hackerone-client 0.17.0 → 0.21.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (20) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/build.yml +5 -4
  3. data/CHANGELOG.md +13 -0
  4. data/Gemfile +2 -2
  5. data/README.md +11 -2
  6. data/fixtures/vcr_cassettes/create_report.yml +81 -0
  7. data/fixtures/vcr_cassettes/create_report_invalid.yml +79 -0
  8. data/fixtures/vcr_cassettes/get_balance.yml +80 -0
  9. data/fixtures/vcr_cassettes/lock_report.yml +156 -0
  10. data/fixtures/vcr_cassettes/report.yml +22 -1
  11. data/fixtures/vcr_cassettes/report_list_before.yml +271 -0
  12. data/fixtures/vcr_cassettes/report_list_triaged.yml +77 -0
  13. data/lib/hackerone/client.rb +58 -5
  14. data/lib/hackerone/client/activity.rb +11 -1
  15. data/lib/hackerone/client/attachment.rb +24 -0
  16. data/lib/hackerone/client/billing_balance.rb +18 -0
  17. data/lib/hackerone/client/program.rb +7 -0
  18. data/lib/hackerone/client/report.rb +28 -1
  19. data/lib/hackerone/client/version.rb +1 -1
  20. metadata +10 -2
data/fixtures/vcr_cassettes/report.yml CHANGED
@@ -191,7 +191,28 @@ http_interactions:
191
191
  },
192
192
  "attachments": {
193
193
  "data": [
194
-
194
+ {
195
+ "id": "936424",
196
+ "type": "attachment",
197
+ "attributes": {
198
+ "expiring_url": "https://redacted.aws.s3.link",
199
+ "created_at": "2020-08-04T18:34:09.446Z",
200
+ "file_name": "2182_FtX8VdFq.jpg",
201
+ "content_type": "image/jpeg",
202
+ "file_size": 653695
203
+ }
204
+ },
205
+ {
206
+ "id": "936425",
207
+ "type": "attachment",
208
+ "attributes": {
209
+ "expiring_url": "https://redacted.aws.s3.link",
210
+ "created_at": "2020-08-04T18:34:28.970Z",
211
+ "file_name": "swagger_parse.py",
212
+ "content_type": "text/x-python-script",
213
+ "file_size": 482
214
+ }
215
+ }
195
216
  ]
196
217
  },
197
218
  "vulnerability_types": {
data/fixtures/vcr_cassettes/report_list_before.yml ADDED
@@ -0,0 +1,271 @@
1
+ ---
2
+ http_interactions:
3
+ - request:
4
+ method: get
5
+ uri: https://api.hackerone.com/v1/reports?filter%5Bcreated_at__lt%5D=2017-02-11T16:00:44-10:00&filter%5Bprogram%5D%5B0%5D=github&filter%5Bstate%5D%5B0%5D=new
6
+ body:
7
+ encoding: US-ASCII
8
+ string: ''
9
+ headers:
10
+ Authorization:
11
+ - Basic ==
12
+ User-Agent:
13
+ - Faraday v1.3.0
14
+ Accept-Encoding:
15
+ - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
16
+ Accept:
17
+ - "*/*"
18
+ response:
19
+ status:
20
+ code: 200
21
+ message: OK
22
+ headers:
23
+ Date:
24
+ - Tue, 26 Jan 2021 01:59:08 GMT
25
+ Content-Type:
26
+ - application/json; charset=utf-8
27
+ Transfer-Encoding:
28
+ - chunked
29
+ Connection:
30
+ - keep-alive
31
+ Set-Cookie:
32
+ - __cfduid=d1825b95f694de8ff5c78cb985c261f491611626346; expires=Thu, 25-Feb-21
33
+ 01:59:06 GMT; path=/; Domain=api.hackerone.com; HttpOnly; SameSite=Lax; Secure
34
+ X-Request-Id:
35
+ - 3d4375bc-4de0-4760-85b8-003b3e09420d
36
+ Etag:
37
+ - W/"f33bd1b1c69b6617410c264d74fffa56"
38
+ Cache-Control:
39
+ - max-age=0, private, must-revalidate
40
+ Strict-Transport-Security:
41
+ - max-age=31536000; includeSubDomains; preload
42
+ X-Frame-Options:
43
+ - DENY
44
+ X-Content-Type-Options:
45
+ - nosniff
46
+ X-Xss-Protection:
47
+ - 1; mode=block
48
+ X-Download-Options:
49
+ - noopen
50
+ X-Permitted-Cross-Domain-Policies:
51
+ - none
52
+ Referrer-Policy:
53
+ - strict-origin-when-cross-origin
54
+ Expect-Ct:
55
+ - enforce, max-age=86400
56
+ Content-Security-Policy:
57
+ - 'default-src ''none''; base-uri ''self''; block-all-mixed-content; child-src
58
+ www.youtube-nocookie.com; connect-src ''self'' www.google-analytics.com errors.hackerone.net;
59
+ font-src ''self''; form-action ''self''; frame-ancestors ''none''; img-src
60
+ ''self'' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com
61
+ profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com;
62
+ media-src ''self'' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com;
63
+ script-src ''self'' www.google-analytics.com; style-src ''self'' ''unsafe-inline'';
64
+ report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d'
65
+ Cf-Cache-Status:
66
+ - DYNAMIC
67
+ Cf-Request-Id:
68
+ - 07de0391de0000fda912ab2000000001
69
+ Server:
70
+ - cloudflare
71
+ Cf-Ray:
72
+ - 6176a1fc9fcefda9-PDX
73
+ body:
74
+ encoding: ASCII-8BIT
75
+ string: '{"data":[{"id":"440362","type":"report","attributes":{"title":"gewgwe","state":"new","created_at":"2016-11-13T23:01:55.070Z","vulnerability_information":"gewewg\n\n##
76
+ Impact\n\ngwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-13T23:01:55.139Z","first_program_activity_at":"2016-11-13T23:01:55.139Z","last_program_activity_at":"2016-11-13T23:01:55.139Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-13T23:01:55.139Z","last_activity_at":"2016-11-13T23:05:46.933Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
77
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
78
+ Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"240715","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-13T23:01:55.102Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
79
+ Underflow","description":"The software writes to a buffer using an index or
80
+ pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"434162","type":"report","attributes":{"title":"fewew","state":"new","created_at":"2016-11-05T02:24:29.286Z","vulnerability_information":"fewfew\n\n##
81
+ Impact\n\nfewfwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-05T02:24:29.343Z","first_program_activity_at":"2016-11-05T02:24:29.343Z","last_program_activity_at":"2016-11-05T02:24:29.343Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"issue_tracker_reference_id":"abc","last_public_activity_at":"2016-11-05T02:24:29.343Z","last_activity_at":"2016-11-13T23:14:58.672Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
82
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
83
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"234626","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-05T02:24:29.316Z"}}},"weakness":{"data":{"id":"73","type":"weakness","attributes":{"name":"Phishing","description":"Phishing
84
+ is a social engineering technique where an attacker masquerades as a legitimate
85
+ entity with which the victim might do business in order to prompt the user
86
+ to reveal some confidential information (very frequently authentication credentials)
87
+ that can later be used by an attacker. Phishing is essentially a form of information
88
+ gathering or \"fishing\" for information.","external_id":"capec-98","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"434100","type":"report","attributes":{"title":"gewgwe","state":"new","created_at":"2016-11-04T20:11:35.887Z","vulnerability_information":"gewgew\n\n##
89
+ Impact\n\ngwegwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-04T20:11:36.005Z","first_program_activity_at":"2016-11-04T20:11:36.005Z","last_program_activity_at":"2016-11-04T20:11:36.005Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-04T20:11:36.005Z","last_activity_at":"2016-11-04T20:11:37.381Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
90
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"234571","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-04T20:11:35.963Z"}}},"weakness":{"data":{"id":"76","type":"weakness","attributes":{"name":"Malware","description":"An
91
+ adversary installs and executes malicious code on the target system in an
92
+ effort to achieve a negative technical impact.","external_id":"capec-549","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"434096","type":"report","attributes":{"title":"Testing","state":"new","created_at":"2016-11-04T19:50:18.883Z","vulnerability_information":"lfkjewjl\n\n##
93
+ Impact\n\nflejwljkwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-04T19:50:18.960Z","first_program_activity_at":"2016-11-04T19:50:18.960Z","last_program_activity_at":"2016-11-04T19:50:18.960Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-04T19:50:18.960Z","last_activity_at":"2016-11-04T19:50:18.960Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
94
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"234568","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-04T19:50:18.923Z"}}},"weakness":{"data":{"id":"76","type":"weakness","attributes":{"name":"Malware","description":"An
95
+ adversary installs and executes malicious code on the target system in an
96
+ effort to achieve a negative technical impact.","external_id":"capec-549","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15939","type":"structured-scope","attributes":{"asset_type":"HARDWARE","asset_identifier":"GitHub
97
+ Enterprise","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"GitHub
98
+ Enterprise is the on-premises version of GitHub. GitHub Enterprise shares
99
+ a code-base with GitHub.com, is built on Ruby on Rails and leverages a number
100
+ of open source technologies.\n\nGitHub Enterprise adds a number of features
101
+ for enterprise infrastructures. This includes additional authentication backends
102
+ and clustering options. Below is a subset of features unique to GitHub Enterprise
103
+ that might be interesting to investigate.\n\n- Instance-wide authentication
104
+ ([*private mode*](https://help.github.com/enterprise/admin/guides/installation/enabling-private-mode/))\n-
105
+ External authentication backends including [CAS, LDAP, and SAML](https://help.github.com/enterprise/admin/guides/user-management/)\n-
106
+ In-app administration of the instance using a site administrator control panel\n-
107
+ [User, organization, and repository migration](https://help.github.com/enterprise/admin/guides/migrations/)\n-
108
+ [Web-based management console](https://help.github.com/enterprise/admin/guides/installation/web-based-management-console/)
109
+ and [SSH access](https://help.github.com/enterprise/admin/guides/installation/administrative-shell-ssh-access/)
110
+ to configure and update the instance\n- [Pre-receive hook scripts](https://help.github.com/enterprise/admin/guides/developer-workflow/creating-a-pre-receive-hook-script/)\n\nYou
111
+ can request a trial of GitHub Enterprise for security testing at [https://enterprise.github.com/bounty](https://enterprise.github.com/bounty).\n\n-
112
+ Resources and features provided by the latest patch release of each non-deprecated
113
+ version of the GitHub Enterprise virtual machine. Major versions of GitHub
114
+ Enterprise are deprecated one year after release. For more information see
115
+ [this list of releases](https://enterprise.github.com/releases/).\n- All listening
116
+ services hosted on a GitHub Enterprise instance. See [our documentation](https://help.github.com/enterprise/admin/guides/installation/network-ports-to-open/)
117
+ for a reference of ports typically opened on a GitHub Enterprise instance.\n-
118
+ Code de-obfuscation may be explored to further investigate GitHub Enterprise,
119
+ but only for the purpose of the bounty program. Bounty hunters still need
120
+ to abide by all of our other Bounty program rules and terms and the applicable
121
+ software license terms.\n\nIneligible submissions:\n- Vulnerabilities caused
122
+ by lack of subdomain isolation\n- Escalation to the root user via sudo\n-
123
+ Bypassing source code de-obfuscation\n","max_severity":"critical","created_at":"2016-10-29T20:48:48.915Z","updated_at":"2016-10-29T20:48:48.915Z","reference":""}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"430397","type":"report","attributes":{"title":"Demo
124
+ report: XSS in GitHub test home page","state":"new","created_at":"2016-10-29T18:07:20.617Z","vulnerability_information":"In
125
+ some ***fantasy world***, the home page of GitHub test is vulnerable to an
126
+ *imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2.
