCI6Imh0dHBzOi8vcHJvZmlsZS1waG90b3MuaGFja2Vyb25lLXVzZXItY29udGVudC5jb20vdmFyaWFudHMvMDAwLzI5MS8wNzkvYjc5YzNjMzQzMTMwYmQ2MzExMzFmNjkwZTJmMDRiYzBkMWZkZThiZl9vcmlnaW5hbC5wbmcvY2YxZTRiNWQ0NDAwNWNiNjFmYWIzNThkZDY5Njg0MTVmMjA1NDVkZTVmMDU1YmE0ZWQzM2NhNDM4Nzk0OGNkYyJ9LCJiaW8iOiJBcHBsaWNhdGlvbiBTZWN1cml0eSBAR2l0SHViIiwid2Vic2l0ZSI6Imh0dHBzOi8vemhhZGUuZGV2IiwibG9jYXRpb24iOiIiLCJoYWNrZXJvbmVfdHJpYWdlciI6ZmFsc2V9fX0sImFzc2lnbmVlIjp7ImRhdGEiOnsiaWQiOiI4NTA0OSIsInR5cGUiOiJ1c2VyIiwiYXR0cmlidXRlcyI6eyJ1c2VybmFtZSI6ImJyZW50am8tZ2giLCJuYW1lIjoiQnJlbnQgSm9obnNvbiIsImRpc2FibGVkIjpmYWxzZSwiY3JlYXRlZF9hdCI6IjIwMTYtMDYtMTRUMjA6MDE6MzAuODkxWiIsInByb2ZpbGVfcGljdHVyZSI6eyI2Mng2MiI6Ii9hc3NldHMvYXZhdGFycy9kZWZhdWx0LTcxYTMwMmQ3MDY0NTdmM2QzYTMxZWIzMGZhM2U3M2U2Y2YwYjFkNjc3YjhmYTIxOGVhZWFmZmQ2N2FlOTc5MTgucG5nIiwiODJ4ODIiOiIvYXNzZXRzL2F2YXRhcnMvZGVmYXVsdC03MWEzMDJkNzA2NDU3ZjNkM2EzMWViMzBmYTNlNzNlNmNmMGIxZDY3N2I4ZmEyMThlYWVhZmZkNjdhZTk3OTE4LnBuZyIsIjExMHgxMTAiOiIvYXNzZXRzL2F2YXRhcnMvZGVmYXVsdC03MWEzMDJkNzA2NDU3ZjNkM2EzMWViMzBmYTNlNzNlNmNmMGIxZDY3N2I4ZmEyMThlYWVhZmZkNjdhZTk3OTE4LnBuZyIsIjI2MHgyNjAiOiIvYXNzZXRzL2F2YXRhcnMvZGVmYXVsdC03MWEzMDJkNzA2NDU3ZjNkM2EzMWViMzBmYTNlNzNlNmNmMGIxZDY3N2I4ZmEyMThlYWVhZmZkNjdhZTk3OTE4LnBuZyJ9LCJzaWduYWwiOm51bGwsImltcGFjdCI6bnVsbCwicmVwdXRhdGlvbiI6bnVsbCwiYmlvIjoiIiwid2Vic2l0ZSI6bnVsbCwibG9jYXRpb24iOiIiLCJoYWNrZXJvbmVfdHJpYWdlciI6ZmFsc2V9fX0sInByb2dyYW0iOnsiZGF0YSI6eyJpZCI6IjExNzY3IiwidHlwZSI6InByb2dyYW0iLCJhdHRyaWJ1dGVzIjp7ImhhbmRsZSI6ImdpdGh1Yi10ZXN0IiwicG9saWN5IjoiIyBHaXRIdWIgVGVzdCBCdWcgQm91bnR5XHJcblxyXG5Tb2Z0d2FyZSBzZWN1cml0eSByZXNlYXJjaGVycyBhcmUgaW5jcmVhc2luZ2x5IGVuZ2FnaW5nIHdpdGggSW50ZXJuZXQgY29tcGFuaWVzIHRvIGh1bnQgZG93biB2dWxuZXJhYmlsaXRpZXMuIE91ciBib3VudHkgcHJvZ3JhbSBnaXZlcyBhIHRpcCBvZiB0aGUgaGF0IHRvIHRoZXNlIHJlc2VhcmNoZXJzIGFuZCBwcm92aWRlcyByZXdhcmRzIG9mICAkMzAsMDAwIG9yIG1vcmUgZm9yIGNyaXRpY2FsIHZ1bG5lcmFiaWxpdGllcy5cclxuXHJcblxyXG5Zb3UgY2FuIGZpbmQgbW9yZSBpbmZvcm1hdGlvbiBpbiBvdXIgW3J1bGVzXShodHRwczovL2JvdW50eS5naXRodWIuY29tLyNydWxlcyksIFtzY29wZV0oaHR0cHM6Ly9ib3VudHkuZ2l0aHViLmNvbS8jc2NvcGUpLCBbdGFyZ2V0c10oaHR0cHM6Ly9ib3VudHkuZ2l0aHViLmNvbS8jdGFyZ2V0cyksIGFuZCBbRkFRXShodHRwczovL2JvdW50eS5naXRodWIuY29tLyNmYXFzKSBzZWN0aW9ucy4gWW91IGNhbiBhbHNvIGNoZWNrIHRoZSBjdXJyZW50IHJhbmtpbmdzIG9uIHRoZSBbbGVhZGVyYm9hcmRdKGh0dHBzOi8vYm91bnR5LmdpdGh1Yi5jb20vI2xlYWRlcmJvYXJkKS5cclxuXHJcbkhhcHB5IGhhY2tpbmchXHJcblxyXG5cclxuIyMgUnVsZXNcclxuXHJcbiMjIyBCZWZvcmUgeW91IHN0YXJ0XHJcblxyXG4qIENoZWNrIHRoZSBsaXN0IG9mIGJ1Z3MgdGhhdCBoYXZlIGJlZW4gW2NsYXNzaWZpZWQgYXMgaW5lbGlnaWJsZV0oaHR0cHM6Ly9ib3VudHkuZ2l0aHViLmNvbS9pbmVsaWdpYmxlLmh0bWwpLiBTdWJtaXNzaW9ucyB3aGljaCBhcmUgaW5lbGlnaWJsZSB3aWxsIGxpa2VseSBiZSBjbG9zZWQgYXMgYE5vdCBBcHBsaWNhYmxlYC5cclxuKiBDaGVjayB0aGUgW0dpdEh1YiBDaGFuZ2Vsb2ddKGh0dHBzOi8vZ2l0aHViLmJsb2cvY2hhbmdlbG9nLykgZm9yIHJlY2VudGx5IGxhdW5jaGVkIGZlYXR1cmVzLlxyXG4qIE5ldmVyIGF0dGVtcHQgbm9uLXRlY2huaWNhbCBhdHRhY2tzIHN1Y2ggYXMgc29jaWFsIGVuZ2luZWVyaW5nLCBwaGlzaGluZywgb3IgcGh5c2ljYWwgYXR0YWNrcyBhZ2FpbnN0IG91ciBlbXBsb3llZXMsIHVzZXJzLCBvciBpbmZyYXN0cnVjdHVyZS5cclxuKiBXaGVuIGluIGRvdWJ0LCBjb250YWN0IHVzIGF0IGBib3VudHlAZ2l0aHViLmNvbWAuXHJcbiogQnkgcGFydGljaXBhdGluZyBpbiBHaXRIdWIncyBCdWcgQm91bnR5IHByb2dyYW0gKHRoZSBcIlByb2dyYW1cIiksIHlvdSBhY2tub3dsZWRnZSB0aGF0IHlvdSBoYXZlIHJlYWQgYW5kIGFncmVlIHRvIEdpdEh1YidzIFtUZXJtcyBvZiBTZXJ2aWNlXShodHRwczovL2hlbHAuZ2l0aHViLmNvbS9hcnRpY2xlcy9naXRodWItdGVybXMtb2Ytc2VydmljZSkgYXMgd2VsbCBhcyB0aGUgZm9sbG93aW5nOlxyXG5cclxuICAqIHlvdSdyZSBub3QgcGFydGljaXBhdGluZyBmcm9tIGEgY291bnRyeSBhZ2FpbnN0IHdoaWNoIHRoZSBVbml0ZWQgU3RhdGVzIGhhcyBpc3N1ZWQgZXhwb3J0IHNhbmN0aW9ucyBvciBvdGhlciB0cmFkZSByZXN0cmljdGlvbnMsIGluY2x1ZGluZyBDdWJhLCBJcmFuLCBOb3J0aCBLb3JlYSwgU3VkYW4sIGFuZCBTeXJpYS5cclxuXHJcbiAgKiB5b3VyIHBhcnRpY2lwYXRpb24gaW4gdGhlIFByb2dyYW0gd2lsbCBub3QgdmlvbGF0ZSBhbnkgbGF3IGFwcGxpY2FibGUgdG8geW91LCBvciBkaXNydXB0IG9yIGNvbXByb21pc2UgYW55IGRhdGEgdGhhdCBpcyBub3QgeW91ciBvd24uXHJcblxyXG4gICogeW91IGFyZSBzb2xlbHkgcmVzcG9uc2libGUgZm9yIGFueSBhcHBsaWNhYmxlIHRheGVzLCB3aXRoaG9sZGluZyBvciBvdGhlcndpc2UsIGFyaXNpbmcgZnJvbSBvciByZWxhdGluZyB0byB5b3VyIHBhcnRpY2lwYXRpb24gaW4gdGhlIFByb2dyYW0sIGluY2x1ZGluZyBmcm9tIGFueSBib3VudHkgcGF5bWVudHMuXHJcblxyXG4gICogR2l0SHViIHJlc2VydmVzIHRoZSByaWdodCB0byB0ZXJtaW5hdGUgb3IgZGlzY29udGludWUgdGhlIFByb2dyYW0gYXQgaXRzIGRpc2NyZXRpb24uXHJcblxyXG4gICogT25seSB0ZXN0IGZvciB2dWxuZXJhYmlsaXRpZXMgb24gc2l0ZXMgeW91IGtub3cgdG8gYmUgb3BlcmF0ZWQgYnkgR2l0SHViIGFuZCBhcmUgW2luLXNjb3BlXShodHRwczovL2JvdW50eS5naXRodWIuY29tI3Njb3BlKS4gU29tZSBzaXRlcyBob3N0ZWQgb24gc3ViZG9tYWlucyBvZiBgR2l0SHViLmNvbWAgYXJlIG9wZXJhdGVkIGJ5IHRoaXJkIHBhcnRpZXMgYW5kIHNob3VsZCBub3QgYmUgdGVzdGVkLlxyXG5cclxuXHJcbiMjIyBMZWdhbCBzYWZlIGhhcmJvclxyXG5cclxuWW91ciByZXNlYXJjaCBpcyBjb3ZlcmVkIGJ5IHRoZSBbR2l0SHViIEJ1ZyBCb3VudHkgUHJvZ3JhbSBMZWdhbCBTYWZlIEhhcmJvcl0oaHR0cHM6Ly9oZWxwLmdpdGh1Yi5jb20vYXJ0aWNsZXMvZ2l0aHViLWJ1Zy1ib3VudHktcHJvZ3JhbS1sZWdhbC1zYWZlLWhhcmJvci8pIHBvbGljeS4gSW4gc3VtbWFyeTpcclxuKiBXZSBjb25zaWRlciBzZWN1cml0eSByZXNlYXJjaCBhbmQgdnVsbmVyYWJpbGl0eSBkaXNjbG9zdXJlIGFjdGl2aXRpZXMgY29uZHVjdGVkIGNvbnNpc3RlbnQgd2l0aCB0aGlzIHBvbGljeSBhcyDigJxhdXRob3JpemVk4oCdIGNvbmR1Y3QgdW5kZXIgdGhlIENvbXB1dGVyIEZyYXVkIGFuZCBBYnVzZSBBY3QsIHRoZSBETUNBLCBhbmQgb3RoZXIgYXBwbGljYWJsZSBjb21wdXRlciB1c2UgbGF3cyBzdWNoIGFzIENhbC4gUGVuYWwgQ29kZSA1MDIoYykuIFdlIHdhaXZlIGFueSBwb3RlbnRpYWwgRE1DQSBjbGFpbSBhZ2FpbnN0IHlvdSBmb3IgY2lyY3VtdmVudGluZyB0aGUgdGVjaG5vbG9naWNhbCBtZWFzdXJlcyB3ZSBoYXZlIHVzZWQgdG8gcHJvdGVjdCB0aGUgYXBwbGljYXRpb25zIGluIHRoaXMgYnVnIGJvdW50eSBwcm9ncmFtJ3Mgc2NvcGUuXHJcbiogV2Ugd2FudCB5b3UgdG8gcmVzcG9uc2libHkgZGlzY2xvc2UgdGhyb3VnaCBvdXIgYnVnIGJvdW50eSBwcm9ncmFtLCBhbmQgZG9uJ3Qgd2FudCByZXNlYXJjaGVycyBwdXQgaW4gZmVhciBvZiBsZWdhbCBjb25zZXF1ZW5jZXMgYmVjYXVzZSBvZiB0aGVpciBnb29kIGZhaXRoIGF0dGVtcHRzIHRvIGNvbXBseSB3aXRoIG91ciBidWcgYm91bnR5IHBvbGljeS4gV2UgY2Fubm90IGJpbmQgYW55IHRoaXJkIHBhcnR5LCBzbyBkbyBub3QgYXNzdW1lIHRoaXMgcHJvdGVjdGlvbiBleHRlbmRzIHRvIGFueSB0aGlyZCBwYXJ0eS4gSWYgaW4gZG91YnQsIGFzayB1cyBiZWZvcmUgZW5nYWdpbmcgaW4gYW55IHNwZWNpZmljIGFjdGlvbiB5b3UgdGhpbmsgbWlnaHQgZ28gb3V0c2lkZSB0aGUgYm91bmRzIG9mIG91ciBwb2xpY3kuXHJcbiogQmVjYXVzZSBib3RoIGlkZW50aWZ5aW5nIGFuZCBub24taWRlbnRpZnlpbmcgaW5mb3JtYXRpb24gY2FuIHB1dCBhIHJlc2VhcmNoZXIgYXQgcmlzaywgd2UgbGltaXQgd2hhdCB3ZSBzaGFyZSB3aXRoIHRoaXJkIHBhcnRpZXMuIFdlIG1heSBwcm92aWRlIG5vbi1pZGVudGlmeWluZyBzdWJzdGFudGl2ZSBpbmZvcm1hdGlvbiBmcm9tIHlvdXIgcmVwb3J0IHRvIGFuIGFmZmVjdGVkIHRoaXJkIHBhcnR5LCBidXQgb25seSBhZnRlciBub3RpZnlpbmcgeW91IGFuZCByZWNlaXZpbmcgYSBjb21taXRtZW50IHRoYXQgdGhlIHRoaXJkIHBhcnR5IHdpbGwgbm90IHB1cnN1ZSBsZWdhbCBhY3Rpb24gYWdhaW5zdCB5b3UuIFdlIHdpbGwgb25seSBzaGFyZSBpZGVudGlmeWluZyBpbmZvcm1hdGlvbiAobmFtZSwgZW1haWwgYWRkcmVzcywgcGhvbmUgbnVtYmVyLCBldGMuKSB3aXRoIGEgdGhpcmQgcGFydHkgaWYgeW91IGdpdmUgeW91ciB3cml0dGVuIHBlcm1pc3Npb24uXHJcbiogSWYgeW91ciBzZWN1cml0eSByZXNlYXJjaCBhcyBwYXJ0IG9mIHRoZSBidWcgYm91bnR5IHByb2dyYW0gdmlvbGF0ZXMgY2VydGFpbiByZXN0cmljdGlvbnMgaW4gb3VyIHNpdGUgcG9saWNpZXMsIHRoZSBzYWZlIGhhcmJvciB0ZXJtcyBwZXJtaXQgYSBsaW1pdGVkIGV4ZW1wdGlvbi5cclxuXHJcblxyXG4jIyMgUGVyZm9ybWluZyB5b3VyIHJlc2VhcmNoXHJcblxyXG4qIERvIG5vdCBpbXBhY3Qgb3RoZXIgdXNlcnMgd2l0aCB5b3VyIHRlc3RpbmcsIHRoaXMgaW5jbHVkZXMgdGVzdGluZyB2dWxuZXJhYmlsaXRpZXMgaW4gcmVwb3NpdG9yaWVzIG9yIG9yZ2FuaXphdGlvbnMgeW91IGRvIG5vdCBvd24uIElmIHlvdSBhcmUgYXR0ZW1wdGluZyB0byBmaW5kIGFuIGF1dGhvcml6YXRpb24gYnlwYXNzLCB5b3UgbXVzdCB1c2UgYWNjb3VudHMgeW91IG93bi5cclxuKiBUaGUgZm9sbG93aW5nIGFyZSAqKm5ldmVyKiogYWxsb3dlZCBhbmQgYXJlIGluZWxpZ2libGUgZm9yIHJld2FyZC4gV2UgbWF5IHN1c3BlbmQgeW91ciBHaXRIdWIgYWNjb3VudCBhbmQgYmFuIHlvdXIgSVAgYWRkcmVzcyBmb3I6XHJcblxyXG4gICogUGVyZm9ybWluZyBkaXN0cmlidXRlZCBkZW5pYWwgb2Ygc2VydmljZSAoRERvUykgb3Igb3RoZXIgdm9sdW1ldHJpYyBhdHRhY2tzXHJcbiAgKiBTcGFtbWluZyBjb250ZW50XHJcbiAgKiBMYXJnZS1zY2FsZSB2dWxuZXJhYmlsaXR5IHNjYW5uZXJzLCBzY3JhcGVycywgb3IgYXV0b21hdGVkIHRvb2xzIHdoaWNoIHByb2R1Y2UgZXhjZXNzaXZlIGFtb3VudHMgb2YgdHJhZmZpYy5cclxuICAgICogTm90ZTogV2UgX2RvXyBhbGxvdyB0aGUgdXNlIG9mIGF1dG9tYXRlZCB0b29scyBzbyBsb25nIGFzIHRoZXkgZG8gbm90IHByb2R1Y2UgZXhjZXNzaXZlIGFtb3VudHMgb2YgdHJhZmZpYy4gRm9yIGV4YW1wbGUsIHJ1bm5pbmcgb25lIGBubWFwYCBzY2FuIGFnYWluc3Qgb25lIGhvc3QgaXMgYWxsb3dlZCwgYnV0IHNlbmRpbmcgNjUsMDAwIHJlcXVlc3RzIGluIHR3byBtaW51dGVzIHVzaW5nIEJ1cnAgU3VpdGUgSW50cnVkZXIgaXMgZXhjZXNzaXZlLlxyXG4qIFJlc2VhcmNoaW5nIGRlbmlhbC1vZi1zZXJ2aWNlIGF0dGFja3MgaXMgYWxsb3dlZCBhbmQgZWxpZ2libGUgZm9yIHJld2FyZHMgb25seSBpZiB5b3UgZm9sbG93IHRoZXNlIHJ1bGVzOlxyXG5cclxuICAqIFJlc2VhcmNoICoqbXVzdCoqIGJlIHBlcmZvcm1lZCBpbiBvcmdhbml6YXRpb25zIG9yIHJlcG9zaXRvcmllcyB5b3Ugb3duXHJcbiAgKiBTdG9wICoqaW1tZWRpYXRlbHkqKiBpZiB5b3UgYmVsaWV2ZSB5b3UgaGF2ZSBhZmZlY3RlZCB0aGUgYXZhaWxhYmlsaXR5IG9mIG91ciBzZXJ2aWNlcy4gRG9uJ3Qgd29ycnkgYWJvdXQgZGVtb25zdHJhdGluZyB0aGUgZnVsbCBpbXBhY3Qgb2YgeW91ciB2dWxuZXJhYmlsaXR5LCBHaXRIdWIncyBzZWN1cml0eSB0ZWFtIHdpbGwgYmUgYWJsZSB0byBkZXRlcm1pbmUgdGhlIGltcGFjdC5cclxuICAqIFRoZXJlIGFyZSBubyBsaW1pdHMgZm9yIHJlc2VhcmNoaW5nIGRlbmlhbCBvZiBzZXJ2aWNlIHZ1bG5lcmFiaWxpdGllcyBhZ2FpbnN0IHlvdXIgb3duIGluc3RhbmNlIG9mIFtHaXRIdWIgRW50ZXJwcmlzZSBTZXJ2ZXJdKGh0dHBzOi8vYm91bnR5LmdpdGh1Yi5jb20vdGFyZ2V0cy9naXRodWItZW50ZXJwcmlzZS1zZXJ2ZXIuaHRtbClcclxuXHJcblxyXG4jIyMgSGFuZGxpbmcgcGVyc29uYWxseSBpZGVudGlmaWFibGUgaW5mb3JtYXRpb24gKFBJSSlcclxuXHJcbiogUGVyc29uYWxseSBpZGVudGlmeWluZyBpbmZvcm1hdGlvbiAoUElJKSBpbmNsdWRlczpcclxuICAqIGxlZ2FsIGFuZC9vciBmdWxsIG5hbWVzXHJcbiAgKiBuYW1lcyBvciB1c2VybmFtZXMgY29tYmluZWQgd2l0aCBvdGhlciBpZGVudGlmaWVycyBsaWtlIHBob25lIG51bWJlcnMgb3IgZW1haWwgYWRkcmVzc2VzXHJcbiAgKiBoZWFsdGggb3IgZmluYW5jaWFsIGluZm9ybWF0aW9uIChpbmNsdWRpbmcgaW5zdXJhbmNlIGluZm9ybWF0aW9uLCBzb2NpYWwgc2VjdXJpdHkgbnVtYmVycywgZXRjLilcclxuICAqIGluZm9ybWF0aW9uIGFib3V0IHBvbGl0aWNhbCBvciByZWxpZ2lvdXMgYWZmaWxpYXRpb25zXHJcbiAgKiBpbmZvcm1hdGlvbiBhYm91dCByYWNlLCBldGhuaWNpdHksIHNleHVhbCBvcmllbnRhdGlvbiwgZ2VuZGVyLCBvciBvdGhlciBpZGVudGlmeWluZyBpbmZvcm1hdGlvbiB0aGF0IGNvdWxkIGJlIHVzZWQgZm9yIGRpc2NyaW1pbmF0b3J5IHB1cnBvc2VzXHJcbiogRG8gbm90IGludGVudGlvbmFsbHkgYWNjZXNzIG90aGVycycgUElJLiBJZiB5b3Ugc3VzcGVjdCBhIHNlcnZpY2UgcHJvdmlkZXMgYWNjZXNzIHRvIFBJSSwgbGltaXQgcXVlcmllcyB0byB5b3VyIG93biBwZXJzb25hbCBpbmZvcm1hdGlvbi5cclxuKiBSZXBvcnQgdGhlIHZ1bG5lcmFiaWxpdHkgKmltbWVkaWF0ZWx5KiBhbmQgZG8gbm90IGF0dGVtcHQgdG8gYWNjZXNzIGFueSBvdGhlciBkYXRhLiBUaGUgR2l0SHViIFNlY3VyaXR5IHRlYW0gd2lsbCBhc3Nlc3MgdGhlIHNjb3BlIGFuZCBpbXBhY3Qgb2YgdGhlIFBJSSBleHBvc3VyZS5cclxuKiBMaW1pdCB0aGUgYW1vdW50IG9mIGRhdGEgcmV0dXJuZWQgZnJvbSBzZXJ2aWNlcy4gRm9yIFNRTCBpbmplY3Rpb24sIGZvciBleGFtcGxlLCBsaW1pdCB0aGUgbnVtYmVyIG9mIHJvd3MgcmV0dXJuZWRcclxuKiBZb3UgbXVzdCBkZWxldGUgYWxsIHlvdXIgbG9jYWwsIHN0b3JlZCwgb3IgY2FjaGVkIGNvcGllcyBvZiBkYXRhIGNvbnRhaW5pbmcgUElJIGFzIHNvb24gYXMgcG9zc2libGUuIFdlIG1heSBhc2sgeW91IHRvIHNpZ24gYSBjZXJ0aWZpY2F0ZSBvZiBkZWxldGlvbiBhbmQgY29uZmlkZW50aWFsaXR5IGFncmVlbWVudCByZWdhcmRpbmcgdGhlIGV4YWN0IGluZm9ybWF0aW9uIHlvdSBhY2Nlc3NlZC4gVGhpcyBhZ3JlZW1lbnQgd2lsbCBub3QgYWZmZWN0IHlvdXIgYm91bnR5IHJld2FyZC5cclxuKiBXZSBtYXkgYXNrIHlvdSBmb3IgdGhlIHVzZXJuYW1lcyBhbmQgSVAgYWRkcmVzc2VzIHVzZWQgZHVyaW5nIHlvdXIgdGVzdGluZyB0byBhc3Nlc3MgdGhlIGltcGFjdCBvZiB0aGUgdnVsbmVyYWJpbGl0eVxyXG5cclxuXHJcbiMjIyBSZXBvcnRpbmcgeW91ciB2dWxuZXJhYmlsaXR5XHJcblxyXG4qIFN1Ym1pc3Npb25zIG11c3QgaW5jbHVkZSB3cml0dGVuIGluc3RydWN0aW9ucyBmb3IgcmVwcm9kdWNpbmcgdGhlIHZ1bG5lcmFiaWxpdHkuIFN1Ym1pc3Npb25zIHdpdGhvdXQgY2xlYXIgcmVwcm9kdWN0aW9uIHN0ZXBzIG9yIHdoaWNoIG9ubHkgaW5jbHVkZSByZXByb2R1Y3Rpb24gc3RlcHMgaW4gdmlkZW8gZm9ybSBtYXkgYmUgaW5lbGlnaWJsZSBmb3IgYSByZXdhcmQuXHJcbiogV2hlbiByZXBvcnRpbmcgdnVsbmVyYWJpbGl0aWVzIHlvdSBtdXN0IGtlZXAgYWxsIGluZm9ybWF0aW9uIG9uIEhhY2tlck9uZS4gRG8gbm90IHBvc3QgaW5mb3JtYXRpb24gdG8gdmlkZW8tc2hhcmluZyBvciBwYXN0ZWJpbiBzaXRlcy4gVmlkZW9zIGFuZCBpbWFnZXMgY2FuIGJlIHVwbG9hZGVkIGRpcmVjdGx5IHZpYSBIYWNrZXJPbmUuXHJcbiogRm9yIHZ1bG5lcmFiaWxpdGllcyBpbnZvbHZpbmcgcGVyc29uYWxseSBpZGVudGlmaWFibGUgaW5mb3JtYXRpb24sIHBsZWFzZSBleHBsYWluIHRoZSBraW5kIG9mIFBJSSB5b3UgYmVsaWV2ZSBpcyBleHBvc2VkIGFuZCBsaW1pdCB0aGUgYW1vdW50IG9mIFBJSSBkYXRhIGluY2x1ZGVkIGluIHlvdXIgc3VibWlzc2lvbnMuIEZvciB0ZXh0dWFsIGluZm9ybWF0aW9uIGFuZCBzY3JlZW5zaG90cywgcGxlYXNlIG9ubHkgaW5jbHVkZSByZWRhY3RlZCBkYXRhIGluIHlvdXIgc3VibWlzc2lvbi5cclxuKiBEbyBub3QgcHVibGljbHkgZGlzY2xvc2UgeW91ciBzdWJtaXNzaW9uIHVudGlsIEdpdEh1YiBoYXMgZXZhbHVhdGVkIHRoZSBpbXBhY3QuXHJcblxyXG5cclxuIyMjIFJlY2VpdmluZyB5b3VyIGF3YXJkXHJcblxyXG4qIEFsbCByZXdhcmQgYW1vdW50cyBhcmUgZGV0ZXJtaW5lZCBieSBvdXIgW3NldmVyaXR5IGd1aWRlbGluZXNdKGh0dHBzOi8vYm91bnR5LmdpdGh1Yi5jb20vI3NldmVyaXR5LWd1aWRlbGluZXMpLlxyXG4qIFdoZW4gZHVwbGljYXRlcyBvY2N1ciwgd2Ugb25seSBhd2FyZCB0aGUgZmlyc3QgcmVwb3J0IHRoYXQgd2FzIHJlY2VpdmVkIChwcm92aWRlZCB0aGF0IGl0IGNhbiBiZSBmdWxseSByZXByb2R1Y2VkKS5cclxuKiBZb3UgYXJlIGZyZWUgdG8gcHVibGlzaCB3cml0ZS11cHMgYWJvdXQgeW91ciB2dWxuZXJhYmlsaXR5IGFuZCBHaXRIdWIgd2lsbCBub3QgbGltaXQgd2hhdCB5b3Ugd3JpdGUuIFdlIG1heSBwYXkgb3V0IHlvdXIgcmV3YXJkIGJlZm9yZSB0aGUgdnVsbmVyYWJpbGl0eSBpcyBwYXRjaGVkIHNvIHdlIG1heSBhc2sgdGhhdCB5b3UgZGVsYXkgcHVibGlzaGluZyB0byBrZWVwIG90aGVyIEdpdEh1YiB1c2VycyBzYWZlLlxyXG4qIE1lZGl1bSwgaGlnaCwgYW5kIGNyaXRpY2FsIHNldmVyaXR5IGlzc3VlcyB3aWxsIGJlIHdyaXR0ZW4gdXAgb24gdGhlIEdpdEh1YiBCdWcgQm91bnR5IHNpdGUgYW5kIGluY2x1ZGVkIGluIG91ciBsZWFkZXJib2FyZC4gV2UgZG9uJ3QgY3VycmVudGx5IHBvc3Qgd3JpdGUtdXBzIGZvciBsb3cgc2V2ZXJpdHkgdnVsbmVyYWJpbGl0aWVzLlxyXG4qIFlvdSBtYXkgcHJlZmVyIHRoZSByZXdhcmQgZ28gdG93YXJkIGhlbHBpbmcgb3RoZXJzLiBJZiB5b3UgY2hvb3NlIHNvLCBHaXRIdWIgd2lsbCBkb25hdGUgeW91ciByZXdhcmQgdG8gYW4gZXN0YWJsaXNoZWQgNTAxKGMpKDMpIGNoYXJpdGFibGUgb3JnYW5pemF0aW9uIG9mIHlvdXIgY2hvaWNlLiBHaXRIdWIgd2lsbCBhbHNvIG1hdGNoIHlvdXIgZG9uYXRpb24gLSBzdWJqZWN0IHRvIG91ciBkaXNjcmV0aW9uLiBBbnkgcmV3YXJkcyB0aGF0IGdvIHVuY2xhaW1lZCBhZnRlciAxMiBtb250aHMgd2lsbCBiZSBkb25hdGVkIHRvIGEgY2hhcml0eSBvZiBHaXRIdWIncyBjaG9vc2luZy5cclxuXHJcblxyXG4jIyBTY29wZVxyXG5cclxuR2l0SHViIHJ1bnMgYSBudW1iZXIgb2Ygc2VydmljZXMgYnV0IG9ubHkgc3VibWlzc2lvbnMgdW5kZXIgdGhlIGZvbGxvd2luZyBkb21haW5zIGFyZSBlbGlnaWJsZSBmb3IgcmV3YXJkcy4gQW55IEdpdEh1Yi1vd25lZCBkb21haW5zIG5vdCBsaXN0ZWQgYmVsb3cgYXJlICpub3QqIGluLXNjb3BlLCAqbm90KiBlbGlnaWJsZSBmb3IgcmV3YXJkcyBhbmQgKm5vdCogY292ZXJlZCBieSBvdXIgW2xlZ2FsIHNhZmUgaGFyYm9yXShodHRwczovL2JvdW50eS5naXRodWIuY29tI2xlZ2FsX3NhZmVfaGFyYm9yKS5cclxuXHJcblxyXG4jIyMgZ2l0aHViLmNvbVxyXG5cclxuT3VyIG1haW4gZG9tYWluIGhvc3RpbmcgdXNlci1mYWNpbmcgR2l0SHViIHNlcnZpY2VzLi4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYGdpdGh1Yi5jb21gIGFyZSBpbi1zY29wZSAqZXhjZXB0KjpcclxuKiBgYmxvZy5naXRodWIuY29tYFxyXG4qIGBjb21tdW5pdHkuZ2l0aHViLmNvbWBcclxuKiBgZW1haWwuZW50ZXJwcmlzZS5naXRodWIuY29tYFxyXG4qIGBlbWFpbC5maW5hbmNlLmdpdGh1Yi5jb21gXHJcbiogYGVtYWlsLnN0YWdpbmcuZmluYW5jZS5naXRodWIuY29tYFxyXG4qIGBlbWFpbC5zdXBwb3J0LmdpdGh1Yi5jb21gXHJcbiogYGVtYWlsLnZlcmlmeS5naXRodWIuY29tYFxyXG4qIGBnb29nbGU3NjUwZGNmNjE0NmYwNGQ4LmdpdGh1Yi5jb21gXHJcbiogYGsxLl9kb21haW5rZXkuZ2l0aHViLmNvbWBcclxuKiBgazEuX2RvbWFpbmtleS5tY21haWwuZ2l0aHViLmNvbWBcclxuKiBgbWNtYWlsLmdpdGh1Yi5jb21gXHJcbiogYHJlc291cmNlcy5naXRodWIuY29tYFxyXG4qIGAqLnJlc291cmNlcy5naXRodWIuY29tYFxyXG4qIGBzZ21haWwuZ2l0aHViLmNvbWBcclxuKiBgKi5zZ21haWwuZ2l0aHViLmNvbWBcclxuKiBgc2hvcC5naXRodWIuY29tYFxyXG4qIGBzbXRwLmdpdGh1Yi5jb21gXHJcbiogYCouc210cC5naXRodWIuY29tYFxyXG4qIGBzdXBwb3J0LmdpdGh1Yi5jb21gXHJcblxyXG4jIyMgZ2l0aHViYXNzZXRzLmNvbVxyXG5cclxuT3VyIGRvbWFpbiBmb3IgaG9zdGluZyBzdGF0aWMgYXNzZXRzLi4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYGdpdGh1YmFzc2V0cy5jb21gIGFyZSBpbi1zY29wZVxyXG5cclxuIyMjIGdpdGh1YnVzZXJjb250ZW50LmNvbVxyXG5cclxuT3VyIGRvbWFpbiBmb3IgaG9zdGluZyBhbmQgcmVuZGVyaW5nIHVzZXJzJyBkYXRhLi4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYGdpdGh1YnVzZXJjb250ZW50LmNvbWAgYXJlIGluLXNjb3BlXHJcblxyXG4jIyMgZ2l0aHViYXBwLmNvbVxyXG5cclxuT3VyIGRvbWFpbiBmb3IgaG9zdGluZyBlbXBsb3llZS1mYWNpbmcgc2VydmljZXMuLiBBbGwgc3ViZG9tYWlucyB1bmRlciBgZ2l0aHViYXBwLmNvbWAgYXJlIGluLXNjb3BlICpleGNlcHQqOlxyXG4qIGBhdG9tLWlvLmdpdGh1YmFwcC5jb21gXHJcbiogYGF0b20taW8tc3RhZ2luZy5naXRodWJhcHAuY29tYFxyXG4qIGBlbWFpbC5lbnRlcnByaXNlLXN0YWdpbmcuZ2l0aHViYXBwLmNvbWBcclxuKiBgZW1haWwuaGF5c3RhY2suZ2l0aHViYXBwLmNvbWBcclxuKiBgcmVwbHkuZ2l0aHViYXBwLmNvbWBcclxuXHJcbiMjIyBnaXRodWIubmV0XHJcblxyXG5PdXIgZG9tYWluIGZvciBob3N0aW5nIEdpdEh1YidzIGludGVybmFsIHByb2R1Y3Rpb24gc2VydmljZXMuIE1hbnkgb2YgdGhlc2Ugc2VydmljZXMgYXJlIG5vdCBhY2Nlc3NpYmxlIGZyb20gb3V0c2lkZSBvdXIgaW50ZXJuYWwgbmV0d29yay4uIEFsbCBzdWJkb21haW5zIHVuZGVyIGBnaXRodWIubmV0YCBhcmUgaW4tc2NvcGVcclxuXHJcbiMjIyBzZW1tbGUuY29tXHJcblxyXG5PdXIgbWFpbiBkb21haW4gZm9yIFNlbW1sZSBhbmQgTEdUTSBzZXJ2aWNlcy4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYHNlbW1sZS5jb21gIGFyZSBpbi1zY29wZSAqZXhjZXB0KjpcclxuKiBgZGV2LnNlbW1sZS5jb21gXHJcbiogYGdpdC5zZW1tbGUuY29tYFxyXG4qIGBqaXJhLnNlbW1sZS5jb21gXHJcbiogYHdpa2kuc2VtbWxlLmNvbWBcclxuXHJcbiMjIyBzZW1tbGUubmV0XHJcblxyXG5PdXIgZG9tYWluIGZvciBub24tcHJvZHVjdGlvbiBTZW1tbGUgc2VydmljZXMuIEFsbCBzdWJkb21haW5zIHVuZGVyIGBzZW1tbGUubmV0YCBhcmUgaW4tc2NvcGVcclxuXHJcbiMjIyBkb3dubG9hZHMubGd0bS5jb21cclxuXHJcbk91ciBkb21haW4gZm9yIHNlcnZpbmcgTEdUTSBkb3dubG9hZHMuLiBBbGwgc3ViZG9tYWlucyB1bmRlciBgZG93bmxvYWRzLmxndG0uY29tYCBhcmUgaW4tc2NvcGVcclxuXHJcbiMjIyBsZ3RtLWNvbS5wZW50ZXN0aW5nLnNlbW1sZS5uZXRcclxuXHJcbkFuIGluc3RhbmNlIG9mIFtMR1RNXShodHRwczovL2JvdW50eS5naXRodWIuY29tL3RhcmdldHMvbGd0bS5odG1sKSBlc3BlY2lhbGx5IGZvciBCdWcgQm91bnR5IHJlc2VhcmNoLi4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYGxndG0tY29tLnBlbnRlc3Rpbmcuc2VtbWxlLm5ldGAgYXJlIGluLXNjb3BlXHJcblxyXG4jIyMgYmFja2VuZC1kb3QtbGd0bS1wZW5ldHJhdGlvbi10ZXN0aW5nLmFwcHNwb3QuY29tXHJcblxyXG5BbiBpbnN0YW5jZSBvZiBbTEdUTV0oaHR0