hackerone-client 0.20.1 → 0.22.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/build.yml +6 -11
- data/CHANGELOG.md +4 -0
- data/CODEOWNERS +2 -0
- data/CODE_OF_CONDUCT.md +1 -1
- data/CONTRIBUTING.md +6 -3
- data/LICENSE.txt +1 -1
- data/README.md +4 -4
- data/SECURITY.md +31 -0
- data/SUPPORT.md +13 -0
- data/fixtures/vcr_cassettes/report_list_before.yml +271 -0
- data/hackerone-client.gemspec +2 -1
- data/lib/hackerone/client/program.rb +3 -3
- data/lib/hackerone/client/version.rb +1 -1
- data/lib/hackerone/client.rb +13 -5
- metadata +13 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 24b1250ad09669f3ad16458a5ba4b8be1e8837a2689d4ff524e332a0bf9dcc60
|
|
4
|
+
data.tar.gz: 3c8ac97e8ae5ec1281a6430384cec813fc7b2a39f14a3e0c4cb3c09f1a64b727
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b2c6fe41d727782597aa91e079aee5fdd645c5f66db02dc92246708baa3dd479a0bfb32d56d42a5d82fc5cb900b22853c7c2ac78dec9be7a0bef4aab5b3647dd
|
|
7
|
+
data.tar.gz: 676f7421904ae3d02e1dc02c9cef27cb6ebcbbfe3c9cbab5f2448cf7ae365bcdd9ff9a599ecf348705ff6f3e93f39272e7c5dd258c91b23d47ff146486900aa1
|
data/.github/workflows/build.yml
CHANGED
|
@@ -7,30 +7,25 @@ jobs:
|
|
|
7
7
|
runs-on: ubuntu-latest
|
|
8
8
|
strategy:
|
|
9
9
|
matrix:
|
|
10
|
-
ruby: [ '2.
|
|
10
|
+
ruby: [ '2.6', '2.7', '3.0', '3.1', '3.2', '3.3']
|
|
11
11
|
steps:
|
|
12
12
|
- uses: actions/checkout@v2
|
|
13
13
|
- name: Set up Ruby ${{ matrix.ruby }}
|
|
14
|
-
uses: ruby/setup-ruby@v1
|
|
14
|
+
uses: ruby/setup-ruby@v1
|
|
15
15
|
with:
|
|
16
16
|
ruby-version: ${{ matrix.ruby }}
|
|
17
17
|
bundler-cache: true
|
|
18
18
|
- name: Build and test with Rake with Ruby ${{ matrix.ruby }}
|
|
19
|
-
run:
|
|
20
|
-
gem install bundler
|
|
21
|
-
bundle install --jobs 4 --retry 3
|
|
22
|
-
bundle exec rake spec
|
|
19
|
+
run: bundle exec rake spec
|
|
23
20
|
lint:
|
|
24
21
|
name: Rubocop
|
|
25
22
|
runs-on: ubuntu-latest
|
|
26
23
|
steps:
|
|
27
24
|
- uses: actions/checkout@v2
|
|
28
25
|
- name: Set up Ruby 2.6
|
|
29
|
-
uses:
|
|
26
|
+
uses: ruby/setup-ruby@v1
|
|
30
27
|
with:
|
|
31
28
|
ruby-version: 2.6
|
|
29
|
+
bundler-cache: true
|
|
32
30
|
- name: Run linters
|
|
33
|
-
run:
|
|
34
|
-
gem install bundler
|
|
35
|
-
bundle install --jobs 4 --retry 3
|
|
36
|
-
bundle exec rake rubocop
|
|
31
|
+
run: bundle exec rake rubocop
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
## [0.22.0] - 2024-01-10
|
|
2
|
+
|
|
3
|
+
[Update Faraday API call and deprecate support for Ruby <2.6](https://github.com/github/hackerone-client/pull/2) (@maclarel)
|
|
4
|
+
|
|
1
5
|
## [0.20.0] - 2020-10-21
|
|
2
6
|
|
|
3
7
|
[Add ability to lock a report](https://github.com/oreoshake/hackerone-client/pull/59) (@rzhade3)
|
data/CODEOWNERS
ADDED
data/CODE_OF_CONDUCT.md
CHANGED
|
@@ -55,7 +55,7 @@ further defined and clarified by project maintainers.
|
|
|
55
55
|
## Enforcement
|
|
56
56
|
|
|
57
57
|
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
|
58
|
-
reported by contacting the project team at
|
|
58
|
+
reported by contacting the project team at opensource@github.com. All
|
|
59
59
|
complaints will be reviewed and investigated and will result in a response that
|
|
60
60
|
is deemed necessary and appropriate to the circumstances. The project team is
|
|
61
61
|
obligated to maintain confidentiality with regard to the reporter of an incident.
|
data/CONTRIBUTING.md
CHANGED
|
@@ -1,13 +1,15 @@
|
|
|
1
1
|
## Contributing
|
|
2
2
|
|
|
3
|
-
[fork]: https://github.com/
|
|
4
|
-
[pr]: https://github.com/
|
|
3
|
+
[fork]: https://github.com/github/hackerone-client/fork
|
|
4
|
+
[pr]: https://github.com/github/hackerone-client/compare
|
|
5
5
|
[style]: https://github.com/styleguide/ruby
|
|
6
6
|
[code-of-conduct]: CODE_OF_CONDUCT.md
|
|
7
7
|
|
|
8
8
|
Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great.
|
|
9
9
|
|
|
10
|
-
|
|
10
|
+
Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](LICENSE.txt).
|
|
11
|
+
|
|
12
|
+
Please note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.
|
|
11
13
|
|
|
12
14
|
## Submitting a pull request
|
|
13
15
|
|
|
@@ -21,6 +23,7 @@ Please note that this project is released with a [Contributor Code of Conduct][c
|
|
|
21
23
|
|
|
22
24
|
Here are a few things you can do that will increase the likelihood of your pull request being accepted:
|
|
23
25
|
|
|
26
|
+
- Follow the [style guide][style].