127
+ Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press
128
+ enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability
129
+ allows us to run an external script on your website that for example steals
130
+ the cookies of the users that''s facing the XSS and thus gaining access to
131
+ the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-01T18:07:30.449Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-01T18:07:30.449Z","last_activity_at":"2016-11-01T18:07:30.449Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo
132
+ Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"170761","type":"user","attributes":{"username":"philipturnbull","name":"Phil
133
+ Turnbull","disabled":false,"created_at":"2017-05-24T18:37:20.644Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/170/761/32db5fe3b68ab940c08762597cf6dc218ea569ab_original.jpeg/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/170/761/32db5fe3b68ab940c08762597cf6dc218ea569ab_original.jpeg/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbHhqIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--1288f07999072babe0cdf90162e1f6f7da35aa14/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9VWTI5dFltbHVaVjl2Y0hScGIyNXpld2c2REdkeVlYWnBkSGxKSWd0RFpXNTBaWElHT2daRlZEb0xjbVZ6YVhwbFNTSU5NVEV3ZURFeE1GNEdPd2RVT2dsamNtOXdTU0lRTVRFd2VERXhNQ3N3S3pBR093ZFUiLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--955e4ecf4dcd6b5873333833a7d869bd60c7dd7b/45588_orig.jpeg","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbHhqIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--1288f07999072babe0cdf90162e1f6f7da35aa14/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/45588_orig.jpeg"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
134
+ Index Underflow","description":"The product uses untrusted input when calculating
135
+ or using an array index, but the product does not validate or incorrectly
136
+ validates the index to ensure the index references a valid position within
137
+ the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425480","type":"report","attributes":{"title":"greg","state":"new","created_at":"2016-10-18T20:05:44.316Z","vulnerability_information":"gregr\n\n##
138
+ Impact\n\ngregre","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-18T20:05:44.403Z","first_program_activity_at":"2016-10-18T20:05:44.403Z","last_program_activity_at":"2016-10-18T20:05:44.403Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-18T20:05:44.403Z","last_activity_at":"2016-10-18T20:08:09.264Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
139
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
140
+ Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225991","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-18T20:05:44.360Z"}}},"weakness":{"data":{"id":"9","type":"weakness","attributes":{"name":"Buffer
141
+ Over-read","description":"The software reads from a buffer using buffer access
142
+ mechanisms such as indexes or pointers that reference memory locations after
143
+ the targeted buffer.","external_id":"cwe-126","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425470","type":"report","attributes":{"title":"htht","state":"new","created_at":"2016-10-18T19:13:48.758Z","vulnerability_information":"htrhtr\n\n##
144
+ Impact\n\nhrthht","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-18T19:13:48.849Z","first_program_activity_at":"2016-10-18T19:13:48.849Z","last_program_activity_at":"2016-10-18T19:13:48.849Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-18T19:13:48.849Z","last_activity_at":"2016-10-18T19:13:51.079Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
145
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225980","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-18T19:13:48.798Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer
146
+ Under-read","description":"The software reads from a buffer using buffer access
147
+ mechanisms such as indexes or pointers that reference memory locations prior
148
+ to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425425","type":"report","attributes":{"title":"fewfewfew","state":"new","created_at":"2016-10-18T17:02:37.361Z","vulnerability_information":"fwefawefe\n\n##
149
+ Impact\n\nfewfewfew","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2019-09-19T05:23:10.079Z","first_program_activity_at":"2016-10-18T17:02:37.427Z","last_program_activity_at":"2019-09-19T05:24:01.166Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2019-09-19T05:24:01.166Z","last_activity_at":"2019-09-19T05:24:01.166Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
150
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"519534","type":"severity","attributes":{"rating":"low","author_type":"Team","user_id":516261,"created_at":"2019-09-19T05:24:01.145Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
151
+ Underflow","description":"The software writes to a buffer using an index or
152
+ pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425399","type":"report","attributes":{"title":"htehre","state":"new","created_at":"2016-10-18T15:34:27.207Z","vulnerability_information":"hrehreh\n\n##
153
+ Impact\n\nhreherrehrhh","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-18T15:34:27.260Z","first_program_activity_at":"2016-10-18T15:34:27.260Z","last_program_activity_at":"2016-10-18T15:34:27.260Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-18T15:34:27.260Z","last_activity_at":"2016-10-18T15:35:58.276Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
154
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225912","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-18T15:34:27.234Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
155
+ Underflow","description":"The software writes to a buffer using an index or
156
+ pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425184","type":"report","attributes":{"title":"htrhtr","state":"new","created_at":"2016-10-17T23:23:07.652Z","vulnerability_information":"htrhrt\n\n##
157
+ Impact\n\nhtrhtr","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-17T23:23:07.736Z","first_program_activity_at":"2016-10-17T23:23:07.736Z","last_program_activity_at":"2016-10-17T23:23:07.736Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-17T23:23:07.736Z","last_activity_at":"2016-10-17T23:26:41.323Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
158
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
159
+ Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225660","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-17T23:23:07.689Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer
160
+ Under-read","description":"The software reads from a buffer using buffer access
161
+ mechanisms such as indexes or pointers that reference memory locations prior
162
+ to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"424694","type":"report","attributes":{"title":"gregre","state":"new","created_at":"2016-10-16T16:16:11.476Z","vulnerability_information":"gregregre\n\n##
163
+ Impact\n\ngregerg","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-16T16:16:11.543Z","first_program_activity_at":"2016-10-16T16:16:11.543Z","last_program_activity_at":"2016-10-16T16:16:11.543Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-16T16:16:11.543Z","last_activity_at":"2016-10-16T16:16:46.459Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
164
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225129","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-16T16:16:11.512Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer
165
+ Under-read","description":"The software reads from a buffer using buffer access
166
+ mechanisms such as indexes or pointers that reference memory locations prior
167
+ to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415344","type":"report","attributes":{"title":"htrhtr","state":"new","created_at":"2016-09-27T16:32:05.063Z","vulnerability_information":"thrhtrhtr\n\n##
168
+ Impact\n\nthrrthtr","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-27T16:32:05.126Z","first_program_activity_at":"2016-09-27T16:32:05.126Z","last_program_activity_at":"2016-09-27T16:32:05.126Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"issue_tracker_reference_id":"12","last_public_activity_at":"2016-09-27T16:32:05.126Z","last_activity_at":"2016-09-27T17:12:54.153Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
169
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
170
+ Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215876","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-27T16:32:05.095Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute
171
+ Force","description":"The software does not implement sufficient measures
172
+ to prevent multiple failed authentication attempts within in a short time
173
+ frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415144","type":"report","attributes":{"title":"htrh","state":"new","created_at":"2016-09-27T01:00:56.238Z","vulnerability_information":"hhtrhrt\n\n##
174
+ Impact\n\nhtr","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-27T01:00:56.317Z","first_program_activity_at":"2016-09-27T01:00:56.317Z","last_program_activity_at":"2016-09-27T01:01:24.428Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-27T01:01:24.428Z","last_activity_at":"2016-09-27T01:01:25.509Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":28,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
175
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
176
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215668","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-27T01:00:56.277Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
177
+ Index Underflow","description":"The product uses untrusted input when calculating
178
+ or using an array index, but the product does not validate or incorrectly
179
+ validates the index to ensure the index references a valid position within
180
+ the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415133","type":"report","attributes":{"title":"k78k87","state":"new","created_at":"2016-09-26T23:51:35.228Z","vulnerability_information":"k87k87k87\n\n##
181
+ Impact\n\nk8787kk7k7k78likuj","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-26T23:51:35.299Z","first_program_activity_at":"2016-09-26T23:51:35.299Z","last_program_activity_at":"2016-09-27T00:05:08.131Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-27T00:05:08.131Z","last_activity_at":"2016-09-27T00:05:08.723Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":812,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
182
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
183
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215658","type":"severity","attributes":{"rating":"high","author_type":"User","user_id":175595,"created_at":"2016-09-26T23:51:35.266Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
184
+ Index Underflow","description":"The product uses untrusted input when calculating
185
+ or using an array index, but the product does not validate or incorrectly
186
+ validates the index to ensure the index references a valid position within
187
+ the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415035","type":"report","attributes":{"title":"greergregreg","state":"new","created_at":"2016-09-26T19:49:53.207Z","vulnerability_information":"ergrgre\n\n##
188
+ Impact\n\ngregreer","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-26T19:49:53.410Z","first_program_activity_at":"2016-09-26T19:49:53.410Z","last_program_activity_at":"2016-09-26T19:53:19.020Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-26T19:53:19.020Z","last_activity_at":"2016-09-26T19:53:20.310Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":205,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
189
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
190
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215530","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-26T19:49:53.250Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute
191
+ Force","description":"The software does not implement sufficient measures
192
+ to prevent multiple failed authentication attempts within in a short time
193
+ frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412631","type":"report","attributes":{"title":"jt","state":"new","created_at":"2016-09-22T00:33:43.979Z","vulnerability_information":"yjt\n\n##
194
+ Impact\n\ntyj","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:33:44.071Z","first_program_activity_at":"2016-09-22T00:33:44.071Z","last_program_activity_at":"2016-09-22T00:33:56.364Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:33:56.364Z","last_activity_at":"2016-09-22T00:33:57.403Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":0,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
195
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
196
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213177","type":"severity","attributes":{"rating":"critical","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:33:44.028Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer
197
+ Under-read","description":"The software reads from a buffer using buffer access
198
+ mechanisms such as indexes or pointers that reference memory locations prior
199
+ to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412630","type":"report","attributes":{"title":"hfg","state":"new","created_at":"2016-09-22T00:32:25.134Z","vulnerability_information":"ghgfh\n\n##
200
+ Impact\n\nhgfgfh","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:32:25.284Z","first_program_activity_at":"2016-09-22T00:32:25.284Z","last_program_activity_at":"2016-09-22T00:32:25.284Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:32:25.284Z","last_activity_at":"2016-09-22T00:32:25.284Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
201
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213176","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:32:25.185Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
202
+ Underflow","description":"The software writes to a buffer using an index or
203
+ pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412629","type":"report","attributes":{"title":"hfghgfh","state":"new","created_at":"2016-09-22T00:31:06.361Z","vulnerability_information":"hfghfg\n\n##
204
+ Impact\n\nhgfgh","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:31:06.480Z","first_program_activity_at":"2016-09-22T00:31:06.480Z","last_program_activity_at":"2016-09-22T00:31:21.708Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:31:21.708Z","last_activity_at":"2016-09-22T00:31:23.038Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":0,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
205
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
206
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213175","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:31:06.427Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
207
+ Underflow","description":"The software writes to a buffer using an index or
208
+ pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412628","type":"report","attributes":{"title":"fgdgfdfgd","state":"new","created_at":"2016-09-22T00:29:45.651Z","vulnerability_information":"gfdgfdfggfd\n\n##
209
+ Impact\n\nfgdfgdfgdfgd","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:29:45.767Z","first_program_activity_at":"2016-09-22T00:29:45.767Z","last_program_activity_at":"2016-09-22T00:30:17.747Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:30:17.747Z","last_activity_at":"2016-09-22T00:30:18.925Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":0,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
210
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
211
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213174","type":"severity","attributes":{"rating":"high","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:29:45.705Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
212
+ Underflow","description":"The software writes to a buffer using an index or
213
+ pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412553","type":"report","attributes":{"title":"fgdfgdfgd","state":"new","created_at":"2016-09-21T19:00:54.504Z","vulnerability_information":"gfdgfdfgd\n\n##
214
+ Impact\n\nfgdgfd","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-21T19:00:54.614Z","first_program_activity_at":"2016-09-21T19:00:54.614Z","last_program_activity_at":"2016-09-22T00:28:56.690Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:28:56.690Z","last_activity_at":"2016-09-22T00:28:58.458Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":17945,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
215
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
216
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213079","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-21T19:00:54.556Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute
217
+ Force","description":"The software does not implement sufficient measures
218
+ to prevent multiple failed authentication attempts within in a short time
219
+ frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"411276","type":"report","attributes":{"title":"Demo
220
+ report: XSS in GitHub test home page","state":"new","created_at":"2016-09-18T22:37:10.591Z","vulnerability_information":"In
221
+ some ***fantasy world***, the home page of GitHub test is vulnerable to an
222
+ *imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2.