cHM6Ly9ib3VudHkuZ2l0aHViLmNvbS90YXJnZXRzL2xndG0uaHRtbCkncyBiYWNrZW5kIHVzZWQgZm9yIHRyaWdnZXJpbmcgYXV0b21hdGVkIHRhc2tzLi4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYGJhY2tlbmQtZG90LWxndG0tcGVuZXRyYXRpb24tdGVzdGluZy5hcHBzcG90LmNvbWAgYXJlIGluLXNjb3BlXHJcblxyXG4jIyBTZXZlcml0eSBHdWlkZWxpbmVzXHJcblxyXG5BbGwgYm91bnR5IHN1Ym1pc3Npb25zIGFyZSByYXRlZCBieSBHaXRIdWIgdXNpbmcgYSBwdXJwb3NlZnVsbHkgc2ltcGxlIHNjYWxlLiBFYWNoIHZ1bG5lcmFiaWxpdHkgaXMgdW5pcXVlIGJ1dCB0aGUgZm9sbG93aW5nIGlzIGEgcm91Z2ggZ3VpZGVsaW5lIHdlIHVzZSBpbnRlcm5hbGx5IGZvciByYXRpbmcgYW5kIHJld2FyZGluZyBzdWJtaXNzaW9uczpcclxuXHJcblxyXG4jIyMgQ3JpdGljYWw6ICQyMCwwMDAgLSAkMzAsMDAwXHJcblxyXG5Dcml0aWNhbCBzZXZlcml0eSBpc3N1ZXMgcHJlc2VudCBhIGRpcmVjdCBhbmQgaW1tZWRpYXRlIHJpc2sgdG8gYSBicm9hZCBhcnJheSBvZiBvdXIgdXNlcnMgb3IgdG8gR2l0SHViIGl0c2VsZi4gVGhleSBvZnRlbiBhZmZlY3QgcmVsYXRpdmVseSBsb3ctbGV2ZWwvZm91bmRhdGlvbmFsIGNvbXBvbmVudHMgaW4gb25lIG9mIG91ciBhcHBsaWNhdGlvbiBzdGFja3Mgb3IgaW5mcmFzdHJ1Y3R1cmUuIEZvciBleGFtcGxlOlxyXG4qIGFyYml0cmFyeSBjb2RlL2NvbW1hbmQgZXhlY3V0aW9uIG9uIGEgR2l0SHViIHNlcnZlciBpbiBvdXIgcHJvZHVjdGlvbiBuZXR3b3JrLlxyXG4qIGFyYml0cmFyeSBTUUwgcXVlcmllcyBvbiB0aGUgR2l0SHViIHByb2R1Y3Rpb24gZGF0YWJhc2UuXHJcbiogYnlwYXNzaW5nIHRoZSBHaXRIdWIgbG9naW4gcHJvY2VzcywgZWl0aGVyIHBhc3N3b3JkIG9yIDJGQS5cclxuKiBhY2Nlc3MgdG8gc2Vuc2l0aXZlIHByb2R1Y3Rpb24gdXNlciBkYXRhIG9yIGFjY2VzcyB0byBpbnRlcm5hbCBwcm9kdWN0aW9uIHN5c3RlbXMuXHJcbiogYWNjZXNzaW5nIGFub3RoZXIgdXNlcidzIGRhdGEgaW4gdGhlIEdpdEh1YiBBY3Rpb25zIHNlcnZpY2UuXHJcblxyXG5UaGUgdXBwZXIgYm91bmQgZm9yIGNyaXRpY2FsIHZ1bG5lcmFiaWxpdGllcywgJDMwLDAwMCwgaXMgb25seSBhIGd1aWRlbGluZSBhbmQgR2l0SHViIG1heSByZXdhcmQgaGlnaGVyIGFtb3VudHMgZm9yIGV4Y2VwdGlvbmFsIHJlcG9ydHMuXHJcblxyXG5cclxuIyMjIEhpZ2g6ICQxMCwwMDAgLSAkMjAsMDAwXHJcblxyXG5IaWdoIHNldmVyaXR5IGlzc3VlcyBhbGxvdyBhbiBhdHRhY2tlciB0byByZWFkIG9yIG1vZGlmeSBoaWdobHkgc2Vuc2l0aXZlIGRhdGEgdGhhdCB0aGV5IGFyZSBub3QgYXV0aG9yaXplZCB0byBhY2Nlc3MuIFRoZXkgYXJlIGdlbmVyYWxseSBtb3JlIG5hcnJvdyBpbiBzY29wZSB0aGFuIGNyaXRpY2FsIGlzc3VlcywgdGhvdWdoIHRoZXkgbWF5IHN0aWxsIGdyYW50IGFuIGF0dGFja2VyIGV4dGVuc2l2ZSBhY2Nlc3MuIEZvciBleGFtcGxlOlxyXG4qIGluamVjdGluZyBhdHRhY2tlciBjb250cm9sbGVkIGNvbnRlbnQgaW50byBHaXRIdWIuY29tIChYU1MpIHdoaWNoIGJ5cGFzc2VzIENTUC5cclxuKiBieXBhc3NpbmcgYXV0aG9yaXphdGlvbiBsb2dpYyB0byBncmFudCBhIHJlcG9zaXRvcnkgY29sbGFib3JhdG9yIG1vcmUgYWNjZXNzIHRoYW4gaW50ZW5kZWQuXHJcbiogZGlzY292ZXJpbmcgc2Vuc2l0aXZlIHVzZXIgb3IgR2l0SHViIGRhdGEgaW4gYSBwdWJsaWNseSBleHBvc2VkIHJlc291cmNlLCBzdWNoIGFzIGFuIFMzIGJ1Y2tldC5cclxuKiBnYWluaW5nIGFjY2VzcyB0byBhIG5vbi1jcml0aWNhbCByZXNvdXJjZSB0aGF0IG9ubHkgR2l0SHViIGVtcGxveWVlcyBzaG91bGQgYmUgYWJsZSB0byByZWFjaC5cclxuKiB1c2luZyB0aGUgR2l0SHViIEFjdGlvbnMgcmVwby1zY29wZWQgR2l0SHViIHRva2VuIHRvIGFjY2VzcyBoaWdoLXJpc2sgcHJpdmF0ZSBjb250ZW50IG91dHNpZGUgb2YgdGhhdCByZXBvc2l0b3J5LlxyXG4qIGNvZGUgZXhlY3V0aW9uIGluIGEgZGVza3RvcCBhcHAgdGhhdCByZXF1aXJlcyBubyB1c2VyIGludGVyYWN0aW9uLlxyXG5cclxuXHJcbiMjIyBNZWRpdW06ICQ0LDAwMCAtICQxMCwwMDBcclxuXHJcbk1lZGl1bSBzZXZlcml0eSBpc3N1ZXMgYWxsb3cgYW4gYXR0YWNrZXIgdG8gcmVhZCBvciBtb2RpZnkgbGltaXRlZCBhbW91bnRzIG9mIGRhdGEgdGhhdCB0aGV5IGFyZSBub3QgYXV0aG9yaXplZCB0byBhY2Nlc3MuIFRoZXkgZ2VuZXJhbGx5IGdyYW50IGFjY2VzcyB0byBsZXNzIHNlbnNpdGl2ZSBpbmZvcm1hdGlvbiB0aGFuIGhpZ2ggc2V2ZXJpdHkgaXNzdWVzLiBGb3IgZXhhbXBsZTpcclxuKiBkaXNjbG9zaW5nIHRoZSB0aXRsZSBvZiBpc3N1ZXMgaW4gcHJpdmF0ZSByZXBvc2l0b3JpZXMgd2hpY2ggc2hvdWxkIGJlIGJlIGluYWNjZXNzaWJsZS5cclxuKiBpbmplY3RpbmcgYXR0YWNrZXIgY29udHJvbGxlZCBjb250ZW50IGludG8gR2l0SHViLmNvbSAoWFNTKSBidXQgbm90IGJ5cGFzc2luZyBDU1Agb3IgZXhlY3V0aW5nIHNlbnNpdGl2ZSBhY3Rpb25zIHdpdGggYW5vdGhlciB1c2VyJ3Mgc2Vzc2lvbi5cclxuKiBieXBhc3NpbmcgQ1NSRiB2YWxpZGF0aW9uIGZvciBsb3cgcmlzayBhY3Rpb25zLCBzdWNoIGFzIHN0YXJyaW5nIGEgcmVwb3NpdG9yeSBvciB1bnN1YnNjcmliaW5nIGZyb20gYSBtYWlsaW5nIGxpc3QuXHJcbiogZXNjYXBpbmcgdGhlIExHVE0gd29ya2VyIHNhbmRib3ggdG8gYWNjZXNzIG90aGVyIHVzZXIncyBkYXRhIG9yIHByaXZhdGUgbmV0d29ya2VkIHJlc291cmNlc1xyXG5cclxuXHJcbiMjIyBMb3c6ICQ2MTcgLSAkMiwwMDBcclxuXHJcbkxvdyBzZXZlcml0eSBpc3N1ZXMgYWxsb3cgYW4gYXR0YWNrZXIgdG8gYWNjZXNzIGV4dHJlbWVseSBsaW1pdGVkIGFtb3VudHMgb2YgZGF0YS4gVGhleSBtYXkgdmlvbGF0ZSBhbiBleHBlY3RhdGlvbiBmb3IgaG93IHNvbWV0aGluZyBpcyBpbnRlbmRlZCB0byB3b3JrLCBidXQgaXQgYWxsb3dzIG5lYXJseSBubyBlc2NhbGF0aW9uIG9mIHByaXZpbGVnZSBvciBhYmlsaXR5IHRvIHRyaWdnZXIgdW5pbnRlbmRlZCBiZWhhdmlvciBieSBhbiBhdHRhY2tlci4gRm9yIGV4YW1wbGU6XHJcbiogc2lnbmluZyB1cCBhcmJpdHJhcnkgdXNlcnMgZm9yIGFjY2VzcyB0byBhbiBcImVhcmx5IGFjY2VzcyBmZWF0dXJlXCIgd2l0aG91dCB0aGVpciBjb25zZW50LlxyXG4qIGNyZWF0aW5nIGFuIGlzc3VlIGNvbW1lbnQgdGhhdCBieXBhc3NlcyBvdXIgaW1hZ2UgcHJveHlpbmcgZmlsdGVyIGJ5IHByb3ZpZGluZyBhIG1hbGZvcm1lZCBVUkwuXHJcbiogYnlwYXNzaW5nIGNvbW11bml0eS1hbmQtc2FmZXR5IGZlYXR1cmVzIHN1Y2ggYXMgbG9ja2VkIGNvbnZlcnNhdGlvbnMuXHJcbiogYnlwYXNzaW5nIGJpbGxpbmcgJiBwbGFuIHJlc3RyaWN0aW9ucyB0byBnYWluIGFjY2VzcyB0byBwYWlkIGZlYXR1cmVzLlxyXG4qIHRyaWdnZXJpbmcgdmVyYm9zZSBvciBkZWJ1ZyBlcnJvciBwYWdlcyB3aXRob3V0IHByb29mIG9mIGV4cGxvaXRhYmlsaXR5IG9yIG9idGFpbmluZyBzZW5zaXRpdmUgaW5mb3JtYXRpb24uXHJcbiogdHJpZ2dlcmluZyBhcHBsaWNhdGlvbiBleGNlcHRpb25zIHRoYXQgY291bGQgYWZmZWN0IG1hbnkgR2l0SHViIHVzZXJzLlxyXG4qIHRyaWdnZXJpbmcgWFNTIG9yIENTUkYgdnVsbmVyYWJpbGl0aWVzIGluIExHVE1cclxuIiwiY3JlYXRlZF9hdCI6IjIwMTYtMDQtMTVUMTc6MTA6MzEuMjYxWiIsInVwZGF0ZWRfYXQiOiIyMDIwLTAzLTA5VDIwOjI0OjUyLjQxOFoifX19LCJ3ZWFrbmVzcyI6eyJkYXRhIjp7ImlkIjoiOSIsInR5cGUiOiJ3ZWFrbmVzcyIsImF0dHJpYnV0ZXMiOnsibmFtZSI6IkJ1ZmZlciBPdmVyLXJlYWQiLCJkZXNjcmlwdGlvbiI6IlRoZSBzb2Z0d2FyZSByZWFkcyBmcm9tIGEgYnVmZmVyIHVzaW5nIGJ1ZmZlciBhY2Nlc3MgbWVjaGFuaXNtcyBzdWNoIGFzIGluZGV4ZXMgb3IgcG9pbnRlcnMgdGhhdCByZWZlcmVuY2UgbWVtb3J5IGxvY2F0aW9ucyBhZnRlciB0aGUgdGFyZ2V0ZWQgYnVmZmVyLiIsImV4dGVybmFsX2lkIjoiY3dlLTEyNiIsImNyZWF0ZWRfYXQiOiIyMDE3LTAxLTA1VDAxOjUxOjE5LjAwMFoifX19LCJzdHJ1Y3R1cmVkX3Njb3BlIjp7ImRhdGEiOnsiaWQiOiIxNTQ1NSIsInR5cGUiOiJzdHJ1Y3R1cmVkLXNjb3BlIiwiYXR0cmlidXRlcyI6eyJhc3NldF90eXBlIjoiVVJMIiwiYXNzZXRfaWRlbnRpZmllciI6InJlbmRlci5naXRodWIuY29tIiwiZWxpZ2libGVfZm9yX2JvdW50eSI6dHJ1ZSwiZWxpZ2libGVfZm9yX3N1Ym1pc3Npb24iOnRydWUsImluc3RydWN0aW9uIjoiIiwibWF4X3NldmVyaXR5IjoiY3JpdGljYWwiLCJjcmVhdGVkX2F0IjoiMjAxOC0xMC0xMFQwMDo0MDo1MS40NzlaIiwidXBkYXRlZF9hdCI6IjIwMTgtMTAtMTBUMDA6NDA6NTEuNDc5WiIsInJlZmVyZW5jZSI6IiIsImNvbmZpZGVudGlhbGl0eV9yZXF1aXJlbWVudCI6Im1lZGl1bSIsImludGVncml0eV9yZXF1aXJlbWVudCI6Im1lZGl1bSIsImF2YWlsYWJpbGl0eV9yZXF1aXJlbWVudCI6ImxvdyJ9fX0sImJvdW50aWVzIjp7ImRhdGEiOltdfSwiY3VzdG9tX2ZpZWxkX3ZhbHVlcyI6eyJkYXRhIjpbXX19fV0sImxpbmtzIjp7fX0=
|
75
|
+
http_version: null
|
76
|
+
recorded_at: Tue, 24 Mar 2020 14:11:47 GMT
|
77
|
+
recorded_with: VCR 5.1.0
|
data/lib/hackerone/client.rb
CHANGED
@@ -14,8 +14,11 @@ require_relative "client/group"
|
|
14
14
|
require_relative "client/structured_scope"
|
15
15
|
require_relative "client/swag"
|
16
16
|
require_relative "client/address"
|
17
|
+
require_relative "client/attachment"
|
17
18
|
require_relative "client/bounty"
|
18
19
|
require_relative "client/incremental/activities"
|
20
|
+
require_relative "client/billing_balance"