|
|
24
27
|
- Write tests.
|
|
25
28
|
- Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
|
|
26
29
|
- Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
|
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Hackerone::Client
|
|
2
2
|
|
|
3
|
-
A limited client library for interacting with HackerOne. Currently only supports a few operations:
|
|
3
|
+
A limited client library for interacting with HackerOne in Ruby. Currently only supports a few operations:
|
|
4
4
|
|
|
5
5
|
```ruby
|
|
6
6
|
client = HackerOne::Client::Api.new("github")
|
|
@@ -9,7 +9,7 @@ client = HackerOne::Client::Api.new("github")
|
|
|
9
9
|
client.create_report(title: "hi", summary: "hi", impact: "string", severity_rating: :high, source: "api")
|
|
10
10
|
|
|
11
11
|
# GET '/reports' returns all reports in a given state for a program, by default :new
|
|
12
|
-
client.reports(state: :new)
|
|
12
|
+
client.reports(since: 10.days.ago, before: 1.day.ago, state: :new)
|
|
13
13
|
|
|
14
14
|
# GET '/report/{id}' returns report data for a given report
|
|
15
15
|
report = client.report(id)
|
|
@@ -114,6 +114,6 @@ Setting this variable will make the client try to absorb errors, like a malforme
|
|
|
114
114
|
Bug reports and pull requests are welcome on GitHub at https://github.com/oreoshake/hackerone-client. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
|
115
115
|
|
|
116
116
|
|
|
117
|
-
## License
|
|
117
|
+
## License
|
|
118
118
|
|
|
119
|
-
|
|
119
|
+
This project is licensed under the terms of the MIT open source license. Please refer to [MIT](./LICENSE.txt) for the full terms.
|
data/SECURITY.md
ADDED
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
Thanks for helping make GitHub safe for everyone.
|
|
2
|
+
|
|
3
|
+
# Security
|
|
4
|
+
|
|
5
|
+
GitHub takes the security of our software products and services seriously, including all of the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub).
|
|
6
|
+
|
|
7
|
+
Even though [open source repositories are outside of the scope of our bug bounty program](https://bounty.github.com/index.html#scope) and therefore not eligible for bounty rewards, we will ensure that your finding gets passed along to the appropriate maintainers for remediation.
|
|
8
|
+
|
|
9
|
+
## Reporting Security Issues
|
|
10
|
+
|
|
11
|
+
If you believe you have found a security vulnerability in any GitHub-owned repository, please report it to us through coordinated disclosure.
|
|
12
|
+
|
|
13
|
+
**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
|
|
14
|
+
|
|
15
|
+
Instead, please send an email to opensource-security[@]github.com.
|
|
16
|
+
|
|
17
|
+
Please include as much of the information listed below as you can to help us better understand and resolve the issue:
|
|
18
|
+
|
|
19
|
+
* The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
|
|
20
|
+
* Full paths of source file(s) related to the manifestation of the issue
|
|
21
|
+
* The location of the affected source code (tag/branch/commit or direct URL)
|
|
22
|
+
* Any special configuration required to reproduce the issue
|
|
23
|
+
* Step-by-step instructions to reproduce the issue
|
|
24
|
+
* Proof-of-concept or exploit code (if possible)
|
|
25
|
+
* Impact of the issue, including how an attacker might exploit the issue
|
|
26
|
+
|
|
27
|
+
This information will help us triage your report more quickly.
|
|
28
|
+
|
|
29
|
+
## Policy
|
|
30
|
+
|
|
31
|
+
See [GitHub's Safe Harbor Policy](https://docs.github.com/en/github/site-policy/github-bug-bounty-program-legal-safe-harbor#1-safe-harbor-terms)
|
data/SUPPORT.md
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# Support
|
|
2
|
+
|
|
3
|
+
## How to file issues and get help
|
|
4
|
+
|
|
5
|
+
This project uses GitHub issues to track bugs and feature requests. Please search the existing issues before filing new issues to avoid duplicates. For new issues, file your bug or feature request as a new issue.
|
|
6
|
+
|
|
7
|
+
For help or questions about using this project, please file an issue on this repository.
|
|
8
|
+
|
|
9
|
+
- `hackerone-client` is not actively developed but is maintained by GitHub staff **AND THE COMMUNITY**. We will do our best to respond to support and community questions in a timely manner.
|
|
10
|
+
|
|
11
|
+
## GitHub Support Policy
|
|
12
|
+
|
|
13
|
+
Support for this project is limited to the resources listed above.
