hackerone-client 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (21) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +14 -0
  3. data/.rspec +2 -0
  4. data/.travis.yml +5 -0
  5. data/CODE_OF_CONDUCT.md +74 -0
  6. data/Gemfile +11 -0
  7. data/Guardfile +16 -0
  8. data/LICENSE.txt +21 -0
  9. data/README.md +47 -0
  10. data/Rakefile +6 -0
  11. data/bin/console +14 -0
  12. data/bin/setup +8 -0
  13. data/fixtures/vcr_cassettes/empty_report_list.yml +71 -0
  14. data/fixtures/vcr_cassettes/missing_report.yml +69 -0
  15. data/fixtures/vcr_cassettes/report.yml +464 -0
  16. data/fixtures/vcr_cassettes/report_list.yml +240 -0
  17. data/hackerone-client.gemspec +30 -0
  18. data/lib/hackerone/client.rb +113 -0
  19. data/lib/hackerone/client/report.rb +115 -0
  20. data/lib/hackerone/client/version.rb +5 -0
  21. metadata +167 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: bcc588d40179f394d2cc734aada04d6aa6f833d3
4
+ data.tar.gz: a5e1308a84d5cd694712f8c5b2b8ef1ce8c56e14
5
+ SHA512:
6
+ metadata.gz: 3e89f3adc90d17c2d70b8366c8b32f83227e8bf91c3cbb012d56c58a662d5a50ed3be613e4606e8aa897b700efbd5842fdce52ec64c01a7ca22a8e905c396049
7
+ data.tar.gz: cdd8a9d7318872eb59466b824c7b8d59ceb15a1fec72aa0cf1a11e01511f22c543c069ecd002278ca99d464ae39a11d3c34d626103e490a9163858b1b2adfba7
data/.gitignore ADDED
@@ -0,0 +1,14 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
10
+
11
+ # rspec failure tracking
12
+ .rspec_status
13
+ *.gem
14
+ .ruby-version
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --format documentation
2
+ --color
data/.travis.yml ADDED
@@ -0,0 +1,5 @@
1
+ sudo: false
2
+ language: ruby
3
+ rvm:
4
+ - 2.3.1
5
+ before_install: gem install bundler -v 1.14.4
data/CODE_OF_CONDUCT.md ADDED
@@ -0,0 +1,74 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ In the interest of fostering an open and welcoming environment, we as
6
+ contributors and maintainers pledge to making participation in our project and
7
+ our community a harassment-free experience for everyone, regardless of age, body
8
+ size, disability, ethnicity, gender identity and expression, level of experience,
9
+ nationality, personal appearance, race, religion, or sexual identity and
10
+ orientation.
11
+
12
+ ## Our Standards
13
+
14
+ Examples of behavior that contributes to creating a positive environment
15
+ include:
16
+
17
+ * Using welcoming and inclusive language
18
+ * Being respectful of differing viewpoints and experiences
19
+ * Gracefully accepting constructive criticism
20
+ * Focusing on what is best for the community
21
+ * Showing empathy towards other community members
22
+
23
+ Examples of unacceptable behavior by participants include:
24
+
25
+ * The use of sexualized language or imagery and unwelcome sexual attention or
26
+ advances
27
+ * Trolling, insulting/derogatory comments, and personal or political attacks
28
+ * Public or private harassment
29
+ * Publishing others' private information, such as a physical or electronic
30
+ address, without explicit permission
31
+ * Other conduct which could reasonably be considered inappropriate in a
32
+ professional setting
33
+
34
+ ## Our Responsibilities
35
+
36
+ Project maintainers are responsible for clarifying the standards of acceptable
37
+ behavior and are expected to take appropriate and fair corrective action in
38
+ response to any instances of unacceptable behavior.
39
+
40
+ Project maintainers have the right and responsibility to remove, edit, or
41
+ reject comments, commits, code, wiki edits, issues, and other contributions
42
+ that are not aligned to this Code of Conduct, or to ban temporarily or
43
+ permanently any contributor for other behaviors that they deem inappropriate,
44
+ threatening, offensive, or harmful.
45
+
46
+ ## Scope
47
+
48
+ This Code of Conduct applies both within project spaces and in public spaces
49
+ when an individual is representing the project or its community. Examples of
50
+ representing a project or community include using an official project e-mail
51
+ address, posting via an official social media account, or acting as an appointed
52
+ representative at an online or offline event. Representation of a project may be
53
+ further defined and clarified by project maintainers.
