hackerone-client 0.2.3 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1377da005dc1141183d4f4ea57177a64965bb471
-  data.tar.gz: fb7c070632d9991ac75bb56e1be490dcc69e5a0e
+  metadata.gz: e75818c133624c27e8d5986311b1ee3c77420916
+  data.tar.gz: b5e846599a80125cd47137ee42176777c8bf64cb
 SHA512:
-  metadata.gz: 10ad6494e05446c28f9cbf8901c9bc88200258679ed364ff8f8cda734fa30b0239f6907e669a4a793a63e68a83b6191479e877da0477d45addf23b59819c9a1a
-  data.tar.gz: 9d3291ac4094b8737c98fc5404f1246ba5e2b0f1533042d9f832ca8a8d711e2959e206aab93bb18535e18fd64de76aacf83b5dadbc6309784a172f496ef5d4d5
+  metadata.gz: 326cfa0c38f8cd35858c386b38b4f399074766c8dc52e15ae6b2950f5222e5a9995002335edc7ef059fd4ee56760e9134828e4475d6b5cda9b913214e3f10859
+  data.tar.gz: ff0bd09d8cfc186b67944bfae8f569ce843a495fad3546658a79bef11fba4582969d77b39e15ed4b376823bd841709761e7e7027ce42c038f2b904378f4460f0

data/fixtures/vcr_cassettes/server_error.yml

@@ -0,0 +1,75 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: https://api.hackerone.com/v1/reports/500
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      Authorization:
+      - Basic nope=
+      User-Agent:
+      - Faraday v0.11.0
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 500
+      message: Error
+    headers:
+      Date:
+      - Wed, 15 Feb 2017 00:50:01 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Set-Cookie:
+      - __cfduid=123; expires=Thu, 15-Feb-18
+        00:50:01 GMT; path=/; Domain=api.hackerone.com; HttpOnly
+      X-Request-Id:
+      - 345
+      Etag:
+      - W/"8dfc97642d70f82b560e989d44e19eac"
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Strict-Transport-Security:
+      - max-age=31536000; includeSubDomains; preload
+      Content-Security-Policy:
+      - default-src 'none'; connect-src 'self' www.google-analytics.com errors.hackerone.net;
+        font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'
+        'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=123
+      X-Content-Type-Options:
+      - nosniff
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - DENY
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Xss-Protection:
+      - 1; mode=block
+      Public-Key-Pins-Report-Only:
+      - pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
+        pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
+        pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
+        pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
+        report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
+      Server:
+      - cloudflare-nginx
+      Cf-Ray:
+      - 3314c3653e302126-LAX
+    body:
+      encoding: ASCII-8BIT
+      string: '{
+        "data": {
+          "error": "fail"
+        }
+      }'
+    http_version:
+  recorded_at: Wed, 15 Feb 2017 00:50:01 GMT
+recorded_with: VCR 3.0.3

data/lib/hackerone/client.rb

@@ -2,6 +2,7 @@ require "faraday"
 require 'active_support/time'
 require_relative "client/version"
 require_relative "client/report"
+require_relative "client/activity"
 
 module HackerOne
   module Client
@@ -21,7 +22,13 @@ module HackerOne
       informative
       duplicate
       spam
-    ).map(&:to_sym)
+    ).map(&:to_sym).freeze
+
+    STATES_REQUIRING_STATE_CHANGE_MESSAGE = %w(
+      needs-more-info
+      informative
+      duplicate
+    ).map(&:to_sym).freeze
 
     class << self
       ATTRS = [:low_range, :medium_range, :high_range, :critical_range].freeze
@@ -111,18 +118,23 @@ module HackerOne
       #
       # returns an HackerOne::Client::Report object or raises an error if
       # no report is found.
-      def state_change(id, state)
+      def state_change(id, state, message = nil)
         raise ArgumentError, "state (#{state}) must be one of #{STATES}" unless STATES.include?(state)
 
         body = {
           data: {
             type: "state-change",
             attributes: {
-              message: "This is has been triaged internally.",
               state: state
             }
           }
         }
+
+        if message
+          body[:message] = message
+        elsif STATES_REQUIRING_STATE_CHANGE_MESSAGE.include?(state)
+          fail ArgumentError, "State #{state} requires a message. No message was supplied."
+        end
         post("reports/#{id}/state_changes", body)
       end
 