|
|
@@ -0,0 +1,271 @@
|
|
|
1
|
+
---
|
|
2
|
+
http_interactions:
|
|
3
|
+
- request:
|
|
4
|
+
method: get
|
|
5
|
+
uri: https://api.hackerone.com/v1/reports?filter%5Bcreated_at__lt%5D=2017-02-11T16:00:44-10:00&filter%5Bprogram%5D%5B0%5D=github&filter%5Bstate%5D%5B0%5D=new
|
|
6
|
+
body:
|
|
7
|
+
encoding: US-ASCII
|
|
8
|
+
string: ''
|
|
9
|
+
headers:
|
|
10
|
+
Authorization:
|
|
11
|
+
- Basic ==
|
|
12
|
+
User-Agent:
|
|
13
|
+
- Faraday v1.3.0
|
|
14
|
+
Accept-Encoding:
|
|
15
|
+
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
|
|
16
|
+
Accept:
|
|
17
|
+
- "*/*"
|
|
18
|
+
response:
|
|
19
|
+
status:
|
|
20
|
+
code: 200
|
|
21
|
+
message: OK
|
|
22
|
+
headers:
|
|
23
|
+
Date:
|
|
24
|
+
- Tue, 26 Jan 2021 01:59:08 GMT
|
|
25
|
+
Content-Type:
|
|
26
|
+
- application/json; charset=utf-8
|
|
27
|
+
Transfer-Encoding:
|
|
28
|
+
- chunked
|
|
29
|
+
Connection:
|
|
30
|
+
- keep-alive
|
|
31
|
+
Set-Cookie:
|
|
32
|
+
- __cfduid=d1825b95f694de8ff5c78cb985c261f491611626346; expires=Thu, 25-Feb-21
|
|
33
|
+
01:59:06 GMT; path=/; Domain=api.hackerone.com; HttpOnly; SameSite=Lax; Secure
|
|
34
|
+
X-Request-Id:
|
|
35
|
+
- 3d4375bc-4de0-4760-85b8-003b3e09420d
|
|
36
|
+
Etag:
|
|
37
|
+
- W/"f33bd1b1c69b6617410c264d74fffa56"
|
|
38
|
+
Cache-Control:
|
|
39
|
+
- max-age=0, private, must-revalidate
|
|
40
|
+
Strict-Transport-Security:
|
|
41
|
+
- max-age=31536000; includeSubDomains; preload
|
|
42
|
+
X-Frame-Options:
|
|
43
|
+
- DENY
|
|
44
|
+
X-Content-Type-Options:
|
|
45
|
+
- nosniff
|
|
46
|
+
X-Xss-Protection:
|
|
47
|
+
- 1; mode=block
|
|
48
|
+
X-Download-Options:
|
|
49
|
+
- noopen
|
|
50
|
+
X-Permitted-Cross-Domain-Policies:
|
|
51
|
+
- none
|
|
52
|
+
Referrer-Policy:
|
|
53
|
+
- strict-origin-when-cross-origin
|
|
54
|
+
Expect-Ct:
|
|
55
|
+
- enforce, max-age=86400
|
|
56
|
+
Content-Security-Policy:
|
|
57
|
+
- 'default-src ''none''; base-uri ''self''; block-all-mixed-content; child-src
|
|
58
|
+
www.youtube-nocookie.com; connect-src ''self'' www.google-analytics.com errors.hackerone.net;
|
|
59
|
+
font-src ''self''; form-action ''self''; frame-ancestors ''none''; img-src
|
|
60
|
+
''self'' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com
|
|
61
|
+
profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com;
|
|
62
|
+
media-src ''self'' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com;
|
|
63
|
+
script-src ''self'' www.google-analytics.com; style-src ''self'' ''unsafe-inline'';
|
|
64
|
+
report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d'
|
|
65
|
+
Cf-Cache-Status:
|
|
66
|
+
- DYNAMIC
|
|
67
|
+
Cf-Request-Id:
|
|
68
|
+
- 07de0391de0000fda912ab2000000001
|
|
69
|
+
Server:
|
|
70
|
+
- cloudflare
|
|
71
|
+
Cf-Ray:
|
|
72
|
+
- 6176a1fc9fcefda9-PDX
|
|
73
|
+
body:
|
|
74
|
+
encoding: ASCII-8BIT
|
|
75
|
+
string: '{"data":[{"id":"440362","type":"report","attributes":{"title":"gewgwe","state":"new","created_at":"2016-11-13T23:01:55.070Z","vulnerability_information":"gewewg\n\n##
|
|
76
|
+
Impact\n\ngwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-13T23:01:55.139Z","first_program_activity_at":"2016-11-13T23:01:55.139Z","last_program_activity_at":"2016-11-13T23:01:55.139Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-13T23:01:55.139Z","last_activity_at":"2016-11-13T23:05:46.933Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
77
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
|
|
78
|
+
Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"240715","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-13T23:01:55.102Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
|
79
|
+
Underflow","description":"The software writes to a buffer using an index or
|
|
80
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"434162","type":"report","attributes":{"title":"fewew","state":"new","created_at":"2016-11-05T02:24:29.286Z","vulnerability_information":"fewfew\n\n##
|
|
81
|
+
Impact\n\nfewfwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-05T02:24:29.343Z","first_program_activity_at":"2016-11-05T02:24:29.343Z","last_program_activity_at":"2016-11-05T02:24:29.343Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"issue_tracker_reference_id":"abc","last_public_activity_at":"2016-11-05T02:24:29.343Z","last_activity_at":"2016-11-13T23:14:58.672Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
82
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
83
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"234626","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-05T02:24:29.316Z"}}},"weakness":{"data":{"id":"73","type":"weakness","attributes":{"name":"Phishing","description":"Phishing
|
|
84
|
+
is a social engineering technique where an attacker masquerades as a legitimate
|
|
85
|
+
entity with which the victim might do business in order to prompt the user
|
|
86
|
+
to reveal some confidential information (very frequently authentication credentials)
|
|
87
|
+
that can later be used by an attacker. Phishing is essentially a form of information
|
|
88
|
+
gathering or \"fishing\" for information.","external_id":"capec-98","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"434100","type":"report","attributes":{"title":"gewgwe","state":"new","created_at":"2016-11-04T20:11:35.887Z","vulnerability_information":"gewgew\n\n##
|
|
89
|
+
Impact\n\ngwegwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-04T20:11:36.005Z","first_program_activity_at":"2016-11-04T20:11:36.005Z","last_program_activity_at":"2016-11-04T20:11:36.005Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-04T20:11:36.005Z","last_activity_at":"2016-11-04T20:11:37.381Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
90
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"234571","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-04T20:11:35.963Z"}}},"weakness":{"data":{"id":"76","type":"weakness","attributes":{"name":"Malware","description":"An
|
|
91
|
+
adversary installs and executes malicious code on the target system in an
|
|
92
|
+
effort to achieve a negative technical impact.","external_id":"capec-549","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"434096","type":"report","attributes":{"title":"Testing","state":"new","created_at":"2016-11-04T19:50:18.883Z","vulnerability_information":"lfkjewjl\n\n##
|
|
93
|
+
Impact\n\nflejwljkwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-04T19:50:18.960Z","first_program_activity_at":"2016-11-04T19:50:18.960Z","last_program_activity_at":"2016-11-04T19:50:18.960Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-04T19:50:18.960Z","last_activity_at":"2016-11-04T19:50:18.960Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
94
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"234568","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-04T19:50:18.923Z"}}},"weakness":{"data":{"id":"76","type":"weakness","attributes":{"name":"Malware","description":"An
|
|
95
|
+
adversary installs and executes malicious code on the target system in an
|
|
96
|
+