54
+
55
+ ## Enforcement
56
+
57
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
+ reported by contacting the project team at oreoshake@users.noreply.github.com. All
59
+ complaints will be reviewed and investigated and will result in a response that
60
+ is deemed necessary and appropriate to the circumstances. The project team is
61
+ obligated to maintain confidentiality with regard to the reporter of an incident.
62
+ Further details of specific enforcement policies may be posted separately.
63
+
64
+ Project maintainers who do not follow or enforce the Code of Conduct in good
65
+ faith may face temporary or permanent repercussions as determined by other
66
+ members of the project's leadership.
67
+
68
+ ## Attribution
69
+
70
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71
+ available at [http://contributor-covenant.org/version/1/4][version]
72
+
73
+ [homepage]: http://contributor-covenant.org
74
+ [version]: http://contributor-covenant.org/version/1/4/
data/Gemfile ADDED
@@ -0,0 +1,11 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in hackerone-client.gemspec
4
+ gemspec
5
+
6
+ group :guard do
7
+ gem "pry"
8
+ gem "growl", :require => RUBY_PLATFORM.include?('darwin') && 'growl'
9
+ gem "rb-fsevent", :require => RUBY_PLATFORM.include?('darwin') && 'rb-fsevent'
10
+ gem "guard-rspec"
11
+ end
data/Guardfile ADDED
@@ -0,0 +1,16 @@
1
+ guard :rspec, cmd: "bundle exec rspec" do
2
+ require "guard/rspec/dsl"
3
+ dsl = Guard::RSpec::Dsl.new(self)
4
+
5
+ # Feel free to open issues for suggestions and improvements
6
+
7
+ # RSpec files
8
+ rspec = dsl.rspec
9
+ watch(rspec.spec_helper) { rspec.spec_dir }
10
+ watch(rspec.spec_support) { rspec.spec_dir }
11
+ watch(rspec.spec_files)
12
+
13
+ # Ruby files
14
+ ruby = dsl.ruby
15
+ dsl.watch_spec_files_for(ruby.lib_files)
16
+ end
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2017 Neil Matatall
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,47 @@
1
+ # Hackerone::Client
2
+
3
+ A limited client library for interacting with HackerOne. Currently only supports two endpoints:
4
+
5
+ * `/reports` returns all reports in the "new" state for a given program
6
+ * `/report/{id}` returns report data for a given report
7
+
8
+ ## Usage
9
+
10
+ ### Credential management
11
+
12
+ You'll need to generate an API token on https://hackerone.com/<program>/api.
13
+
14
+ * Click "Create API token"
15
+ * Name the token
16
+ * Click "Create"
17
+ * Copy down the value
18
+
19
+ Set the `HACKERONE_TOKEN` and `HACKERONE_TOKEN_NAME` environment variables.
20
+
21
+ ### Program name
22
+
23
+ In order to retrieve all reports for a given program, you need to supply a default program:
24
+
25
+ ```ruby
26
+ HackerOne::Client.program = "github"
27
+ ```
28
+
29
+ ### Risk classification
30
+
31
+ Configure the low/med/high/crit ranges for easier classification based on payouts:
32
+
33
+ ```ruby
34
+ HackerOne::Client.low_range = 1..999
35
+ HackerOne::Client.medium_range = 1000...2500
36
+ HackerOne::Client.high_range = 2500...5000
37
+ HackerOne::Client.critical_range = 5000...100_000_000
38
+ ```
39
+
40
+ ## Contributing
41
+
42
+ Bug reports and pull requests are welcome on GitHub at https://github.com/oreoshake/hackerone-client. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
43
+
44
+
45
+ ## License
46
+
47
+ The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "hackerone/client"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
data/fixtures/vcr_cassettes/empty_report_list.yml ADDED