223
+ Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press
224
+ enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability
225
+ allows us to run an external script on your website that for example steals
226
+ the cookies of the users that''s facing the XSS and thus gaining access to
227
+ the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-21T22:37:12.860Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-21T22:37:12.860Z","last_activity_at":"2016-09-21T22:37:12.860Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo
228
+ Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
229
+ Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
230
+ Index Underflow","description":"The product uses untrusted input when calculating
231
+ or using an array index, but the product does not validate or incorrectly
232
+ validates the index to ensure the index references a valid position within
233
+ the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"411263","type":"report","attributes":{"title":"Demo
234
+ report: XSS in GitHub test home page","state":"new","created_at":"2016-09-18T21:17:14.574Z","vulnerability_information":"In
235
+ some ***fantasy world***, the home page of GitHub test is vulnerable to an
236
+ *imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2.
237
+ Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press
238
+ enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability
239
+ allows us to run an external script on your website that for example steals
240
+ the cookies of the users that''s facing the XSS and thus gaining access to
241
+ the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-21T21:17:28.659Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-21T21:17:28.659Z","last_activity_at":"2016-09-21T21:17:28.659Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo
242
+ Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
243
+ Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
244
+ Index Underflow","description":"The product uses untrusted input when calculating
245
+ or using an array index, but the product does not validate or incorrectly
246
+ validates the index to ensure the index references a valid position within
247
+ the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"391124","type":"report","attributes":{"title":"HACK
248
+ FOUND","state":"new","created_at":"2016-08-07T00:13:41.128Z","vulnerability_information":"YOU
249
+ HAVE BEEN HACKED LOLOLOLOL\n\n## Impact\n\nHACK YOU","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-08-07T00:13:41.292Z","first_program_activity_at":"2016-08-07T00:13:41.292Z","last_program_activity_at":"2016-08-07T00:13:41.292Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-08-07T00:13:41.292Z","last_activity_at":"2016-08-07T00:13:41.292Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"291079","type":"user","attributes":{"username":"rzhade3","name":"Rahul
250
+ Zhade","disabled":false,"created_at":"2016-06-12T17:43:40.852Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBdW1YIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--ccec2bdbe3c2291cc1ccf84fb84723b0809a1cb6/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/octocat.png"},"bio":"Application
251
+ Security @GitHub","website":"https://zhade.dev","location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"192505","type":"severity","attributes":{"rating":"critical","author_type":"User","user_id":291079,"created_at":"2016-08-07T00:13:41.194Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute
252
+ Force","description":"The software does not implement sufficient measures
253
+ to prevent multiple failed authentication attempts within in a short time
254
+ frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"389780","type":"report","attributes":{"title":"Demo
255
+ report: XSS in GitHub test home page","state":"new","created_at":"2016-08-02T21:24:11.500Z","vulnerability_information":"In
256
+ some ***fantasy world***, the home page of GitHub test is vulnerable to an
257
+ *imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2.
258
+ Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press
259
+ enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability
260
+ allows us to run an external script on your website that for example steals
261
+ the cookies of the users that''s facing the XSS and thus gaining access to
262
+ the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-08-05T21:24:26.989Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-08-05T21:24:26.989Z","last_activity_at":"2016-08-05T21:24:26.989Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":"2016-09-14T21:24:11.500Z","timer_first_program_response_miss_at":"2016-08-03T21:24:11.500Z","timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":"2016-09-14T21:24:11.500Z","timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":"2016-08-06T21:24:11.500Z","timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo
263
+ Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"291079","type":"user","attributes":{"username":"rzhade3","name":"Rahul
264
+ Zhade","disabled":false,"created_at":"2016-06-12T17:43:40.852Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBdW1YIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--ccec2bdbe3c2291cc1ccf84fb84723b0809a1cb6/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/octocat.png"},"signal":null,"impact":null,"reputation":null,"bio":"Application
265
+ Security @GitHub","website":"https://zhade.dev","location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
266
+ Index Underflow","description":"The product uses untrusted input when calculating
267
+ or using an array index, but the product does not validate or incorrectly
268
+ validates the index to ensure the index references a valid position within
269
+ the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}}],"links":{}}'
270
+ recorded_at: Tue, 26 Jan 2021 01:59:08 GMT
271
+ recorded_with: VCR 6.0.0
data/fixtures/vcr_cassettes/report_list_triaged.yml ADDED
@@ -0,0 +1,77 @@
1
+ ---
2
+ http_interactions:
3
+ - request:
4
+ method: get
5