effort to achieve a negative technical impact.","external_id":"capec-549","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15939","type":"structured-scope","attributes":{"asset_type":"HARDWARE","asset_identifier":"GitHub
|
|
97
|
+
Enterprise","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"GitHub
|
|
98
|
+
Enterprise is the on-premises version of GitHub. GitHub Enterprise shares
|
|
99
|
+
a code-base with GitHub.com, is built on Ruby on Rails and leverages a number
|
|
100
|
+
of open source technologies.\n\nGitHub Enterprise adds a number of features
|
|
101
|
+
for enterprise infrastructures. This includes additional authentication backends
|
|
102
|
+
and clustering options. Below is a subset of features unique to GitHub Enterprise
|
|
103
|
+
that might be interesting to investigate.\n\n- Instance-wide authentication
|
|
104
|
+
([*private mode*](https://help.github.com/enterprise/admin/guides/installation/enabling-private-mode/))\n-
|
|
105
|
+
External authentication backends including [CAS, LDAP, and SAML](https://help.github.com/enterprise/admin/guides/user-management/)\n-
|
|
106
|
+
In-app administration of the instance using a site administrator control panel\n-
|
|
107
|
+
[User, organization, and repository migration](https://help.github.com/enterprise/admin/guides/migrations/)\n-
|
|
108
|
+
[Web-based management console](https://help.github.com/enterprise/admin/guides/installation/web-based-management-console/)
|
|
109
|
+
and [SSH access](https://help.github.com/enterprise/admin/guides/installation/administrative-shell-ssh-access/)
|
|
110
|
+
to configure and update the instance\n- [Pre-receive hook scripts](https://help.github.com/enterprise/admin/guides/developer-workflow/creating-a-pre-receive-hook-script/)\n\nYou
|
|
111
|
+
can request a trial of GitHub Enterprise for security testing at [https://enterprise.github.com/bounty](https://enterprise.github.com/bounty).\n\n-
|
|
112
|
+
Resources and features provided by the latest patch release of each non-deprecated
|
|
113
|
+
version of the GitHub Enterprise virtual machine. Major versions of GitHub
|
|
114
|
+
Enterprise are deprecated one year after release. For more information see
|
|
115
|
+
[this list of releases](https://enterprise.github.com/releases/).\n- All listening
|
|
116
|
+
services hosted on a GitHub Enterprise instance. See [our documentation](https://help.github.com/enterprise/admin/guides/installation/network-ports-to-open/)
|
|
117
|
+
for a reference of ports typically opened on a GitHub Enterprise instance.\n-
|
|
118
|
+
Code de-obfuscation may be explored to further investigate GitHub Enterprise,
|
|
119
|
+
but only for the purpose of the bounty program. Bounty hunters still need
|
|
120
|
+
to abide by all of our other Bounty program rules and terms and the applicable
|
|
121
|
+
software license terms.\n\nIneligible submissions:\n- Vulnerabilities caused
|
|
122
|
+
by lack of subdomain isolation\n- Escalation to the root user via sudo\n-
|
|
123
|
+
Bypassing source code de-obfuscation\n","max_severity":"critical","created_at":"2016-10-29T20:48:48.915Z","updated_at":"2016-10-29T20:48:48.915Z","reference":""}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"430397","type":"report","attributes":{"title":"Demo
|
|
124
|
+
report: XSS in GitHub test home page","state":"new","created_at":"2016-10-29T18:07:20.617Z","vulnerability_information":"In
|
|
125
|
+
some ***fantasy world***, the home page of GitHub test is vulnerable to an
|
|
126
|
+
*imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2.
|
|
127
|
+
Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press
|
|
128
|
+
enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability
|
|
129
|
+
allows us to run an external script on your website that for example steals
|
|
130
|
+
the cookies of the users that''s facing the XSS and thus gaining access to
|
|
131
|
+
the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-01T18:07:30.449Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-01T18:07:30.449Z","last_activity_at":"2016-11-01T18:07:30.449Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo
|
|
132
|
+
Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"170761","type":"user","attributes":{"username":"philipturnbull","name":"Phil
|
|
133
|
+
Turnbull","disabled":false,"created_at":"2017-05-24T18:37:20.644Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/170/761/32db5fe3b68ab940c08762597cf6dc218ea569ab_original.jpeg/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/170/761/32db5fe3b68ab940c08762597cf6dc218ea569ab_original.jpeg/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbHhqIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--1288f07999072babe0cdf90162e1f6f7da35aa14/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9VWTI5dFltbHVaVjl2Y0hScGIyNXpld2c2REdkeVlYWnBkSGxKSWd0RFpXNTBaWElHT2daRlZEb0xjbVZ6YVhwbFNTSU5NVEV3ZURFeE1GNEdPd2RVT2dsamNtOXdTU0lRTVRFd2VERXhNQ3N3S3pBR093ZFUiLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--955e4ecf4dcd6b5873333833a7d869bd60c7dd7b/45588_orig.jpeg","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbHhqIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--1288f07999072babe0cdf90162e1f6f7da35aa14/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/45588_orig.jpeg"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
|
134
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
|
135
|
+
or using an array index, but the product does not validate or incorrectly
|
|
136
|
+
validates the index to ensure the index references a valid position within
|
|
137
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425480","type":"report","attributes":{"title":"greg","state":"new","created_at":"2016-10-18T20:05:44.316Z","vulnerability_information":"gregr\n\n##
|
|
138
|
+
Impact\n\ngregre","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-18T20:05:44.403Z","first_program_activity_at":"2016-10-18T20:05:44.403Z","last_program_activity_at":"2016-10-18T20:05:44.403Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-18T20:05:44.403Z","last_activity_at":"2016-10-18T20:08:09.264Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
139
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
|
|
140
|
+
Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225991","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-18T20:05:44.360Z"}}},"weakness":{"data":{"id":"9","type":"weakness","attributes":{"name":"Buffer
|
|
141
|
+
Over-read","description":"The software reads from a buffer using buffer access
|
|
142
|
+
mechanisms such as indexes or pointers that reference memory locations after
|
|
143
|
+
the targeted buffer.","external_id":"cwe-126","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425470","type":"report","attributes":{"title":"htht","state":"new","created_at":"2016-10-18T19:13:48.758Z","vulnerability_information":"htrhtr\n\n##
|
|
144
|
+
Impact\n\nhrthht","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-18T19:13:48.849Z","first_program_activity_at":"2016-10-18T19:13:48.849Z","last_program_activity_at":"2016-10-18T19:13:48.849Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-18T19:13:48.849Z","last_activity_at":"2016-10-18T19:13:51.079Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