@@ -0,0 +1,71 @@
1
+ ---
2
+ http_interactions:
3
+ - request:
4
+ method: get
5
+ uri: https://api.hackerone.com/v1/reports?filter%5Bcreated_at__gt%5D=2017-02-11T16:00:44-10:00&filter%5Bprogram%5D%5B0%5D=github&filter%5Bstate%5D%5B0%5D=new
6
+ body:
7
+ encoding: US-ASCII
8
+ string: ''
9
+ headers:
10
+ Authorization:
11
+ - Basic 123=
12
+ User-Agent:
13
+ - Faraday v0.11.0
14
+ Accept-Encoding:
15
+ - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
16
+ Accept:
17
+ - "*/*"
18
+ response:
19
+ status:
20
+ code: 200
21
+ message: OK
22
+ headers:
23
+ Date:
24
+ - Wed, 15 Feb 2017 02:00:44 GMT
25
+ Content-Type:
26
+ - application/json; charset=utf-8
27
+ Transfer-Encoding:
28
+ - chunked
29
+ Connection:
30
+ - keep-alive
31
+ Set-Cookie:
32
+ - __cfduid=123; expires=Thu, 15-Feb-18
33
+ 02:00:44 GMT; path=/; Domain=api.hackerone.com; HttpOnly
34
+ X-Request-Id:
35
+ - ae9893cb-0d8c-4481-86da-a5b2622e3b3c
36
+ Etag:
37
+ - W/"2f7f00d7f6925232d6ce911820aca337"
38
+ Cache-Control:
39
+ - max-age=0, private, must-revalidate
40
+ Strict-Transport-Security:
41
+ - max-age=31536000; includeSubDomains; preload
42
+ Content-Security-Policy:
43
+ - default-src 'none'; connect-src 'self' www.google-analytics.com errors.hackerone.net;
44
+ font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'
45
+ 'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598
46
+ X-Content-Type-Options:
47
+ - nosniff
48
+ X-Download-Options:
49
+ - noopen
50
+ X-Frame-Options:
51
+ - DENY
52
+ X-Permitted-Cross-Domain-Policies:
53
+ - none
54
+ X-Xss-Protection:
55
+ - 1; mode=block
56
+ Public-Key-Pins-Report-Only:
57
+ - pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
58
+ pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
59
+ pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
60
+ pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
61
+ report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
62
+ Server:
63
+ - cloudflare-nginx
64
+ Cf-Ray:
65
+ - 33152afcd96b5414-LAX
66
+ body:
67
+ encoding: ASCII-8BIT
68
+ string: '{"data":[],"links":{}}'
69
+ http_version:
70
+ recorded_at: Wed, 15 Feb 2017 02:00:44 GMT
71
+ recorded_with: VCR 3.0.3
data/fixtures/vcr_cassettes/missing_report.yml ADDED
@@ -0,0 +1,69 @@
1
+ ---
2
+ http_interactions:
3
+ - request:
4
+ method: get
5
+ uri: https://api.hackerone.com/v1/reports/404
6
+ body:
7
+ encoding: US-ASCII
8
+ string: ''
9
+ headers:
10
+ Authorization:
11
+ - Basic 123
12
+ User-Agent:
13
+ - Faraday v0.11.0
14
+ Accept-Encoding:
15
+ - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
16
+ Accept:
17
+ - "*/*"
18
+ response:
19
+ status:
20
+ code: 403
21
+ message: Forbidden
22
+ headers:
23
+ Date:
24
+ - Wed, 15 Feb 2017 01:01:18 GMT
25
+ Content-Type:
26
+ - application/json; charset=utf-8
27
+ Transfer-Encoding:
28
+ - chunked
29
+ Connection:
30
+ - keep-alive
31
+ Set-Cookie:
32
+ - __cfduid=123; expires=Thu, 15-Feb-18
33
+ 01:01:17 GMT; path=/; Domain=api.hackerone.com; HttpOnly
34
+ X-Request-Id:
35
+ - 21757437-7a32-4560-af4a-885b09f20381
36
+ Cache-Control:
37
+ - no-cache
38
+ Strict-Transport-Security:
39
+ - max-age=31536000; includeSubDomains; preload
40
+ Content-Security-Policy:
41
+ - default-src 'none'; connect-src 'self' www.google-analytics.com errors.hackerone.net;
42
+ font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'
43
+ 'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598
44
+ X-Content-Type-Options:
45
+ - nosniff
46
+ X-Download-Options:
47
+ - noopen
48
+ X-Frame-Options:
49
+ - DENY
50
+ X-Permitted-Cross-Domain-Policies:
51
+ - none
52
+ X-Xss-Protection:
53
+ - 1; mode=block
54
+ Public-Key-Pins-Report-Only:
55
+ - pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
56
+ pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
57
+ pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
58
+ pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
59
+ report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
60
+ Server:
61
+ - cloudflare-nginx
62
+ Cf-Ray:
63
+ - 3314d3eb0b6653a8-LAX
64
+ body:
65
+ encoding: ASCII-8BIT
66
+ string: '{"errors":[{"status":403}]}'
67
+ http_version:
68
+ recorded_at: Wed, 15 Feb 2017 01:01:18 GMT
69
+ recorded_with: VCR 3.0.3
data/fixtures/vcr_cassettes/report.yml ADDED
@@ -0,0 +1,464 @@
1
+ ---
2
+ http_interactions:
3
+ - request:
4
+ method: get
5
+ uri: https://api.hackerone.com/v1/reports/200
6
+ body:
7
+ encoding: US-ASCII
8
+ string: ''
9
+ headers:
10
+ Authorization:
11
+ - Basic nope=
12
+ User-Agent:
13
+ - Faraday v0.11.0
14
+ Accept-Encoding:
15
+ - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
16
+ Accept:
17
+ - "*/*"
18
+ response:
19
+ status:
20
+ code: 200
21
+ message: OK
22
+ headers:
23
+ Date:
24
+ - Wed, 15 Feb 2017 00:50:01 GMT
25
+ Content-Type:
26
+ - application/json; charset=utf-8
27
+ Transfer-Encoding:
28
+ - chunked
29
+ Connection:
30
+ - keep-alive
31
+ Set-Cookie:
32
+ - __cfduid=123; expires=Thu, 15-Feb-18
33
+ 00:50:01 GMT; path=/; Domain=api.hackerone.com; HttpOnly
34
+ X-Request-Id:
35
+ - 345
36
+ Etag:
37
+ - W/"8dfc97642d70f82b560e989d44e19eac"
38
+ Cache-Control:
39
+ - max-age=0, private, must-revalidate
40
+ Strict-Transport-Security:
41
+ - max-age=31536000; includeSubDomains; preload
42
+ Content-Security-Policy:
43
+ - default-src 'none'; connect-src 'self' www.google-analytics.com errors.hackerone.net;
44
+ font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'
45
+ 'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=123
46
+ X-Content-Type-Options:
47
+ - nosniff
48
+ X-Download-Options:
49
+ - noopen
50
+ X-Frame-Options:
51
+ - DENY
52
+ X-Permitted-Cross-Domain-Policies:
53
+ - none
54
+ X-Xss-Protection:
55
+ - 1; mode=block
56
+ Public-Key-Pins-Report-Only:
57
+ - pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
58
+ pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
59
+ pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
60
+ pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
61
+ report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
62
+ Server:
63
+ - cloudflare-nginx
64
+ Cf-Ray:
65
+ - 3314c3653e302126-LAX
66
+ body:
67
+ encoding: ASCII-8BIT
68
+ string: '{
69
+ "data": {
70
+ "id": "200",
71
+ "type": "report",
72
+ "attributes": {
73
+ "title": "Sweet Vuln",
74
+ "state": "triaged",
75
+ "created_at": "2017-01-21T00:20:37.966Z",
76
+ "vulnerability_information": "some kind of description",
77
+ "triaged_at": "2017-01-21T17:15:20.272Z",
78
+ "closed_at": null,
79
+ "last_reporter_activity_at": "2017-02-02T06:31:09.905Z",
80
+ "first_program_activity_at": "2017-01-21T17:15:20.272Z",
81
+ "last_program_activity_at": "2017-02-02T06:28:10.594Z",
82
+ "bounty_awarded_at": "2017-02-02T06:27:53.522Z",
83
+ "swag_awarded_at": "2017-02-02T06:28:10.594Z",
84
+ "disclosed_at": null,
85
+ "last_activity_at": "2017-02-02T06:31:09.905Z",
86
+ "issue_tracker_reference_id": "67650",
87
+ "issue_tracker_reference_url": "https://github.com/internal/repo/issues/123456"