+ uri: https://api.hackerone.com/v1/reports?filter%5Bcreated_at__gt%5D=2017-02-11T16:00:44-10:00&filter%5Bprogram%5D%5B0%5D=github&filter%5Bstate%5D%5B0%5D=triaged
6
+ body:
7
+ encoding: US-ASCII
8
+ string: ''
9
+ headers:
10
+ Authorization:
11
+ - Basic NOPE
12
+ User-Agent:
13
+ - Faraday v1.0.0
14
+ Accept-Encoding:
15
+ - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
16
+ Accept:
17
+ - "*/*"
18
+ response:
19
+ status:
20
+ code: 200
21
+ message: OK
22
+ headers:
23
+ Date:
24
+ - Tue, 24 Mar 2020 14:11:47 GMT
25
+ Content-Type:
26
+ - application/json; charset=utf-8
27
+ Transfer-Encoding:
28
+ - chunked
29
+ Connection:
30
+ - keep-alive
31
+ Set-Cookie:
32
+ - __cfduid=dabd0c152e7e92db1c896d18efb3473911585059107; expires=Thu, 23-Apr-20
33
+ 14:11:47 GMT; path=/; Domain=api.hackerone.com; HttpOnly; SameSite=Lax; Secure
34
+ X-Request-Id:
35
+ - 5ead5fa1-86fb-4b8f-ae8b-755d0b08b40c
36
+ Etag:
37
+ - W/"a9d3a797dc03972084547d21d1a4ebcd"
38
+ Cache-Control:
39
+ - max-age=0, private, must-revalidate
40
+ Strict-Transport-Security:
41
+ - max-age=31536000; includeSubDomains; preload
42
+ X-Frame-Options:
43
+ - DENY
44
+ X-Content-Type-Options:
45
+ - nosniff
46
+ X-Xss-Protection:
47
+ - 1; mode=block
48
+ X-Download-Options:
49
+ - noopen
50
+ X-Permitted-Cross-Domain-Policies:
51
+ - none
52
+ Referrer-Policy:
53
+ - strict-origin-when-cross-origin
54
+ Expect-Ct:
55
+ - enforce, max-age=86400
56
+ Content-Security-Policy:
57
+ - 'default-src ''none''; base-uri ''self''; block-all-mixed-content; child-src
58
+ www.youtube-nocookie.com; connect-src ''self'' www.google-analytics.com errors.hackerone.net;
59
+ font-src ''self''; form-action ''self''; frame-ancestors ''none''; img-src
60
+ ''self'' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com
61
+ profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com;
62
+ media-src ''self'' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com;
63
+ script-src ''self'' www.google-analytics.com; style-src ''self'' ''unsafe-inline'';
64
+ report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598'
65
+ Cf-Cache-Status:
66
+ - DYNAMIC
67
+ Server:
68
+ - cloudflare
69
+ Cf-Ray:
70
+ - 5790fbbbb977e4d8-ATL
71
+ body:
72
+ encoding: ASCII-8BIT
73
+ string: !binary |-
74
+ eyJkYXRhIjpbeyJpZCI6IjgxNTA5OSIsInR5cGUiOiJyZXBvcnQiLCJhdHRyaWJ1dGVzIjp7InRpdGxlIjoiSmFsIiwic3RhdGUiOiJ0cmlhZ2VkIiwiY3JlYXRlZF9hdCI6IjIwMjAtMDMtMDlUMTQ6NDU6MzIuNzQxWiIsInZ1bG5lcmFiaWxpdHlfaW5mb3JtYXRpb24iOiJLYWxcblxuIyMgSW1wYWN0XG5cbkxhbCIsInRyaWFnZWRfYXQiOiIyMDIwLTAzLTI0VDE0OjExOjM3LjcxMloiLCJjbG9zZWRfYXQiOm51bGwsImxhc3RfcmVwb3J0ZXJfYWN0aXZpdHlfYXQiOiIyMDIwLTAzLTI0VDE0OjExOjM3LjcxMloiLCJmaXJzdF9wcm9ncmFtX2FjdGl2aXR5X2F0IjoiMjAyMC0wMy0wOVQxNDo0NTozMi43OTZaIiwibGFzdF9wcm9ncmFtX2FjdGl2aXR5X2F0IjoiMjAyMC0wMy0yNFQxNDoxMTozNy43MTJaIiwiYm91bnR5X2F3YXJkZWRfYXQiOm51bGwsInN3YWdfYXdhcmRlZF9hdCI6bnVsbCwiZGlzY2xvc2VkX2F0IjpudWxsLCJyZXBvcnRlcl9hZ3JlZWRfb25fZ29pbmdfcHVibGljX2F0IjpudWxsLCJsYXN0X3B1YmxpY19hY3Rpdml0eV9hdCI6IjIwMjAtMDMtMjRUMTQ6MTE6MzcuNzEyWiIsImxhc3RfYWN0aXZpdHlfYXQiOiIyMDIwLTAzLTI0VDE0OjExOjM3LjcxMloiLCJzb3VyY2UiOm51bGx9LCJyZWxhdGlvbnNoaXBzIjp7InJlcG9ydGVyIjp7ImRhdGEiOnsiaWQiOiIyOTEwNzkiLCJ0eXBlIjoidXNlciIsImF0dHJpYnV0ZXMiOnsidXNlcm5hbWUiOiJyemhhZGUzIiwibmFtZSI6IlJhaHVsIFpoYWRlIiwiZGlzYWJsZWQiOmZhbHNlLCJjcmVhdGVkX2F0IjoiMjAxOC0wNi0xMlQxNzo0Mzo0MC44NTJaIiwicHJvZmlsZV9waWN0dXJlIjp7IjYyeDYyIjoiaHR0cHM6Ly9wcm9maWxlLXBob3Rvcy5oYWNrZXJvbmUtdXNlci1jb250ZW50LmNvbS92YXJpYW50cy8wMDAvMjkxLzA3OS9iNzljM2MzNDMxMzBiZDYzMTEzMWY2OTBlMmYwNGJjMGQxZmRlOGJmX29yaWdpbmFsLnBuZy8zYWZjYjVjODk2MjQ3ZTdlZThhZGEzMWIxYzFlYjg2NTdlMjIyNDFmOTExMDkzYWNmZTRlYzdlOTdhM2E5NTlhIiwiODJ4ODIiOiJodHRwczovL3Byb2ZpbGUtcGhvdG9zLmhhY2tlcm9uZS11c2VyLWNvbnRlbnQuY29tL3ZhcmlhbnRzLzAwMC8yOTEvMDc5L2I3OWMzYzM0MzEzMGJkNjMxMTMxZjY5MGUyZjA0YmMwZDFmZGU4YmZfb3JpZ2luYWwucG5nL2ViMzE4MjNhNGNjOWY2YjZiYjRkYjkzMGZmZGY1MTI1MzM5MjhhNjhhNDI1NWZiNTBhODMxODAyODFhNjBkYTUiLCIxMTB4MTEwIjoiaHR0cHM6Ly9wcm9maWxlLXBob3Rvcy5oYWNrZXJvbmUtdXNlci1jb250ZW50LmNvbS92YXJpYW50cy8wMDAvMjkxLzA3OS9iNzljM2MzNDMxMzBiZDYzMTEzMWY2OTBlMmYwNGJjMGQxZmRlOGJmX29yaWdpbmFsLnBuZy82OTIyMzdlYjk2OTFmYmRlOTJhMTcxNzRjZGI4MDlhNzg4YWNlMDJiYzc3YzcyODAzZjE3ZDMyYjQxZTRmMjEzIiwiMjYweDI2MCI6Imh0dHBzOi8vcHJvZmlsZS1waG90b3MuaGFja2Vyb25lLXVzZXItY29udGVudC5jb20vdmFyaWFudHMvMDAwLzI5MS8wNzkvYjc5YzNjMzQzMTMwYmQ2MzExMzFmNjkwZTJmMDRiYzBkMWZkZThiZl9vcmlnaW5hbC5wbmcvY2YxZTRiNWQ0NDAwNWNiNjFmYWIzNThkZDY5Njg0MTVmMjA1NDVkZTVmMDU1YmE0ZWQzM2NhNDM4Nzk0OGNkYyJ9LCJiaW8iOiJBcHBsaWNhdGlvbiBTZWN1cml0eSBAR2l0SHViIiwid2Vic2l0ZSI6Imh0dHBzOi8vemhhZGUuZGV2IiwibG9jYXRpb24iOiIiLCJoYWNrZXJvbmVfdHJpYWdlciI6ZmFsc2V9fX0sImFzc2lnbmVlIjp7ImRhdGEiOnsiaWQiOiI4NTA0OSIsInR5cGUiOiJ1c2VyIiwiYXR0cmlidXRlcyI6eyJ1c2VybmFtZSI6ImJyZW50am8tZ2giLCJuYW1lIjoiQnJlbnQgSm9obnNvbiIsImRpc2FibGVkIjpmYWxzZSwiY3JlYXRlZF9hdCI6IjIwMTYtMDYtMTRUMjA6MDE6MzAuODkxWiIsInByb2ZpbGVfcGljdHVyZSI6eyI2Mng2MiI6Ii9hc3NldHMvYXZhdGFycy9kZWZhdWx0LTcxYTMwMmQ3MDY0NTdmM2QzYTMxZWIzMGZhM2U3M2U2Y2YwYjFkNjc3YjhmYTIxOGVhZWFmZmQ2N2FlOTc5MTgucG5nIiwiODJ4ODIiOiIvYXNzZXRzL2F2YXRhcnMvZGVmYXVsdC03MWEzMDJkNzA2NDU3ZjNkM2EzMWViMzBmYTNlNzNlNmNmMGIxZDY3N2I4ZmEyMThlYWVhZmZkNjdhZTk3OTE4LnBuZyIsIjExMHgxMTAiOiIvYXNzZXRzL2F2YXRhcnMvZGVmYXVsdC03MWEzMDJkNzA2NDU3ZjNkM2EzMWViMzBmYTNlNzNlNmNmMGIxZDY3N2I4ZmEyMThlYWVhZmZkNjdhZTk3OTE4LnBuZyIsIjI2MHgyNjAiOiIvYXNzZXRzL2F2YXRhcnMvZGVmYXVsdC03MWEzMDJkNzA2NDU3ZjNkM2EzMWViMzBmYTNlNzNlNmNmMGIxZDY3N2I4ZmEyMThlYWVhZmZkNjdhZTk3OTE4LnBuZyJ9LCJzaWduYWwiOm51bGwsImltcGFjdCI6bnVsbCwicmVwdXRhdGlvbiI6bnVsbCwiYmlvIjoiIiwid2Vic2l0ZSI6bnVsbCwibG9jYXRpb24iOiIiLCJoYWNrZXJvbmVfdHJpYWdlciI6ZmFsc2V9fX0sInByb2dyYW0iOnsiZGF0YSI6eyJpZCI6IjExNzY3IiwidHlwZSI6InByb2dyYW0iLCJhdHRyaWJ1dGVzIjp7ImhhbmRsZSI6ImdpdGh1Yi10ZXN0IiwicG9saWN5IjoiIyBHaXRIdWIgVGVzdCBCdWcgQm91bnR5XHJcblxyXG5Tb2Z0d2FyZSBzZWN1cml0eSByZXNlYXJjaGVycyBhcmUgaW5jcmVhc2luZ2x5IGVuZ2FnaW5nIHdpdGggSW50ZXJuZXQgY29tcGFuaWVzIHRvIGh1bnQgZG93biB2dWxuZXJhYmlsaXRpZXMuIE91ciBib3VudHkgcHJvZ3JhbSBnaXZlcyBhIHRpcCBvZiB0aGUgaGF0IHRvIHRoZXNlIHJlc2VhcmNoZXJzIGFuZCBwcm92aWRlcyByZXdhcmRzIG9mICAkMzAsMDAwIG9yIG1vcmUgZm9yIGNyaXRpY2FsIHZ1bG5lcmFiaWxpdGllcy5cclxuXHJcblxyXG5Zb3UgY2FuIGZpbmQgbW9yZSBpbmZvcm1hdGlvbiBpbiBvdXIgW3J1bGVzXShodHRwczovL2JvdW50eS5naXRodWIuY29tLyNydWxlcyksIFtzY29wZV0oaHR0cHM6Ly9ib3VudHkuZ2l0aHViLmNvbS8jc2NvcGUpLCBbdGFyZ2V0c10oaHR0cHM6Ly9ib3VudHkuZ2l0aHViLmNvbS8jdGFyZ2V0cyksIGFuZCBbRkFRXShodHRwczovL2JvdW50eS5naXRodWIuY29tLyNmYXFzKSBzZWN0aW9ucy4gWW91IGNhbiBhbHNvIGNoZWNrIHRoZSBjdXJyZW50IHJhbmtpbmdzIG9uIHRoZSBbbGVhZGVyYm9hcmRdKGh0dHBzOi8vYm91bnR5LmdpdGh1Yi5jb20vI2xlYWRlcmJvYXJkKS5cclxuXHJcbkhhcHB5IGhhY2tpbmchXHJcblxyXG5cclxuIyMgUnVsZXNcclxuXHJcbiMjIyBCZWZvcmUgeW91IHN0YXJ0XHJcblxyXG4qIENoZWNrIHRoZSBsaXN0IG9mIGJ1Z3MgdGhhdCBoYXZlIGJlZW4gW2NsYXNzaWZpZWQgYXMgaW5lbGlnaWJsZV0oaHR0cHM6Ly9ib3VudHkuZ2l0aHViLmNvbS9pbmVsaWdpYmxlLmh0bWwpLiBTdWJtaXNzaW9ucyB3aGljaCBhcmUgaW5lbGlnaWJsZSB3aWxsIGxpa2VseSBiZSBjbG9zZWQgYXMgYE5vdCBBcHBsaWNhYmxlYC5cclxuKiBDaGVjayB0aGUgW0dpdEh1YiBDaGFuZ2Vsb2ddKGh0dHBzOi8vZ2l0aHViLmJsb2cvY2hhbmdlbG9nLykgZm9yIHJlY2VudGx5IGxhdW5jaGVkIGZlYXR1cmVzLlxyXG4qIE5ldmVyIGF0dGVtcHQgbm9uLXRlY2huaWNhbCBhdHRhY2tzIHN1Y2ggYXMgc29jaWFsIGVuZ2luZWVyaW5nLCBwaGlzaGluZywgb3IgcGh5c2ljYWwgYXR0YWNrcyBhZ2FpbnN0IG91ciBlbXBsb3llZXMsIHVzZXJzLCBvciBpbmZyYXN0cnVjdHVyZS5cclxuKiBXaGVuIGluIGRvdWJ0LCBjb250YWN0IHVzIGF0IGBib3VudHlAZ2l0aHViLmNvbWAuXHJcbiogQnkgcGFydGljaXBhdGluZyBpbiBHaXRIdWIncyBCdWcgQm91bnR5IHByb2dyYW0gKHRoZSBcIlByb2dyYW1cIiksIHlvdSBhY2tub3dsZWRnZSB0aGF0IHlvdSBoYXZlIHJlYWQgYW5kIGFncmVlIHRvIEdpdEh1YidzIFtUZXJtcyBvZiBTZXJ2aWNlXShodHRwczovL2hlbHAuZ2l0aHViLmNvbS9hcnRpY2xlcy9naXRodWItdGVybXMtb2Ytc2VydmljZSkgYXMgd2VsbCBhcyB0aGUgZm9sbG93aW5nOlxyXG5cclxuICAqIHlvdSdyZSBub3QgcGFydGljaXBhdGluZyBmcm9tIGEgY291bnRyeSBhZ2FpbnN0IHdoaWNoIHRoZSBVbml0ZWQgU3RhdGVzIGhhcyBpc3N1ZWQgZXhwb3J0IHNhbmN0aW9ucyBvciBvdGhlciB0cmFkZSByZXN0cmljdGlvbnMsIGluY2x1ZGluZyBDdWJhLCBJcmFuLCBOb3J0aCBLb3JlYSwgU3VkYW4sIGFuZCBTeXJpYS5cclxuXHJcbiAgKiB5b3VyIHBhcnRpY2lwYXRpb24gaW4gdGhlIFByb2dyYW0gd2lsbCBub3QgdmlvbGF0ZSBhbnkgbGF3IGFwcGxpY2FibGUgdG8geW91LCBvciBkaXNydXB0IG9yIGNvbXByb21pc2UgYW55IGRhdGEgdGhhdCBpcyBub3QgeW91ciBvd24uXHJcblxyXG4gICogeW91IGFyZSBzb2xlbHkgcmVzcG9uc2libGUgZm9yIGFueSBhcHBsaWNhYmxlIHRheGVzLCB3aXRoaG9sZGluZyBvciBvdGhlcndpc2UsIGFyaXNpbmcgZnJvbSBvciByZWxhdGluZyB0byB5b3VyIHBhcnRpY2lwYXRpb24gaW4gdGhlIFByb2dyYW0sIGluY2x1ZGluZyBmcm9tIGFueSBib3VudHkgcGF5bWVudHMuXHJcblxyXG4gICogR2l0SHViIHJlc2VydmVzIHRoZSByaWdodCB0byB0ZXJtaW5hdGUgb3IgZGlzY29udGludWUgdGhlIFByb2dyYW0gYXQgaXRzIGRpc2NyZXRpb24uXHJcblxyXG4gICogT25seSB0ZXN0IGZvciB2dWxuZXJhYmlsaXRpZXMgb24gc2l0ZXMgeW91IGtub3cgdG8gYmUgb3BlcmF0ZWQgYnkgR2l0SHViIGFuZCBhcmUgW2luLXNjb3BlXShodHRwczovL2JvdW50eS5naXRodWIuY29tI3Njb3BlKS4gU29tZSBzaXRlcyBob3N0ZWQgb24gc3ViZG9tYWlucyBvZiBgR2l0SHViLmNvbWAgYXJlIG9wZXJhdGVkIGJ5IHRoaXJkIHBhcnRpZXMgYW5kIHNob3VsZCBub3QgYmUgdGVzdGVkLlxyXG5cclxuXHJcbiMjIyBMZWdhbCBzYWZlIGhhcmJvclxyXG5cclxuWW91ciByZXNlYXJjaCBpcyBjb3ZlcmVkIGJ5IHRoZSBbR2l0SHViIEJ1ZyBCb3VudHkgUHJvZ3JhbSBMZWdhbCBTYWZlIEhhcmJvcl0oaHR0cHM6Ly9oZWxwLmdpdGh1Yi5jb20vYXJ0aWNsZXMvZ2l0aHViLWJ1Zy1ib3VudHktcHJvZ3JhbS1sZWdhbC1zYWZlLWhhcmJvci8pIHBvbGljeS4gSW4gc3VtbWFyeTpcclxuKiBXZSBjb25zaWRlciBzZWN1cml0eSByZXNlYXJjaCBhbmQgdnVsbmVyYWJpbGl0eSBkaXNjbG9zdXJlIGFjdGl2aXRpZXMgY29uZHVjdGVkIGNvbnNpc3RlbnQgd2l0aCB0aGlzIHBvbGljeSBhcyDigJxhdXRob3JpemVk4oCdIGNvbmR1Y3QgdW5kZXIgdGhlIENvbXB1dGVyIEZyYXVkIGFuZCBBYnVzZSBBY3QsIHRoZSBETUNBLCBhbmQgb3RoZXIgYXBwbGljYWJsZSBjb21wdXRlciB1c2UgbGF3cyBzdWNoIGFzIENhbC4gUGVuYWwgQ29kZSA1MDIoYykuIFdlIHdhaXZlIGFueSBwb3RlbnRpYWwgRE1DQSBjbGFpbSBhZ2FpbnN0IHlvdSBmb3IgY2lyY3VtdmVudGluZyB0aGUgdGVjaG5vbG9naWNhbCBtZWFzdXJlcyB3ZSBoYXZlIHVzZWQgdG8gcHJvdGVjdCB0aGUgYXBwbGljYXRpb25zIGluIHRoaXMgYnVnIGJvdW50eSBwcm9ncmFtJ3Mgc2NvcGUuXHJcbiogV2Ugd2FudCB5b3UgdG8gcmVzcG9uc2libHkgZGlzY2xvc2UgdGhyb3VnaCBvdXIgYnVnIGJvdW50eSBwcm9ncmFtLCBhbmQgZG9uJ3Qgd2FudCByZXNlYXJjaGVycyBwdXQgaW4gZmVhciBvZiBsZWdhbCBjb25zZXF1ZW5jZXMgYmVjYXVzZSBvZiB0aGVpciBnb29kIGZhaXRoIGF0dGVtcHRzIHRvIGNvbXBseSB3aXRoIG91ciBidWcgYm91bnR5IHBvbGljeS4gV2UgY2Fubm90IGJpbmQgYW55IHRoaXJkIHBhcnR5LCBzbyBkbyBub3QgYXNzdW1lIHRoaXMgcHJvdGVjdGlvbiBleHRlbmRzIHRvIGFueSB0aGlyZCBwYXJ0eS4gSWYgaW4gZG91YnQsIGFzayB1cyBiZWZvcmUgZW5nYWdpbmcgaW4gYW55IHNwZWNpZmljIGFjdGlvbiB5b3UgdGhpbmsgbWlnaHQgZ28gb3V0c2lkZSB0aGUgYm91bmRzIG9mIG91ciBwb2xpY3kuXHJcbiogQmVjYXVzZSBib3RoIGlkZW50aWZ5aW5nIGFuZCBub24taWRlbnRpZnlpbmcgaW5mb3JtYXRpb24gY2FuIHB1dCBhIHJlc2VhcmNoZXIgYXQgcmlzaywgd2UgbGltaXQgd2hhdCB3ZSBzaGFyZSB3aXRoIHRoaXJkIHBhcnRpZXMuIFdlIG1heSBwcm92aWRlIG5vbi1pZGVudGlmeWluZyBzdWJzdGFudGl2ZSBpbmZvcm1hdGlvbiBmcm9tIHlvdXIgcmVwb3J0IHRvIGFuIGFmZmVjdGVkIHRoaXJkIHBhcnR5LCBidXQgb25seSBhZnRlciBub3RpZnlpbmcgeW91IGFuZCByZWNlaXZpbmcgYSBjb21taXRtZW50IHRoYXQgdGhlIHRoaXJkIHBhcnR5IHdpbGwgbm90IHB1cnN1ZSBsZWdhbCBhY3Rpb24gYWdhaW5zdCB5b3UuIFdlIHdpbGwgb25seSBzaGFyZSBpZGVudGlmeWluZyBpbmZvcm1hdGlvbiAobmFtZSwgZW1haWwgYWRkcmVzcywgcGhvbmUgbnVtYmVyLCBldGMuKSB3aXRoIGEgdGhpcmQgcGFydHkgaWYgeW91IGdpdmUgeW91ciB3cml0dGVuIHBlcm1pc3Npb24uXHJcbiogSWYgeW91ciBzZWN1cml0eSByZXNlYXJjaCBhcyBwYXJ0IG9mIHRoZSBidWcgYm91bnR5IHByb2dyYW0gdmlvbGF0ZXMgY2VydGFpbiByZXN0cmljdGlvbnMgaW4gb3VyIHNpdGUgcG9saWNpZXMsIHRoZSBzYWZlIGhhcmJvciB0ZXJtcyBwZXJtaXQgYSBsaW1pdGVkIGV4ZW1wdGlvbi5cclxuXHJcblxyXG4jIyMgUGVyZm9ybWluZyB5b3VyIHJlc2VhcmNoXHJcblxyXG4qIERvIG5vdCBpbXBhY3Qgb3RoZXIgdXNlcnMgd2l0aCB5b3VyIHRlc3RpbmcsIHRoaXMgaW5jbHVkZXMgdGVzdGluZyB2dWxuZXJhYmlsaXRpZXMgaW4gcmVwb3NpdG9yaWVzIG9yIG9yZ2FuaXphdGlvbnMgeW91IGRvIG5vdCBvd24uIElmIHlvdSBhcmUgYXR0ZW1wdGluZyB0byBmaW5kIGFuIGF1dGhvcml6YXRpb24gYnlwYXNzLCB5b3UgbXVzdCB1c2UgYWNjb3VudHMgeW91IG93bi5cclxuKiBUaGUgZm9sbG93aW5nIGFyZSAqKm5ldmVyKiogYWxsb3dlZCBhbmQgYXJlIGluZWxpZ2libGUgZm9yIHJld2FyZC4gV2UgbWF5IHN1c3BlbmQgeW91ciBHaXRIdWIgYWNjb3VudCBhbmQgYmFuIHlvdXIgSVAgYWRkcmVzcyBmb3I6XHJcblxyXG4gICogUGVyZm9ybWluZyBkaXN0cmlidXRlZCBkZW5pYWwgb2Ygc2VydmljZSAoRERvUykgb3Igb3RoZXIgdm9sdW1ldHJpYyBhdHRhY2tzXHJcbiAgKiBTcGFtbWluZyBjb250ZW50XHJcbiAgKiBMYXJnZS1zY2FsZSB2dWxuZXJhYmlsaXR5IHNjYW5uZXJzLCBzY3JhcGVycywgb3IgYXV0b21hdGVkIHRvb2xzIHdoaWNoIHByb2R1Y2UgZXhjZXNzaXZlIGFtb3VudHMgb2YgdHJhZmZpYy5cclxuICAgICogTm90ZTogV2UgX2RvXyBhbGxvdyB0aGUgdXNlIG9mIGF1dG9tYXRlZCB0b29scyBzbyBsb25nIGFzIHRoZXkgZG8gbm90IHByb2R1Y2UgZXhjZXNzaXZlIGFtb3VudHMgb2YgdHJhZmZpYy4gRm9yIGV4YW1wbGUsIHJ1bm5pbmcgb25lIGBubWFwYCBzY2FuIGFnYWluc3Qgb25lIGhvc3QgaXMgYWxsb3dlZCwgYnV0IHNlbmRpbmcgNjUsMDAwIHJlcXVlc3RzIGluIHR3byBtaW51dGVzIHVzaW5nIEJ1cnAgU3VpdGUgSW50cnVkZXIgaXMgZXhjZXNzaXZlLlxyXG4qIFJlc2VhcmNoaW5nIGRlbmlhbC1vZi1zZXJ2aWNlIGF0dGFja3MgaXMgYWxsb3dlZCBhbmQgZWxpZ2libGUgZm9yIHJld2FyZHMgb25seSBpZiB5b3UgZm9sbG93IHRoZXNlIHJ1bGVzOlxyXG5cclxuICAqIFJlc2VhcmNoICoqbXVzdCoqIGJlIHBlcmZvcm1lZCBpbiBvcmdhbml6YXRpb25zIG9yIHJlcG9zaXRvcmllcyB5b3Ugb3duXHJcbiAgKiBTdG9wICoqaW1tZWRpYXRlbHkqKiBpZiB5b3UgYmVsaWV2ZSB5b3UgaGF2ZSBhZmZlY3RlZCB0aGUgYXZhaWxhYmlsaXR5IG9mIG91ciBzZXJ2aWNlcy4gRG9uJ3Qgd29ycnkgYWJvdXQgZGVtb25zdHJhdGluZyB0aGUgZnVsbCBpbXBhY3Qgb2YgeW91ciB2dWxuZXJhYmlsaXR5LCBHaXRIdWIncyBzZWN1cml0eSB0ZWFtIHdpbGwgYmUgYWJsZSB0byBkZXRlcm1pbmUgdGhlIGltcGFjdC5cclxuICAqIFRoZXJlIGFyZSBubyBsaW1pdHMgZm9yIHJlc2VhcmNoaW5nIGRlbmlhbCBvZiBzZXJ2aWNlIHZ1bG5lcmFiaWxpdGllcyBhZ2FpbnN0IHlvdXIgb3duIGluc3RhbmNlIG9mIFtHaXRIdWIgRW50ZXJwcmlzZSBTZXJ2ZXJdKGh0dHBzOi8vYm91bnR5LmdpdGh1Yi5jb20vdGFyZ2V0cy9naXRodWItZW50ZXJwcmlzZS1zZXJ2ZXIuaHRtbClcclxuXHJcblxyXG4jIyMgSGFuZGxpbmcgcGVyc29uYWxseSBpZGVudGlmaWFibGUgaW5mb3JtYXRpb24gKFBJSSlcclxuXHJcbiogUGVyc29uYWxseSBpZGVudGlmeWluZyBpbmZvcm1hdGlvbiAoUElJKSBpbmNsdWRlczpcclxuICAqIGxlZ2FsIGFuZC9vciBmdWxsIG5hbWVzXHJcbiAgKiBuYW1lcyBvciB1c2VybmFtZXMgY29tYmluZWQgd2l0aCBvdGhlciBpZGVudGlmaWVycyBsaWtlIHBob25lIG51bWJlcnMgb3IgZW1haWwgYWRkcmVzc2VzXHJcbiAgKiBoZWFsdGggb3IgZmluYW5jaWFsIGluZm9ybWF0aW9uIChpbmNsdWRpbmcgaW5zdXJhbmNlIGluZm9ybWF0aW9uLCBzb2NpYWwgc2VjdXJpdHkgbnVtYmVycywgZXRjLilcclxuICAqIGluZm9ybWF0aW9uIGFib3V0IHBvbGl0aWNhbCBvciByZWxpZ2lvdXMgYWZmaWxpYXRpb25zXHJcbiAgKiBpbmZvcm1hdGlvbiBhYm91dCByYWNlLCBldGhuaWNpdHksIHNleHVhbCBvcmllbnRhdGlvbiwgZ2VuZGVyLCBvciBvdGhlciBpZGVudGlmeWluZyBpbmZvcm1hdGlvbiB0aGF0IGNvdWxkIGJlIHVzZWQgZm9yIGRpc2NyaW1pbmF0b3J5IHB1cnBvc2VzXHJcbiogRG8gbm90IGludGVudGlvbmFsbHkgYWNjZXNzIG90aGVycycgUElJLiBJZiB5b3Ugc3VzcGVjdCBhIHNlcnZpY2UgcHJvdmlkZXMgYWNjZXNzIHRvIFBJSSwgbGltaXQgcXVlcmllcyB0byB5b3VyIG93biBwZXJzb25hbCBpbmZvcm1hdGlvbi5cclxuKiBSZXBvcnQgdGhlIHZ1bG5lcmFiaWxpdHkgKmltbWVkaWF0ZWx5KiBhbmQgZG8gbm90IGF0dGVtcHQgdG8gYWNjZXNzIGFueSBvdGhlciBkYXRhLiBUaGUgR2l0SHViIFNlY3VyaXR5IHRlYW0gd2lsbCBhc3Nlc3MgdGhlIHNjb3BlIGFuZCBpbXBhY3Qgb2YgdGhlIFBJSSBleHBvc3VyZS5cclxuKiBMaW1pdCB0aGUgYW1vdW50IG9mIGRhdGEgcmV0dXJuZWQgZnJvbSBzZXJ2aWNlcy4gRm9yIFNRTCBpbmplY3Rpb24sIGZvciBleGFtcGxlLCBsaW1pdCB0aGUgbnVtYmVyIG9mIHJvd3MgcmV0dXJuZWRcclxuKiBZb3UgbXVzdCBkZWxldGUgYWxsIHlvdXIgbG9jYWwsIHN0b3JlZCwgb3IgY2FjaGVkIGNvcGllcyBvZiBkYXRhIGNvbnRhaW5pbmcgUElJIGFzIHNvb24gYXMgcG9zc2libGUuIFdlIG1heSBhc2sgeW91IHRvIHNpZ24gYSBjZXJ0aWZpY2F0ZSBvZiBkZWxldGlvbiBhbmQgY29uZmlkZW50aWFsaXR5IGFncmVlbWVudCByZWdhcmRpbmcgdGhlIGV4YWN0IGluZm9ybWF0aW9uIHlvdSBhY2Nlc3NlZC4gVGhpcyBhZ3JlZW1lbnQgd2lsbCBub3QgYWZmZWN0IHlvdXIgYm91bnR5IHJld2FyZC5cclxuKiBXZSBtYXkgYXNrIHlvdSBmb3IgdGhlIHVzZXJuYW1lcyBhbmQgSVAgYWRkcmVzc2VzIHVzZWQgZHVyaW5nIHlvdXIgdGVzdGluZyB0byBhc3Nlc3MgdGhlIGltcGFjdCBvZiB0aGUgdnVsbmVyYWJpbGl0eVxyXG5cclxuXHJcbiMjIyBSZXBvcnRpbmcgeW91ciB2dWxuZXJhYmlsaXR5XHJcblxyXG4qIFN1Ym1pc3Npb25zIG11c3QgaW5jbHVkZSB3cml0dGVuIGluc3RydWN0aW9ucyBmb3IgcmVwcm9kdWNpbmcgdGhlIHZ1bG5lcmFiaWxpdHkuIFN1Ym1pc3Npb25zIHdpdGhvdXQgY2xlYXIgcmVwcm9kdWN0aW9uIHN0ZXBzIG9yIHdoaWNoIG9ubHkgaW5jbHVkZSByZXByb2R1Y3Rpb24gc3RlcHMgaW4gdmlkZW8gZm9ybSBtYXkgYmUgaW5lbGlnaWJsZSBmb3IgYSByZXdhcmQuXHJcbiogV2hlbiByZXBvcnRpbmcgdnVsbmVyYWJpbGl0aWVzIHlvdSBtdXN0IGtlZXAgYWxsIGluZm9ybWF0aW9uIG9uIEhhY2tlck9uZS4gRG8gbm90IHBvc3QgaW5mb3JtYXRpb24gdG8gdmlkZW8tc2hhcmluZyBvciBwYXN0ZWJpbiBzaXRlcy4gVmlkZW9zIGFuZCBpbWFnZXMgY2FuIGJlIHVwbG9hZGVkIGRpcmVjdGx5IHZpYSBIYWNrZXJPbmUuXHJcbiogRm9yIHZ1bG5lcmFiaWxpdGllcyBpbnZvbHZpbmcgcGVyc29uYWxseSBpZGVudGlmaWFibGUgaW5mb3JtYXRpb24sIHBsZWFzZSBleHBsYWluIHRoZSBraW5kIG9mIFBJSSB5b3UgYmVsaWV2ZSBpcyBleHBvc2VkIGFuZCBsaW1pdCB0aGUgYW1vdW50IG9mIFBJSSBkYXRhIGluY2x1ZGVkIGluIHlvdXIgc3VibWlzc2lvbnMuIEZvciB0ZXh0dWFsIGluZm9ybWF0aW9uIGFuZCBzY3JlZW5zaG90cywgcGxlYXNlIG9ubHkgaW5jbHVkZSByZWRhY3RlZCBkYXRhIGluIHlvdXIgc3VibWlzc2lvbi5cclxuKiBEbyBub3QgcHVibGljbHkgZGlzY2xvc2UgeW91ciBzdWJtaXNzaW9uIHVudGlsIEdpdEh1YiBoYXMgZXZhbHVhdGVkIHRoZSBpbXBhY3QuXHJcblxyXG5cclxuIyMjIFJlY2VpdmluZyB5b3VyIGF3YXJkXHJcblxyXG4qIEFsbCByZXdhcmQgYW1vdW50cyBhcmUgZGV0ZXJtaW5lZCBieSBvdXIgW3NldmVyaXR5IGd1aWRlbGluZXNdKGh0dHBzOi8vYm91bnR5LmdpdGh1Yi5jb20vI3NldmVyaXR5LWd1aWRlbGluZXMpLlxyXG4qIFdoZW4gZHVwbGljYXRlcyBvY2N1ciwgd2Ugb25seSBhd2FyZCB0aGUgZmlyc3QgcmVwb3J0IHRoYXQgd2FzIHJlY2VpdmVkIChwcm92aWRlZCB0aGF0IGl0IGNhbiBiZSBmdWxseSByZXByb2R1Y2VkKS5cclxuKiBZb3UgYXJlIGZyZWUgdG8gcHVibGlzaCB3cml0ZS11cHMgYWJvdXQgeW91ciB2dWxuZXJhYmlsaXR5IGFuZCBHaXRIdWIgd2lsbCBub3QgbGltaXQgd2hhdCB5b3Ugd3JpdGUuIFdlIG1heSBwYXkgb3V0IHlvdXIgcmV3YXJkIGJlZm9yZSB0aGUgdnVsbmVyYWJpbGl0eSBpcyBwYXRjaGVkIHNvIHdlIG1heSBhc2sgdGhhdCB5b3UgZGVsYXkgcHVibGlzaGluZyB0byBrZWVwIG90aGVyIEdpdEh1YiB1c2VycyBzYWZlLlxyXG4qIE1lZGl1bSwgaGlnaCwgYW5kIGNyaXRpY2FsIHNldmVyaXR5IGlzc3VlcyB3aWxsIGJlIHdyaXR0ZW4gdXAgb24gdGhlIEdpdEh1YiBCdWcgQm91bnR5IHNpdGUgYW5kIGluY2x1ZGVkIGluIG91ciBsZWFkZXJib2FyZC4gV2UgZG9uJ3QgY3VycmVudGx5IHBvc3Qgd3JpdGUtdXBzIGZvciBsb3cgc2V2ZXJpdHkgdnVsbmVyYWJpbGl0aWVzLlxyXG4qIFlvdSBtYXkgcHJlZmVyIHRoZSByZXdhcmQgZ28gdG93YXJkIGhlbHBpbmcgb3RoZXJzLiBJZiB5b3UgY2hvb3NlIHNvLCBHaXRIdWIgd2lsbCBkb25hdGUgeW91ciByZXdhcmQgdG8gYW4gZXN0YWJsaXNoZWQgNTAxKGMpKDMpIGNoYXJpdGFibGUgb3JnYW5pemF0aW9uIG9mIHlvdXIgY2hvaWNlLiBHaXRIdWIgd2lsbCBhbHNvIG1hdGNoIHlvdXIgZG9uYXRpb24gLSBzdWJqZWN0IHRvIG91ciBkaXNjcmV0aW9uLiBBbnkgcmV3YXJkcyB0aGF0IGdvIHVuY2xhaW1lZCBhZnRlciAxMiBtb250aHMgd2lsbCBiZSBkb25hdGVkIHRvIGEgY2hhcml0eSBvZiBHaXRIdWIncyBjaG9vc2luZy5cclxuXHJcblxyXG4jIyBTY29wZVxyXG5cclxuR2l0SHViIHJ1bnMgYSBudW1iZXIgb2Ygc2VydmljZXMgYnV0IG9ubHkgc3VibWlzc2lvbnMgdW5kZXIgdGhlIGZvbGxvd2luZyBkb21haW5zIGFyZSBlbGlnaWJsZSBmb3IgcmV3YXJkcy4gQW55IEdpdEh1Yi1vd25lZCBkb21haW5zIG5vdCBsaXN0ZWQgYmVsb3cgYXJlICpub3QqIGluLXNjb3BlLCAqbm90KiBlbGlnaWJsZSBmb3IgcmV3YXJkcyBhbmQgKm5vdCogY292ZXJlZCBieSBvdXIgW2xlZ2FsIHNhZmUgaGFyYm9yXShodHRwczovL2JvdW50eS5naXRodWIuY29tI2xlZ2FsX3NhZmVfaGFyYm9yKS5cclxuXHJcblxyXG4jIyMgZ2l0aHViLmNvbVxyXG5cclxuT3VyIG1haW4gZG9tYWluIGhvc3RpbmcgdXNlci1mYWNpbmcgR2l0SHViIHNlcnZpY2VzLi4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYGdpdGh1Yi5jb21gIGFyZSBpbi1zY29wZSAqZXhjZXB0KjpcclxuKiBgYmxvZy5naXRodWIuY29tYFxyXG4qIGBjb21tdW5pdHkuZ2l0aHViLmNvbWBcclxuKiBgZW1haWwuZW50ZXJwcmlzZS5naXRodWIuY29tYFxyXG4qIGBlbWFpbC5maW5hbmNlLmdpdGh1Yi5jb21gXHJcbiogYGVtYWlsLnN0YWdpbmcuZmluYW5jZS5naXRodWIuY29tYFxyXG4qIGBlbWFpbC5zdXBwb3J0LmdpdGh1Yi5jb21gXHJcbiogYGVtYWlsLnZlcmlmeS5naXRodWIuY29tYFxyXG4qIGBnb29nbGU3NjUwZGNmNjE0NmYwNGQ4LmdpdGh1Yi5jb21gXHJcbiogYGsxLl9kb21haW5rZXkuZ2l0aHViLmNvbWBcclxuKiBgazEuX2RvbWFpbmtleS5tY21haWwuZ2l0aHViLmNvbWBcclxuKiBgbWNtYWlsLmdpdGh1Yi5jb21gXHJcbiogYHJlc291cmNlcy5naXRodWIuY29tYFxyXG4qIGAqLnJlc291cmNlcy5naXRodWIuY29tYFxyXG4qIGBzZ21haWwuZ2l0aHViLmNvbWBcclxuKiBgKi5zZ21haWwuZ2l0aHViLmNvbWBcclxuKiBgc2hvcC5naXRodWIuY29tYFxyXG4qIGBzbXRwLmdpdGh1Yi5jb21gXHJcbiogYCouc210cC5naXRodWIuY29tYFxyXG4qIGBzdXBwb3J0LmdpdGh1Yi5jb21gXHJcblxyXG4jIyMgZ2l0aHViYXNzZXRzLmNvbVxyXG5cclxuT3VyIGRvbWFpbiBmb3IgaG9zdGluZyBzdGF0aWMgYXNzZXRzLi4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYGdpdGh1YmFzc2V0cy5jb21gIGFyZSBpbi1zY29wZVxyXG5cclxuIyMjIGdpdGh1YnVzZXJjb250ZW50LmNvbVxyXG5cclxuT3VyIGRvbWFpbiBmb3IgaG9zdGluZyBhbmQgcmVuZGVyaW5nIHVzZXJzJyBkYXRhLi4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYGdpdGh1YnVzZXJjb250ZW50LmNvbWAgYXJlIGluLXNjb3BlXHJcblxyXG4jIyMgZ2l0aHViYXBwLmNvbVxyXG5cclxuT3VyIGRvbWFpbiBmb3IgaG9zdGluZyBlbXBsb3llZS1mYWNpbmcgc2VydmljZXMuLiBBbGwgc3ViZG9tYWlucyB1bmRlciBgZ2l0aHViYXBwLmNvbWAgYXJlIGluLXNjb3BlICpleGNlcHQqOlxyXG4qIGBhdG9tLWlvLmdpdGh1YmFwcC5jb21gXHJcbiogYGF0b20taW8tc3RhZ2luZy5naXRodWJhcHAuY29tYFxyXG4qIGBlbWFpbC5lbnRlcnByaXNlLXN0YWdpbmcuZ2l0aHViYXBwLmNvbWBcclxuKiBgZW1haWwuaGF5c3RhY2suZ2l0aHViYXBwLmNvbWBcclxuKiBgcmVwbHkuZ2l0aHViYXBwLmNvbWBcclxuXHJcbiMjIyBnaXRodWIubmV0XHJcblxyXG5PdXIgZG9tYWluIGZvciBob3N0aW5nIEdpdEh1YidzIGludGVybmFsIHByb2R1Y3Rpb24gc2VydmljZXMuIE1hbnkgb2YgdGhlc2Ugc2VydmljZXMgYXJlIG5vdCBhY2Nlc3NpYmxlIGZyb20gb3V0c2lkZSBvdXIgaW50ZXJuYWwgbmV0d29yay4uIEFsbCBzdWJkb21haW5zIHVuZGVyIGBnaXRodWIubmV0YCBhcmUgaW4tc2NvcGVcclxuXHJcbiMjIyBzZW1tbGUuY29tXHJcblxyXG5PdXIgbWFpbiBkb21haW4gZm9yIFNlbW1sZSBhbmQgTEdUTSBzZXJ2aWNlcy4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYHNlbW1sZS5jb21gIGFyZSBpbi1zY29wZSAqZXhjZXB0KjpcclxuKiBgZGV2LnNlbW1sZS5jb21gXHJcbiogYGdpdC5zZW1tbGUuY29tYFxyXG4qIGBqaXJhLnNlbW1sZS5jb21gXHJcbiogYHdpa2kuc2VtbWxlLmNvbWBcclxuXHJcbiMjIyBzZW1tbGUubmV0XHJcblxyXG5PdXIgZG9tYWluIGZvciBub24tcHJvZHVjdGlvbiBTZW1tbGUgc2VydmljZXMuIEFsbCBzdWJkb21haW5zIHVuZGVyIGBzZW1tbGUubmV0YCBhcmUgaW4tc2NvcGVcclxuXHJcbiMjIyBkb3dubG9hZHMubGd0bS5jb21cclxuXHJcbk91ciBkb21haW4gZm9yIHNlcnZpbmcgTEdUTSBkb3dubG9hZHMuLiBBbGwgc3ViZG9tYWlucyB1bmRlciBgZG93bmxvYWRzLmxndG0uY29tYCBhcmUgaW4tc2NvcGVcclxuXHJcbiMjIyBsZ3RtLWNvbS5wZW50ZXN0aW5nLnNlbW1sZS5uZXRcclxuXHJcbkFuIGluc3RhbmNlIG9mIFtMR1RNXShodHRwczovL2JvdW50eS5naXRodWIuY29tL3RhcmdldHMvbGd0bS5odG1sKSBlc3BlY2lhbGx5IGZvciBCdWcgQm91bnR5IHJlc2VhcmNoLi4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYGxndG0tY29tLnBlbnRlc3Rpbmcuc2VtbWxlLm5ldGAgYXJlIGluLXNjb3BlXHJcblxyXG4jIyMgYmFja2VuZC1kb3QtbGd0bS1wZW5ldHJhdGlvbi10ZXN0aW5nLmFwcHNwb3QuY29tXHJcblxyXG5BbiBpbnN0YW5jZSBvZiBbTEdUTV0oaHR0cHM6Ly9ib3VudHkuZ2l0aHViLmNvbS90YXJnZXRzL2xndG0uaHRtbCkncyBiYWNrZW5kIHVzZWQgZm9yIHRyaWdnZXJpbmcgYXV0b21hdGVkIHRhc2tzLi4gQWxsIHN1YmRvbWFpbnMgdW5kZXIgYGJhY2tlbmQtZG90LWxndG0tcGVuZXRyYXRpb24tdGVzdGluZy5hcHBzcG90LmNvbWAgYXJlIGluLXNjb3BlXHJcblxyXG4jIyBTZXZlcml0eSBHdWlkZWxpbmVzXHJcblxyXG5BbGwgYm91bnR5IHN1Ym1pc3Npb25zIGFyZSByYXRlZCBieSBHaXRIdWIgdXNpbmcgYSBwdXJwb3NlZnVsbHkgc2ltcGxlIHNjYWxlLiBFYWNoIHZ1bG5lcmFiaWxpdHkgaXMgdW5pcXVlIGJ1dCB0aGUgZm9sbG93aW5nIGlzIGEgcm91Z2ggZ3VpZGVsaW5lIHdlIHVzZSBpbnRlcm5hbGx5IGZvciByYXRpbmcgYW5kIHJld2FyZGluZyBzdWJtaXNzaW9uczpcclxuXHJcblxyXG4jIyMgQ3JpdGljYWw6ICQyMCwwMDAgLSAkMzAsMDAwXHJcblxyXG5Dcml0aWNhbCBzZXZlcml0eSBpc3N1ZXMgcHJlc2VudCBhIGRpcmVjdCBhbmQgaW1tZWRpYXRlIHJpc2sgdG8gYSBicm9hZCBhcnJheSBvZiBvdXIgdXNlcnMgb3IgdG8gR2l0SHViIGl0c2VsZi4gVGhleSBvZnRlbiBhZmZlY3QgcmVsYXRpdmVseSBsb3ctbGV2ZWwvZm91bmRhdGlvbmFsIGNvbXBvbmVudHMgaW4gb25lIG9mIG91ciBhcHBsaWNhdGlvbiBzdGFja3Mgb3IgaW5mcmFzdHJ1Y3R1cmUuIEZvciBleGFtcGxlOlxyXG4qIGFyYml0cmFyeSBjb2RlL2NvbW1hbmQgZXhlY3V0aW9uIG9uIGEgR2l0SHViIHNlcnZlciBpbiBvdXIgcHJvZHVjdGlvbiBuZXR3b3JrLlxyXG4qIGFyYml0cmFyeSBTUUwgcXVlcmllcyBvbiB0aGUgR2l0SHViIHByb2R1Y3Rpb24gZGF0YWJhc2UuXHJcbiogYnlwYXNzaW5nIHRoZSBHaXRIdWIgbG9naW4gcHJvY2VzcywgZWl0aGVyIHBhc3N3b3JkIG9yIDJGQS5cclxuKiBhY2Nlc3MgdG8gc2Vuc2l0aXZlIHByb2R1Y3Rpb24gdXNlciBkYXRhIG9yIGFjY2VzcyB0byBpbnRlcm5hbCBwcm9kdWN0aW9uIHN5c3RlbXMuXHJcbiogYWNjZXNzaW5nIGFub3RoZXIgdXNlcidzIGRhdGEgaW4gdGhlIEdpdEh1YiBBY3Rpb25zIHNlcnZpY2UuXHJcblxyXG5UaGUgdXBwZXIgYm91bmQgZm9yIGNyaXRpY2FsIHZ1bG5lcmFiaWxpdGllcywgJDMwLDAwMCwgaXMgb25seSBhIGd1aWRlbGluZSBhbmQgR2l0SHViIG1heSByZXdhcmQgaGlnaGVyIGFtb3VudHMgZm9yIGV4Y2VwdGlvbmFsIHJlcG9ydHMuXHJcblxyXG5cclxuIyMjIEhpZ2g6ICQxMCwwMDAgLSAkMjAsMDAwXHJcblxyXG5IaWdoIHNldmVyaXR5IGlzc3VlcyBhbGxvdyBhbiBhdHRhY2tlciB0byByZWFkIG9yIG1vZGlmeSBoaWdobHkgc2Vuc2l0aXZlIGRhdGEgdGhhdCB0aGV5IGFyZSBub3QgYXV0aG9yaXplZCB0byBhY2Nlc3MuIFRoZXkgYXJlIGdlbmVyYWxseSBtb3JlIG5hcnJvdyBpbiBzY29wZSB0aGFuIGNyaXRpY2FsIGlzc3VlcywgdGhvdWdoIHRoZXkgbWF5IHN0aWxsIGdyYW50IGFuIGF0dGFja2VyIGV4dGVuc2l2ZSBhY2Nlc3MuIEZvciBleGFtcGxlOlxyXG4qIGluamVjdGluZyBhdHRhY2tlciBjb250cm9sbGVkIGNvbnRlbnQgaW50byBHaXRIdWIuY29tIChYU1MpIHdoaWNoIGJ5cGFzc2VzIENTUC5cclxuKiBieXBhc3NpbmcgYXV0aG9yaXphdGlvbiBsb2dpYyB0byBncmFudCBhIHJlcG9zaXRvcnkgY29sbGFib3JhdG9yIG1vcmUgYWNjZXNzIHRoYW4gaW50ZW5kZWQuXHJcbiogZGlzY292ZXJpbmcgc2Vuc2l0aXZlIHVzZXIgb3IgR2l0SHViIGRhdGEgaW4gYSBwdWJsaWNseSBleHBvc2VkIHJlc291cmNlLCBzdWNoIGFzIGFuIFMzIGJ1Y2tldC5cclxuKiBnYWluaW5nIGFjY2VzcyB0byBhIG5vbi1jcml0aWNhbCByZXNvdXJjZSB0aGF0IG9ubHkgR2l0SHViIGVtcGxveWVlcyBzaG91bGQgYmUgYWJsZSB0byByZWFjaC5cclxuKiB1c2luZyB0aGUgR2l0SHViIEFjdGlvbnMgcmVwby1zY29wZWQgR2l0SHViIHRva2VuIHRvIGFjY2VzcyBoaWdoLXJpc2sgcHJpdmF0ZSBjb250ZW50IG91dHNpZGUgb2YgdGhhdCByZXBvc2l0b3J5LlxyXG4qIGNvZGUgZXhlY3V0aW9uIGluIGEgZGVza3RvcCBhcHAgdGhhdCByZXF1aXJlcyBubyB1c2VyIGludGVyYWN0aW9uLlxyXG5cclxuXHJcbiMjIyBNZWRpdW06ICQ0LDAwMCAtICQxMCwwMDBcclxuXHJcbk1lZGl1bSBzZXZlcml0eSBpc3N1ZXMgYWxsb3cgYW4gYXR0YWNrZXIgdG8gcmVhZCBvciBtb2RpZnkgbGltaXRlZCBhbW91bnRzIG9mIGRhdGEgdGhhdCB0aGV5IGFyZSBub3QgYXV0aG9yaXplZCB0byBhY2Nlc3MuIFRoZXkgZ2VuZXJhbGx5IGdyYW50IGFjY2VzcyB0byBsZXNzIHNlbnNpdGl2ZSBpbmZvcm1hdGlvbiB0aGFuIGhpZ2ggc2V2ZXJpdHkgaXNzdWVzLiBGb3IgZXhhbXBsZTpcclxuKiBkaXNjbG9zaW5nIHRoZSB0aXRsZSBvZiBpc3N1ZXMgaW4gcHJpdmF0ZSByZXBvc2l0b3JpZXMgd2hpY2ggc2hvdWxkIGJlIGJlIGluYWNjZXNzaWJsZS5cclxuKiBpbmplY3RpbmcgYXR0YWNrZXIgY29udHJvbGxlZCBjb250ZW50IGludG8gR2l0SHViLmNvbSAoWFNTKSBidXQgbm90IGJ5cGFzc2luZyBDU1Agb3IgZXhlY3V0aW5nIHNlbnNpdGl2ZSBhY3Rpb25zIHdpdGggYW5vdGhlciB1c2VyJ3Mgc2Vzc2lvbi5cclxuKiBieXBhc3NpbmcgQ1NSRiB2YWxpZGF0aW9uIGZvciBsb3cgcmlzayBhY3Rpb25zLCBzdWNoIGFzIHN0YXJyaW5nIGEgcmVwb3NpdG9yeSBvciB1bnN1YnNjcmliaW5nIGZyb20gYSBtYWlsaW5nIGxpc3QuXHJcbiogZXNjYXBpbmcgdGhlIExHVE0gd29ya2VyIHNhbmRib3ggdG8gYWNjZXNzIG90aGVyIHVzZXIncyBkYXRhIG9yIHByaXZhdGUgbmV0d29ya2VkIHJlc291cmNlc1xyXG5cclxuXHJcbiMjIyBMb3c6ICQ2MTcgLSAkMiwwMDBcclxuXHJcbkxvdyBzZXZlcml0eSBpc3N1ZXMgYWxsb3cgYW4gYXR0YWNrZXIgdG8gYWNjZXNzIGV4dHJlbWVseSBsaW1pdGVkIGFtb3VudHMgb2YgZGF0YS4gVGhleSBtYXkgdmlvbGF0ZSBhbiBleHBlY3RhdGlvbiBmb3IgaG93IHNvbWV0aGluZyBpcyBpbnRlbmRlZCB0byB3b3JrLCBidXQgaXQgYWxsb3dzIG5lYXJseSBubyBlc2NhbGF0aW9uIG9mIHByaXZpbGVnZSBvciBhYmlsaXR5IHRvIHRyaWdnZXIgdW5pbnRlbmRlZCBiZWhhdmlvciBieSBhbiBhdHRhY2tlci4gRm9yIGV4YW1wbGU6XHJcbiogc2lnbmluZyB1cCBhcmJpdHJhcnkgdXNlcnMgZm9yIGFjY2VzcyB0byBhbiBcImVhcmx5IGFjY2VzcyBmZWF0dXJlXCIgd2l0aG91dCB0aGVpciBjb25zZW50LlxyXG4qIGNyZWF0aW5nIGFuIGlzc3VlIGNvbW1lbnQgdGhhdCBieXBhc3NlcyBvdXIgaW1hZ2UgcHJveHlpbmcgZmlsdGVyIGJ5IHByb3ZpZGluZyBhIG1hbGZvcm1lZCBVUkwuXHJcbiogYnlwYXNzaW5nIGNvbW11bml0eS1hbmQtc2FmZXR5IGZlYXR1cmVzIHN1Y2ggYXMgbG9ja2VkIGNvbnZlcnNhdGlvbnMuXHJcbiogYnlwYXNzaW5nIGJpbGxpbmcgJiBwbGFuIHJlc3RyaWN0aW9ucyB0byBnYWluIGFjY2VzcyB0byBwYWlkIGZlYXR1cmVzLlxyXG4qIHRyaWdnZXJpbmcgdmVyYm9zZSBvciBkZWJ1ZyBlcnJvciBwYWdlcyB3aXRob3V0IHByb29mIG9mIGV4cGxvaXRhYmlsaXR5IG9yIG9idGFpbmluZyBzZW5zaXRpdmUgaW5mb3JtYXRpb24uXHJcbiogdHJpZ2dlcmluZyBhcHBsaWNhdGlvbiBleGNlcHRpb25zIHRoYXQgY291bGQgYWZmZWN0IG1hbnkgR2l0SHViIHVzZXJzLlxyXG4qIHRyaWdnZXJpbmcgWFNTIG9yIENTUkYgdnVsbmVyYWJpbGl0aWVzIGluIExHVE1cclxuIiwiY3JlYXRlZF9hdCI6IjIwMTYtMDQtMTVUMTc6MTA6MzEuMjYxWiIsInVwZGF0ZWRfYXQiOiIyMDIwLTAzLTA5VDIwOjI0OjUyLjQxOFoifX19LCJ3ZWFrbmVzcyI6eyJkYXRhIjp7ImlkIjoiOSIsInR5cGUiOiJ3ZWFrbmVzcyIsImF0dHJpYnV0ZXMiOnsibmFtZSI6IkJ1ZmZlciBPdmVyLXJlYWQiLCJkZXNjcmlwdGlvbiI6IlRoZSBzb2Z0d2FyZSByZWFkcyBmcm9tIGEgYnVmZmVyIHVzaW5nIGJ1ZmZlciBhY2Nlc3MgbWVjaGFuaXNtcyBzdWNoIGFzIGluZGV4ZXMgb3IgcG9pbnRlcnMgdGhhdCByZWZlcmVuY2UgbWVtb3J5IGxvY2F0aW9ucyBhZnRlciB0aGUgdGFyZ2V0ZWQgYnVmZmVyLiIsImV4dGVybmFsX2lkIjoiY3dlLTEyNiIsImNyZWF0ZWRfYXQiOiIyMDE3LTAxLTA1VDAxOjUxOjE5LjAwMFoifX19LCJzdHJ1Y3R1cmVkX3Njb3BlIjp7ImRhdGEiOnsiaWQiOiIxNTQ1NSIsInR5cGUiOiJzdHJ1Y3R1cmVkLXNjb3BlIiwiYXR0cmlidXRlcyI6eyJhc3NldF90eXBlIjoiVVJMIiwiYXNzZXRfaWRlbnRpZmllciI6InJlbmRlci5naXRodWIuY29tIiwiZWxpZ2libGVfZm9yX2JvdW50eSI6dHJ1ZSwiZWxpZ2libGVfZm9yX3N1Ym1pc3Npb24iOnRydWUsImluc3RydWN0aW9uIjoiIiwibWF4X3NldmVyaXR5IjoiY3JpdGljYWwiLCJjcmVhdGVkX2F0IjoiMjAxOC0xMC0xMFQwMDo0MDo1MS40NzlaIiwidXBkYXRlZF9hdCI6IjIwMTgtMTAtMTBUMDA6NDA6NTEuNDc5WiIsInJlZmVyZW5jZSI6IiIsImNvbmZpZGVudGlhbGl0eV9yZXF1aXJlbWVudCI6Im1lZGl1bSIsImludGVncml0eV9yZXF1aXJlbWVudCI6Im1lZGl1bSIsImF2YWlsYWJpbGl0eV9yZXF1aXJlbWVudCI6ImxvdyJ9fX0sImJvdW50aWVzIjp7ImRhdGEiOltdfSwiY3VzdG9tX2ZpZWxkX3ZhbHVlcyI6eyJkYXRhIjpbXX19fV0sImxpbmtzIjp7fX0=
75
+ http_version: null
76
+ recorded_at: Tue, 24 Mar 2020 14:11:47 GMT
77
+ recorded_with: VCR 5.1.0
data/lib/hackerone/client.rb CHANGED
@@ -14,8 +14,11 @@ require_relative "client/group"
14
14
  require_relative "client/structured_scope"
15
15
  require_relative "client/swag"
16
16
  require_relative "client/address"
17
+ require_relative "client/attachment"
17
18
  require_relative "client/bounty"
18
19
  require_relative "client/incremental/activities"
20
+ require_relative "client/billing_balance"
21
+ require "active_support/core_ext/hash"
19
22
 
20
23
  module HackerOne
21
24
  module Client
@@ -28,6 +31,17 @@ module HackerOne
28
31
 
29
32
  LENIENT_MODE_ENV_VARIABLE = "HACKERONE_CLIENT_LENIENT_MODE"
30
33
 
34
+ REPORT_STATES = %w(
35
+ new
36
+ triaged
37
+ needs-more-info
38
+ resolved
39
+ not-applicable
40
+ informative
41
+ duplicate
42
+ spam
43
+ )
44
+
31
45
  class << self
32
46
  ATTRS = [:low_range, :medium_range, :high_range, :critical_range].freeze
33
47
  attr_accessor :program
@@ -66,20 +80,30 @@ module HackerOne
66
80
  end
67
81
  end
68
82
 
69
- ## Returns all open reports, optionally with a time bound
83
+ ## Returns all reports in a given state, optionally with a time bound
70
84
  #
71
85
  # program: the HackerOne program to search on (configure globally with Hackerone::Client.program=)
72
86
  # since (optional): a time bound, don't include reports earlier than +since+. Must be a DateTime object.
87
+ # before (optional): a time bound, don't include reports later than +before+. Must be a DateTime object.
88
+ # state (optional): state that a report is in, by default new
73
89
  #
74
90
  # returns all open reports or an empty array
75
- def reports(since: 3.days.ago)
91
+ def reports(since: 3.days.ago, before: nil, state: :new)
76
92
  raise ArgumentError, "Program cannot be nil" unless program
93
+ raise ArgumentError, "State is invalid" unless REPORT_STATES.include?(state.to_s)
94
+
77
95
  response = self.class.hackerone_api_connection.get do |req|
78
96
  options = {
79
- "filter[state][]" => "new",
80
- "filter[program][]" => program,
81
- "filter[created_at__gt]" => since.iso8601
97
+ "filter[state][]" => state,
98
+ "filter[program][]" => program
82
99
  }
100
+ unless since.nil?
101
+ options["filter[created_at__gt]"] = since.iso8601
102
+ end
103
+ unless before.nil?
104
+ options["filter[created_at__lt]"] = before.iso8601
105
+ end
106
+
83
107
  req.url "reports", options
84
108
  end
85
109
 
@@ -90,6 +114,35 @@ module HackerOne
90
114
  end
91
115
  end
92
116
 
117
+ ## Public: create a new report
118
+ #
119
+ # title: The title of the report
120
+ # summary: Summary of the report
121
+ # impact: Impact of the report
122
+ # severity_rating: severity of report, must be one of https://api.hackerone.com/reference/#severity-ratings
123
+ # source: where the report came from, i.e. API, Bugcrowd, etc.
124
+ #
125
+ # returns an HackerOne::Client::Report object or raises an error if
126
+ # error during creation
127
+ def create_report(title:, summary:, impact:, severity_rating:, source:)
128
+ raise ArgumentError, "Program cannot be nil" unless program
129
+
130
+ data = {
131
+ "data": {
132
+ "type": "report",
133
+ "attributes": {
134
+ "team_handle": program,
135
+ "title": title,
136
+ "vulnerability_information": summary,
137
+ "impact": impact,
138
+ "severity_rating": severity_rating,
139
+ "source": source
140
+ }
141
+ }
142
+ }
143
+ Report.new(post("reports", data))
144
+ end
145
+
93
146
  ## Public: retrieve a report
94
147
  #
95
148
  # id: the ID of a specific report