145
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225980","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-18T19:13:48.798Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer
|
|
146
|
+
Under-read","description":"The software reads from a buffer using buffer access
|
|
147
|
+
mechanisms such as indexes or pointers that reference memory locations prior
|
|
148
|
+
to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425425","type":"report","attributes":{"title":"fewfewfew","state":"new","created_at":"2016-10-18T17:02:37.361Z","vulnerability_information":"fwefawefe\n\n##
|
|
149
|
+
Impact\n\nfewfewfew","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2019-09-19T05:23:10.079Z","first_program_activity_at":"2016-10-18T17:02:37.427Z","last_program_activity_at":"2019-09-19T05:24:01.166Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2019-09-19T05:24:01.166Z","last_activity_at":"2019-09-19T05:24:01.166Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
150
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"519534","type":"severity","attributes":{"rating":"low","author_type":"Team","user_id":516261,"created_at":"2019-09-19T05:24:01.145Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
|
151
|
+
Underflow","description":"The software writes to a buffer using an index or
|
|
152
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425399","type":"report","attributes":{"title":"htehre","state":"new","created_at":"2016-10-18T15:34:27.207Z","vulnerability_information":"hrehreh\n\n##
|
|
153
|
+
Impact\n\nhreherrehrhh","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-18T15:34:27.260Z","first_program_activity_at":"2016-10-18T15:34:27.260Z","last_program_activity_at":"2016-10-18T15:34:27.260Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-18T15:34:27.260Z","last_activity_at":"2016-10-18T15:35:58.276Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
154
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225912","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-18T15:34:27.234Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
|
155
|
+
Underflow","description":"The software writes to a buffer using an index or
|
|
156
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425184","type":"report","attributes":{"title":"htrhtr","state":"new","created_at":"2016-10-17T23:23:07.652Z","vulnerability_information":"htrhrt\n\n##
|
|
157
|
+
Impact\n\nhtrhtr","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-17T23:23:07.736Z","first_program_activity_at":"2016-10-17T23:23:07.736Z","last_program_activity_at":"2016-10-17T23:23:07.736Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-17T23:23:07.736Z","last_activity_at":"2016-10-17T23:26:41.323Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
158
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
|
|
159
|
+
Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225660","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-17T23:23:07.689Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer
|
|
160
|
+
Under-read","description":"The software reads from a buffer using buffer access
|
|
161
|
+
mechanisms such as indexes or pointers that reference memory locations prior
|
|
162
|
+
to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"424694","type":"report","attributes":{"title":"gregre","state":"new","created_at":"2016-10-16T16:16:11.476Z","vulnerability_information":"gregregre\n\n##
|
|
163
|
+
Impact\n\ngregerg","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-16T16:16:11.543Z","first_program_activity_at":"2016-10-16T16:16:11.543Z","last_program_activity_at":"2016-10-16T16:16:11.543Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-16T16:16:11.543Z","last_activity_at":"2016-10-16T16:16:46.459Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
164
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225129","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-16T16:16:11.512Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer
|
|
165
|
+
Under-read","description":"The software reads from a buffer using buffer access
|
|
166
|
+
mechanisms such as indexes or pointers that reference memory locations prior
|
|
167
|
+
to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415344","type":"report","attributes":{"title":"htrhtr","state":"new","created_at":"2016-09-27T16:32:05.063Z","vulnerability_information":"thrhtrhtr\n\n##
|
|
168
|
+
Impact\n\nthrrthtr","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-27T16:32:05.126Z","first_program_activity_at":"2016-09-27T16:32:05.126Z","last_program_activity_at":"2016-09-27T16:32:05.126Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"issue_tracker_reference_id":"12","last_public_activity_at":"2016-09-27T16:32:05.126Z","last_activity_at":"2016-09-27T17:12:54.153Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
169
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
|
|
170
|
+
Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215876","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-27T16:32:05.095Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute
|
|
171
|
+
Force","description":"The software does not implement sufficient measures
|
|
172
|
+
to prevent multiple failed authentication attempts within in a short time
|
|
173
|
+
frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415144","type":"report","attributes":{"title":"htrh","state":"new","created_at":"2016-09-27T01:00:56.238Z","vulnerability_information":"hhtrhrt\n\n##
|
|
174
|
+
Impact\n\nhtr","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-27T01:00:56.317Z","first_program_activity_at":"2016-09-27T01:00:56.317Z","last_program_activity_at":"2016-09-27T01:01:24.428Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-27T01:01:24.428Z","last_activity_at":"2016-09-27T01:01:25.509Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":28,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
175
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
176
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215668","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-27T01:00:56.277Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
|
177
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
|
178
|
+
or using an array index, but the product does not validate or incorrectly
|
|
179
|
+
validates the index to ensure the index references a valid position within
|
|
180
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415133","type":"report","attributes":{"title":"k78k87","state":"new","created_at":"2016-09-26T23:51:35.228Z","vulnerability_information":"k87k87k87\n\n##
|
|
181
|
+
Impact\n\nk8787kk7k7k78likuj","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-26T23:51:35.299Z","first_program_activity_at":"2016-09-26T23:51:35.299Z","last_program_activity_at":"2016-09-27T00:05:08.131Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-27T00:05:08.131Z","last_activity_at":"2016-09-27T00:05:08.723Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":812,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