88
+ },
89
+ "relationships": {
90
+ "reporter": {
91
+ "data": {
92
+ "attributes": {
93
+ "reputation": 433,
94
+ "signal": 2.45454545454545,
95
+ "impact": 18.3333333333333,
96
+ "username": "made-up-user",
97
+ "name": "",
98
+ "disabled": false,
99
+ "created_at": "2014-02-03T20:51:12.261Z",
100
+ "profile_picture": {
101
+ "62x62": "/assets/avatars/default-123.png",
102
+ "82x82": "/assets/avatars/default-123.png",
103
+ "110x110": "/assets/avatars/default-123.png",
104
+ "260x260": "/assets/avatars/default-123.png"
105
+ }
106
+ },
107
+ "id": "2463",
108
+ "type": "user"
109
+ }
110
+ },
111
+ "assignee": {
112
+ "data": {
113
+ "type": "user",
114
+ "id": "57690",
115
+ "attributes": {
116
+ "username": "ndm-github",
117
+ "name": "Neil Matatall",
118
+ "disabled": false,
119
+ "created_at": "2016-02-24T01:33:01.258Z",
120
+ "profile_picture": {
121
+ "62x62": "https://profile-photos.hackerone-user-content.com/production/000/057/690/1e0c9ef6fc8bcc17806ae82e6f73cdd4d0e74eb9_small.jpg?1469554487",
122
+ "82x82": "https://profile-photos.hackerone-user-content.com/production/000/057/690/f6a17c40a6c910ba801014d1498b55727ea858e3_medium.jpg?1469554487",
123
+ "110x110": "https://profile-photos.hackerone-user-content.com/production/000/057/690/2259dde15230756d99f68a9ca824af11081ab965_large.jpg?1469554487",
124
+ "260x260": "https://profile-photos.hackerone-user-content.com/production/000/057/690/6d2da33805fef8b8ac4cf513e1562699e79365e0_xtralarge.jpg?1469554487"
125
+ }
126
+ }
127
+ }
128
+ },
129
+ "program": {
130
+ "data": {
131
+ "id": "1894",
132
+ "type": "program",
133
+ "attributes": {
134
+ "handle": "github",
135
+ "created_at": "2015-05-29T20:12:03.091Z",
136
+ "updated_at": "2017-02-14T18:45:11.035Z"
137
+ }
138
+ }
139
+ },
140
+ "severity": {
141
+ "data": {
142
+ "id": "20763",
143
+ "type": "severity",
144
+ "attributes": {
145
+ "rating": "medium",
146
+ "author_type": "User",
147
+ "user_id": 2463,
148
+ "created_at": "2017-01-21T00:20:38.061Z",
149
+ "score": 6.5,
150
+ "attack_complexity": "high",
151
+ "attack_vector": "network",
152
+ "availability": "low",
153
+ "confidentiality": "low",
154
+ "integrity": "low",
155
+ "privileges_required": "none",
156
+ "user_interaction": "none",
157
+ "scope": "changed"
158
+ }
159
+ }
160
+ },
161
+ "swag": {
162
+ "data": [
163
+ {
164
+ "id": "1645",
165
+ "type": "swag",
166
+ "attributes": {
167
+ "sent": false,
168
+ "created_at": "2017-02-02T06:28:10.563Z"
169
+ },
170
+ "relationships": {
171
+ "address": {
172
+ "data": {
173
+ "id": "809",
174
+ "type": "address",
175
+ "attributes": {
176
+ "name": "Reporter",
177
+ "street": "123 Main St",
178
+ "city": "America Town",
179
+ "postal_code": "12345",
180
+ "state": "California",
181
+ "country": "United States",
182
+ "created_at": "2017-01-31T11:14:41.803Z",
183
+ "tshirt_size": "Large",
184
+ "phone_number": "+1234565789"
185
+ }
186
+ }
187
+ }
188
+ }
189
+ }
190
+ ]
191
+ },
192
+ "attachments": {
193
+ "data": [
194
+
195
+ ]
196
+ },
197
+ "vulnerability_types": {
198
+ "data": [
199
+ {
200
+ "id": "25110",
201
+ "type": "vulnerability-type",
202
+ "attributes": {
203
+ "name": "Information Disclosure",
204
+ "description": "Exposure of system information, sensitive or private information, fingerprinting, etc.\n",
205
+ "created_at": "2016-01-28T13:34:08.945Z"
206
+ }
207
+ }
208
+ ]
209
+ },
210
+ "activities": {
211
+ "data": [
212
+ {
213
+ "type": "activity-swag-awarded",
214
+ "id": "1457842",
215
+ "attributes": {