|
21
|
+
require "active_support/core_ext/hash"
|
19
22
|
|
20
23
|
module HackerOne
|
21
24
|
module Client
|
@@ -28,6 +31,17 @@ module HackerOne
|
|
28
31
|
|
29
32
|
LENIENT_MODE_ENV_VARIABLE = "HACKERONE_CLIENT_LENIENT_MODE"
|
30
33
|
|
34
|
+
REPORT_STATES = %w(
|
35
|
+
new
|
36
|
+
triaged
|
37
|
+
needs-more-info
|
38
|
+
resolved
|
39
|
+
not-applicable
|
40
|
+
informative
|
41
|
+
duplicate
|
42
|
+
spam
|
43
|
+
)
|
44
|
+
|
31
45
|
class << self
|
32
46
|
ATTRS = [:low_range, :medium_range, :high_range, :critical_range].freeze
|
33
47
|
attr_accessor :program
|
@@ -66,20 +80,30 @@ module HackerOne
|
|
66
80
|
end
|
67
81
|
end
|
68
82
|
|
69
|
-
## Returns all
|
83
|
+
## Returns all reports in a given state, optionally with a time bound
|
70
84
|
#
|
71
85
|
# program: the HackerOne program to search on (configure globally with Hackerone::Client.program=)
|
72
86
|
# since (optional): a time bound, don't include reports earlier than +since+. Must be a DateTime object.
|
87
|
+
# before (optional): a time bound, don't include reports later than +before+. Must be a DateTime object.
|
88
|
+
# state (optional): state that a report is in, by default new
|
73
89
|
#
|
74
90
|
# returns all open reports or an empty array
|
75
|
-
def reports(since: 3.days.ago)
|
91
|
+
def reports(since: 3.days.ago, before: nil, state: :new)
|
76
92
|
raise ArgumentError, "Program cannot be nil" unless program
|
93
|
+
raise ArgumentError, "State is invalid" unless REPORT_STATES.include?(state.to_s)
|
94
|
+
|
77
95
|
response = self.class.hackerone_api_connection.get do |req|
|
78
96
|
options = {
|
79
|
-
"filter[state][]" =>
|
80
|
-
"filter[program][]" => program
|
81
|
-
"filter[created_at__gt]" => since.iso8601
|
97
|
+
"filter[state][]" => state,
|
98
|
+
"filter[program][]" => program
|
82
99
|
}
|
100
|
+
unless since.nil?
|
101
|
+
options["filter[created_at__gt]"] = since.iso8601
|
102
|
+
end
|
103
|
+
unless before.nil?
|
104
|
+
options["filter[created_at__lt]"] = before.iso8601
|
105
|
+
end
|
106
|
+
|
83
107
|
req.url "reports", options
|
84
108
|
end
|
85
109
|
|
@@ -90,6 +114,35 @@ module HackerOne
|
|
90
114
|
end
|
91
115
|
end
|
92
116
|
|
117
|
+
## Public: create a new report
|
118
|
+
#
|
119
|
+
# title: The title of the report
|
120
|
+
# summary: Summary of the report
|
121
|
+
# impact: Impact of the report
|
122
|
+
# severity_rating: severity of report, must be one of https://api.hackerone.com/reference/#severity-ratings
|
123
|
+
# source: where the report came from, i.e. API, Bugcrowd, etc.
|
124
|
+
#
|
125
|
+
# returns an HackerOne::Client::Report object or raises an error if
|
126
|
+
# error during creation
|
127
|
+
def create_report(title:, summary:, impact:, severity_rating:, source:)
|
128
|
+
raise ArgumentError, "Program cannot be nil" unless program
|
129
|
+
|
130
|
+
data = {
|
131
|
+
"data": {
|
132
|
+
"type": "report",
|
133
|
+
"attributes": {
|
134
|
+
"team_handle": program,
|
135
|
+
"title": title,
|
136
|
+
"vulnerability_information": summary,
|
137
|
+
"impact": impact,
|
138
|
+
"severity_rating": severity_rating,
|
139
|
+
"source": source
|
140
|
+
}
|
141
|
+
}
|
142
|
+
}
|
143
|
+
Report.new(post("reports", data))
|
144
|
+
end
|
145
|
+
|
93
146
|
## Public: retrieve a report
|
94
147
|
#
|
95
148
|
# id: the ID of a specific report
|