182
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
183
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215658","type":"severity","attributes":{"rating":"high","author_type":"User","user_id":175595,"created_at":"2016-09-26T23:51:35.266Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
|
184
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
|
185
|
+
or using an array index, but the product does not validate or incorrectly
|
|
186
|
+
validates the index to ensure the index references a valid position within
|
|
187
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415035","type":"report","attributes":{"title":"greergregreg","state":"new","created_at":"2016-09-26T19:49:53.207Z","vulnerability_information":"ergrgre\n\n##
|
|
188
|
+
Impact\n\ngregreer","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-26T19:49:53.410Z","first_program_activity_at":"2016-09-26T19:49:53.410Z","last_program_activity_at":"2016-09-26T19:53:19.020Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-26T19:53:19.020Z","last_activity_at":"2016-09-26T19:53:20.310Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":205,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
189
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
190
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215530","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-26T19:49:53.250Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute
|
|
191
|
+
Force","description":"The software does not implement sufficient measures
|
|
192
|
+
to prevent multiple failed authentication attempts within in a short time
|
|
193
|
+
frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412631","type":"report","attributes":{"title":"jt","state":"new","created_at":"2016-09-22T00:33:43.979Z","vulnerability_information":"yjt\n\n##
|
|
194
|
+
Impact\n\ntyj","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:33:44.071Z","first_program_activity_at":"2016-09-22T00:33:44.071Z","last_program_activity_at":"2016-09-22T00:33:56.364Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:33:56.364Z","last_activity_at":"2016-09-22T00:33:57.403Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":0,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
195
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
196
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213177","type":"severity","attributes":{"rating":"critical","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:33:44.028Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer
|
|
197
|
+
Under-read","description":"The software reads from a buffer using buffer access
|
|
198
|
+
mechanisms such as indexes or pointers that reference memory locations prior
|
|
199
|
+
to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412630","type":"report","attributes":{"title":"hfg","state":"new","created_at":"2016-09-22T00:32:25.134Z","vulnerability_information":"ghgfh\n\n##
|
|
200
|
+
Impact\n\nhgfgfh","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:32:25.284Z","first_program_activity_at":"2016-09-22T00:32:25.284Z","last_program_activity_at":"2016-09-22T00:32:25.284Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:32:25.284Z","last_activity_at":"2016-09-22T00:32:25.284Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
201
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213176","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:32:25.185Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
|
202
|
+
Underflow","description":"The software writes to a buffer using an index or
|
|
203
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412629","type":"report","attributes":{"title":"hfghgfh","state":"new","created_at":"2016-09-22T00:31:06.361Z","vulnerability_information":"hfghfg\n\n##
|
|
204
|
+
Impact\n\nhgfgh","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:31:06.480Z","first_program_activity_at":"2016-09-22T00:31:06.480Z","last_program_activity_at":"2016-09-22T00:31:21.708Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:31:21.708Z","last_activity_at":"2016-09-22T00:31:23.038Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":0,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
205
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
206
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213175","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:31:06.427Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
|
207
|
+
Underflow","description":"The software writes to a buffer using an index or
|
|
208
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412628","type":"report","attributes":{"title":"fgdgfdfgd","state":"new","created_at":"2016-09-22T00:29:45.651Z","vulnerability_information":"gfdgfdfggfd\n\n##
|
|
209
|
+
Impact\n\nfgdfgdfgdfgd","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:29:45.767Z","first_program_activity_at":"2016-09-22T00:29:45.767Z","last_program_activity_at":"2016-09-22T00:30:17.747Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:30:17.747Z","last_activity_at":"2016-09-22T00:30:18.925Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":0,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
210
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
211
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213174","type":"severity","attributes":{"rating":"high","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:29:45.705Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
|
212
|
+
Underflow","description":"The software writes to a buffer using an index or
|
|
213
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412553","type":"report","attributes":{"title":"fgdfgdfgd","state":"new","created_at":"2016-09-21T19:00:54.504Z","vulnerability_information":"gfdgfdfgd\n\n##
|
|
214
|
+
Impact\n\nfgdgfd","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-21T19:00:54.614Z","first_program_activity_at":"2016-09-21T19:00:54.614Z","last_program_activity_at":"2016-09-22T00:28:56.690Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:28:56.690Z","last_activity_at":"2016-09-22T00:28:58.458Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":17945,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
215
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
216
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213079","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-21T19:00:54.556Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute
|
|
217
|
+
Force","description":"The software does not implement sufficient measures
|
|
218
|
+
to prevent multiple failed authentication attempts within in a short time
|
|
219
|
+
frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"411276","type":"report","attributes":{"title":"Demo
|
|
220
|
+
report: XSS in GitHub test home page","state":"new","created_at":"2016-09-18T22:37:10.591Z","vulnerability_information":"In
|
|
221
|
+
some ***fantasy world***, the home page of GitHub test is vulnerable to an
|
|
222
|
+
*imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2.