@@ -165,7 +177,7 @@ module HackerOne
         if response.status.to_s.start_with?("4")
           raise ArgumentError, "API called failed, probably your fault: #{response.body}"
         elsif response.status.to_s.start_with?("5")
-          raise Runtime, "API called failed, probobly their fault: #{response.body}"
+          raise RuntimeError, "API called failed, probably their fault: #{response.body}"
         elsif response.success?
           Report.new(JSON.parse(response.body, :symbolize_names => true)[:data])
         else

data/lib/hackerone/client/activity.rb

@@ -0,0 +1,72 @@
+module HackerOne
+  module Client
+    module Activities
+      class Activity
+        delegate :message, :created_at, :updated_at, to: :attributes
+        delegate :actor, to: :relationships
+
+        def initialize(activity)
+          @activity = OpenStruct.new activity
+        end
+
+        def internal?
+          attributes.internal
+        end
+
+        private
+
+        def relationships
+          OpenStruct.new(activity.relationships)
+        end
+
+        def attributes
+          OpenStruct.new(activity.attributes)
+        end
+
+        attr_reader :activity
+      end
+
+      class BountyAwarded < Activity
+        def bounty_amount
+          formatted_bounty_amount = attributes.bounty_amount || "0"
+          formatted_bounty_amount.gsub(/[^\d]/, "").to_i
+        end
+
+        def bonus_amount
+          formatted_bonus_amount = attributes.bonus_amount || "0"
+          formatted_bonus_amount.gsub(/[^\d]/, "").to_i
+        end
+      end
+
+      class SwagAwarded < Activity
+        delegate :swag, to: :relationships
+      end
+
+      class UserAssignedToBug < Activity
+        delegate :assigned_user, to: :relationships
+      end
+
+      class BugTriaged < Activity
+      end
+
+      class ReferenceIdAdded < Activity
+        delegate :reference, :reference_url, to: :attributes
+      end
+
+      ACTIVITY_TYPE_CLASS_MAPPING = {
+        'activity-bounty-awarded' => BountyAwarded,
+        'activity-swag-awarded' => SwagAwarded,
+        'activity-user-assigned-to-bug' => UserAssignedToBug,
+        'activity-bug-triaged' => BugTriaged,
+        'activity-reference-id-added' => ReferenceIdAdded
+      }.freeze
+
+      def self.build(activity_data)
+        activity_type_class = ACTIVITY_TYPE_CLASS_MAPPING.fetch \
+          activity_data[:type], Activity
+
+        activity_type_class.new activity_data
+      end
+    end
+  end
+end

data/lib/hackerone/client/report.rb

@@ -1,10 +1,9 @@
 require_relative './weakness'
+require_relative './activity'
 
 module HackerOne
   module Client
     class Report
-      PAYOUT_ACTIVITY_KEY = "activity-bounty-awarded"
-
       def initialize(report)
         @report = report
       end
@@ -68,17 +67,20 @@ module HackerOne
         classification_label().split("-").first
       end
 
+      def activities
+        relationships.dig(:activities, :data)&.map do |activity_data|
+          Activities.build(activity_data)
+        end
+      end
+
       private
+
       def payments
-        activities.select { |activity| activity[:type] == PAYOUT_ACTIVITY_KEY }
+        activities.select { |activity| activity.is_a? Activities::BountyAwarded }
       end
 
       def payment_amount(payment)
-        payment.fetch(:attributes, {}).fetch(:bounty_amount, "0").gsub(/[^\d]/, "").to_i
-      end
-
-      def activities
-        relationships.fetch(:activities, {}).fetch(:data, [])
+        payment.bounty_amount
       end
 
       def attributes

data/lib/hackerone/client/version.rb

@@ -1,5 +1,5 @@
 module Hackerone
   module Client
-    VERSION = "0.2.3"
+    VERSION = "0.3.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hackerone-client
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.3.0
 platform: ruby
 authors:
 - Neil Matatall
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-03-22 00:00:00.000000000 Z
+date: 2017-03-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -137,9 +137,11 @@ files:
 - fixtures/vcr_cassettes/missing_report.yml
 - fixtures/vcr_cassettes/report.yml
 - fixtures/vcr_cassettes/report_list.yml
+- fixtures/vcr_cassettes/server_error.yml
 - fixtures/vcr_cassettes/stage_change.yml
 - hackerone-client.gemspec
 - lib/hackerone/client.rb
+- lib/hackerone/client/activity.rb
 - lib/hackerone/client/report.rb
 - lib/hackerone/client/version.rb
 - lib/hackerone/client/weakness.rb