|
|
223
|
+
Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press
|
|
224
|
+
enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability
|
|
225
|
+
allows us to run an external script on your website that for example steals
|
|
226
|
+
the cookies of the users that''s facing the XSS and thus gaining access to
|
|
227
|
+
the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-21T22:37:12.860Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-21T22:37:12.860Z","last_activity_at":"2016-09-21T22:37:12.860Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo
|
|
228
|
+
Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
|
|
229
|
+
Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
|
230
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
|
231
|
+
or using an array index, but the product does not validate or incorrectly
|
|
232
|
+
validates the index to ensure the index references a valid position within
|
|
233
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"411263","type":"report","attributes":{"title":"Demo
|
|
234
|
+
report: XSS in GitHub test home page","state":"new","created_at":"2016-09-18T21:17:14.574Z","vulnerability_information":"In
|
|
235
|
+
some ***fantasy world***, the home page of GitHub test is vulnerable to an
|
|
236
|
+
*imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2.
|
|
237
|
+
Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press
|
|
238
|
+
enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability
|
|
239
|
+
allows us to run an external script on your website that for example steals
|
|
240
|
+
the cookies of the users that''s facing the XSS and thus gaining access to
|
|
241
|
+
the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-21T21:17:28.659Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-21T21:17:28.659Z","last_activity_at":"2016-09-21T21:17:28.659Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo
|
|
242
|
+
Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
243
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
|
244
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
|
245
|
+
or using an array index, but the product does not validate or incorrectly
|
|
246
|
+
validates the index to ensure the index references a valid position within
|
|
247
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"391124","type":"report","attributes":{"title":"HACK
|
|
248
|
+
FOUND","state":"new","created_at":"2016-08-07T00:13:41.128Z","vulnerability_information":"YOU
|
|
249
|
+
HAVE BEEN HACKED LOLOLOLOL\n\n## Impact\n\nHACK YOU","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-08-07T00:13:41.292Z","first_program_activity_at":"2016-08-07T00:13:41.292Z","last_program_activity_at":"2016-08-07T00:13:41.292Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-08-07T00:13:41.292Z","last_activity_at":"2016-08-07T00:13:41.292Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"291079","type":"user","attributes":{"username":"rzhade3","name":"Rahul
|
|
250
|
+
Zhade","disabled":false,"created_at":"2016-06-12T17:43:40.852Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBdW1YIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--ccec2bdbe3c2291cc1ccf84fb84723b0809a1cb6/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/octocat.png"},"bio":"Application
|
|
251
|
+
Security @GitHub","website":"https://zhade.dev","location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"192505","type":"severity","attributes":{"rating":"critical","author_type":"User","user_id":291079,"created_at":"2016-08-07T00:13:41.194Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute
|
|
252
|
+
Force","description":"The software does not implement sufficient measures
|
|
253
|
+
to prevent multiple failed authentication attempts within in a short time
|
|
254
|
+
frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"389780","type":"report","attributes":{"title":"Demo
|
|
255
|
+
report: XSS in GitHub test home page","state":"new","created_at":"2016-08-02T21:24:11.500Z","vulnerability_information":"In
|
|
256
|
+
some ***fantasy world***, the home page of GitHub test is vulnerable to an
|
|
257
|
+
*imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2.
|
|
258
|
+
Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press
|
|
259
|
+
enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability
|
|
260
|
+
allows us to run an external script on your website that for example steals
|
|
261
|
+
the cookies of the users that''s facing the XSS and thus gaining access to
|
|
262
|
+
the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-08-05T21:24:26.989Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-08-05T21:24:26.989Z","last_activity_at":"2016-08-05T21:24:26.989Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":"2016-09-14T21:24:11.500Z","timer_first_program_response_miss_at":"2016-08-03T21:24:11.500Z","timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":"2016-09-14T21:24:11.500Z","timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":"2016-08-06T21:24:11.500Z","timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo
|
|
263
|
+
Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"291079","type":"user","attributes":{"username":"rzhade3","name":"Rahul
|
|
264
|
+
Zhade","disabled":false,"created_at":"2016-06-12T17:43:40.852Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBdW1YIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--ccec2bdbe3c2291cc1ccf84fb84723b0809a1cb6/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/octocat.png"},"signal":null,"impact":null,"reputation":null,"bio":"Application
|
|
265
|
+
Security @GitHub","website":"https://zhade.dev","location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
|
266
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
|
267
|
+
or using an array index, but the product does not validate or incorrectly
|
|
268
|
+
validates the index to ensure the index references a valid position within
|
|
269
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}}],"links":{}}'
|
|
270
|
+
recorded_at: Tue, 26 Jan 2021 01:59:08 GMT
|
|
271
|
+
recorded_with: VCR 6.0.0
|
data/hackerone-client.gemspec
CHANGED
|
@@ -12,8 +12,9 @@ Gem::Specification.new do |spec|
|
|
|
12
12
|
spec.email = ["neil.matatall@gmail.com"]
|
|
13
13
|
|
|
14
14
|
spec.summary = %q{A limited client for the HackerOne API}
|
|
15
|
-
spec.homepage = "https://github.com/
|
|
15
|
+
spec.homepage = "https://github.com/github/hackerone-client"
|
|
16
16
|
spec.license = "MIT"
|
|
17
|
+
spec.required_ruby_version = ">= 2.6.0"
|
|
17
18
|
|
|
18
19
|
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
|
19
20
|
f.match(%r{^(test|spec|features)/})
|
|
@@ -78,9 +78,9 @@ module HackerOne
|
|
|
78
78
|
|
|
79
79
|
def balance
|
|
80
80
|
response_body = make_get_request(
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
81
|
+
"programs/#{id}/billing/balance"
|
|
82
|
+
)
|
|
83
|
+
BillingBalance.new(response_body).balance
|
|
84
84
|
end
|
|
85
85
|
|
|
86
86
|
private
|
data/lib/hackerone/client.rb
CHANGED
|
@@ -2,7 +2,8 @@
|
|
|
2
2
|
|
|
3
3
|
require "faraday"
|
|
4
4
|
require "json"
|
|
5
|
-
require "active_support
|
|
5
|
+
require "active_support"
|
|
6
|
+
require "active_support/core_ext/numeric/time"
|
|
6
7
|
require_relative "client/version"
|
|
7
8
|
require_relative "client/report"
|
|
8
9
|
require_relative "client/activity"
|
|
@@ -84,19 +85,26 @@ module HackerOne
|
|
|
84
85
|
#
|
|
85
86
|
# program: the HackerOne program to search on (configure globally with Hackerone::Client.program=)
|
|
86
87
|
# since (optional): a time bound, don't include reports earlier than +since+. Must be a DateTime object.
|
|
88
|
+
# before (optional): a time bound, don't include reports later than +before+. Must be a DateTime object.
|
|
87
89
|
# state (optional): state that a report is in, by default new
|
|
88
90
|
#
|
|
89
91
|
# returns all open reports or an empty array
|
|
90
|
-
def reports(since: 3.days.ago, state: :new)
|
|
92
|
+
def reports(since: 3.days.ago, before: nil, state: :new)
|
|
91
93
|
raise ArgumentError, "Program cannot be nil" unless program
|
|
92
94
|
raise ArgumentError, "State is invalid" unless REPORT_STATES.include?(state.to_s)
|
|
93
95
|
|
|
94
96
|
response = self.class.hackerone_api_connection.get do |req|
|
|
95
97
|
options = {
|
|
96
98
|
"filter[state][]" => state,
|
|
97
|
-
"filter[program][]" => program
|
|
98
|
-
"filter[created_at__gt]" => since.iso8601
|
|
99
|
+
"filter[program][]" => program
|
|
99
100
|
}
|
|
101
|
+
unless since.nil?
|
|
102
|
+
options["filter[created_at__gt]"] = since.iso8601
|
|
103
|
+
end
|
|
104
|
+
unless before.nil?
|
|
105
|
+
options["filter[created_at__lt]"] = before.iso8601
|
|
106
|
+
end
|
|
107
|
+
|
|
100
108
|
req.url "reports", options
|
|
101
109
|
end
|
|
102
110
|
|
|
@@ -194,7 +202,7 @@ module HackerOne
|
|
|
194
202
|
end
|
|
195
203
|
|
|
196
204
|
@connection ||= Faraday.new(url: "https://api.hackerone.com/v1") do |faraday|
|
|
197
|
-
faraday.
|
|
205
|
+
faraday.request(:authorization, :basic, ENV["HACKERONE_TOKEN_NAME"], ENV["HACKERONE_TOKEN"])
|
|
198
206
|
faraday.adapter Faraday.default_adapter
|
|
199
207
|
end
|
|
200
208
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hackerone-client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.22.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Neil Matatall
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-01-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -108,7 +108,7 @@ dependencies:
|
|
|
108
108
|
- - ">="
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
110
|
version: '0'
|
|
111
|
-
description:
|
|
111
|
+
description:
|
|
112
112
|
email:
|
|
113
113
|
- neil.matatall@gmail.com
|
|
114
114
|
executables: []
|
|
@@ -121,6 +121,7 @@ files:
|
|
|
121
121
|
- ".rubocop.yml"
|
|
122
122
|
- ".travis.yml"
|
|
123
123
|
- CHANGELOG.md
|
|
124
|
+
- CODEOWNERS
|
|
124
125
|
- CODE_OF_CONDUCT.md
|
|
125
126
|
- CONTRIBUTING.md
|
|
126
127
|
- Gemfile
|
|
@@ -128,6 +129,8 @@ files:
|
|
|
128
129
|
- LICENSE.txt
|
|
129
130
|
- README.md
|
|
130
131
|
- Rakefile
|
|
132
|
+
- SECURITY.md
|
|
133
|
+
- SUPPORT.md
|
|
131
134
|
- bin/console
|
|
132
135
|
- bin/setup
|
|
133
136
|
- fixtures/vcr_cassettes/add_comment.yml
|
|
@@ -152,6 +155,7 @@ files:
|
|
|
152
155
|
- fixtures/vcr_cassettes/programs.yml
|
|
153
156
|
- fixtures/vcr_cassettes/report.yml
|
|
154
157
|
- fixtures/vcr_cassettes/report_list.yml
|
|
158
|
+
- fixtures/vcr_cassettes/report_list_before.yml
|
|
155
159
|
- fixtures/vcr_cassettes/report_list_triaged.yml
|
|
156
160
|
- fixtures/vcr_cassettes/reporters.yml
|
|
157
161
|
- fixtures/vcr_cassettes/server_error.yml
|
|
@@ -185,11 +189,11 @@ files:
|
|
|
185
189
|
- lib/hackerone/client/user.rb
|
|
186
190
|
- lib/hackerone/client/version.rb
|
|
187
191
|
- lib/hackerone/client/weakness.rb
|
|
188
|
-
homepage: https://github.com/
|
|
192
|
+
homepage: https://github.com/github/hackerone-client
|
|
189
193
|
licenses:
|
|
190
194
|
- MIT
|
|
191
195
|
metadata: {}
|
|
192
|
-
post_install_message:
|
|
196
|
+
post_install_message:
|
|
193
197
|
rdoc_options: []
|
|
194
198
|
require_paths:
|
|
195
199
|
- lib
|
|
@@ -197,15 +201,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
197
201
|
requirements:
|
|
198
202
|
- - ">="
|
|
199
203
|
- !ruby/object:Gem::Version
|
|
200
|
-
version:
|
|
204
|
+
version: 2.6.0
|
|
201
205
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
202
206
|
requirements:
|
|
203
207
|
- - ">="
|
|
204
208
|
- !ruby/object:Gem::Version
|
|
205
209
|
version: '0'
|
|
206
210
|
requirements: []
|
|
207
|
-
rubygems_version: 3.0.
|
|
208
|
-
signing_key:
|
|
211
|
+
rubygems_version: 3.0.9
|
|
212
|
+
signing_key:
|
|
209
213
|
specification_version: 4
|
|
210
214
|
summary: A limited client for the HackerOne API
|
|
211
215
|
test_files: []
|