216
+ "message": "",
217
+ "created_at": "2017-02-02T06:28:10.594Z",
218
+ "updated_at": "2017-02-02T06:28:10.594Z",
219
+ "internal": false
220
+ },
221
+ "relationships": {
222
+ "actor": {
223
+ "data": {
224
+ "type": "program",
225
+ "id": "1894",
226
+ "attributes": {
227
+ "handle": "github",
228
+ "created_at": "2015-05-29T20:12:03.091Z",
229
+ "updated_at": "2017-02-14T18:45:11.035Z"
230
+ }
231
+ }
232
+ },
233
+ "swag": {
234
+ "data": {
235
+ "id": "1645",
236
+ "type": "swag",
237
+ "attributes": {
238
+ "sent": false,
239
+ "created_at": "2017-02-02T06:28:10.563Z"
240
+ },
241
+ "relationships": {
242
+ "address": {
243
+ "data": {
244
+ "id": "809",
245
+ "type": "address",
246
+ "attributes": {
247
+ "name": "Reporter",
248
+ "street": "123 Main St",
249
+ "city": "America Town",
250
+ "postal_code": "12345",
251
+ "state": "California",
252
+ "country": "United States",
253
+ "created_at": "2017-01-31T11:14:41.803Z",
254
+ "tshirt_size": "Large",
255
+ "phone_number": "+1234565789"
256
+ }
257
+ }
258
+ }
259
+ }
260
+ }
261
+ }
262
+ }
263
+ },
264
+ {
265
+ "type": "activity-bounty-awarded",
266
+ "id": "1457841",
267
+ "attributes": {
268
+ "message": "The security team has had a chance to assess the severity and impact of this vulnerability and we would like to offer you a $500 USD reward and send you some swag. While the header injection risk was real, we feel that this was not actually exploitable in any way. The header values are joined by a `,` reducing the risk of any path traversals. If you are able to produce an exploit leading to data leakage or worse, we can revisit this. \n\nThanks,\nNeil\n",
269
+ "created_at": "2017-02-02T06:27:53.522Z",
270
+ "updated_at": "2017-02-02T06:27:53.522Z",
271
+ "internal": false,
272
+ "bounty_amount": "500"
273
+ },
274
+ "relationships": {
275
+ "actor": {
276
+ "data": {
277
+ "type": "user",
278
+ "id": "57690",
279
+ "attributes": {
280
+ "username": "ndm-github",
281
+ "name": "Neil Matatall",
282
+ "disabled": false,
283
+ "created_at": "2016-02-24T01:33:01.258Z",
284
+ "profile_picture": {
285
+ "62x62": "https://profile-photos.hackerone-user-content.com/production/000/057/690/1e0c9ef6fc8bcc17806ae82e6f73cdd4d0e74eb9_small.jpg?1469554487",
286
+ "82x82": "https://profile-photos.hackerone-user-content.com/production/000/057/690/f6a17c40a6c910ba801014d1498b55727ea858e3_medium.jpg?1469554487",
287
+ "110x110": "https://profile-photos.hackerone-user-content.com/production/000/057/690/2259dde15230756d99f68a9ca824af11081ab965_large.jpg?1469554487",
288
+ "260x260": "https://profile-photos.hackerone-user-content.com/production/000/057/690/6d2da33805fef8b8ac4cf513e1562699e79365e0_xtralarge.jpg?1469554487"
289
+ }
290
+ }
291
+ }
292
+ }
293
+ }
294
+ },
295
+ {
296
+ "type": "activity-bounty-awarded",
297
+ "id": "1457841",
298
+ "attributes": {
299
+ "message": "The here''s an extra payout",
300
+ "created_at": "2017-02-02T06:27:53.522Z",
301
+ "updated_at": "2017-02-02T06:27:53.522Z",
302
+ "internal": false,
303
+ "bounty_amount": "250"
304
+ },
305
+ "relationships": {
306
+ "actor": {
307
+ "data": {
308
+ "type": "user",
309
+ "id": "57690",
310
+ "attributes": {
311
+ "username": "ndm-github",
312
+ "name": "Neil Matatall",
313
+ "disabled": false,
314
+ "created_at": "2016-02-24T01:33:01.258Z",
315
+ "profile_picture": {
316
+ "62x62": "https://profile-photos.hackerone-user-content.com/production/000/057/690/1e0c9ef6fc8bcc17806ae82e6f73cdd4d0e74eb9_small.jpg?1469554487",
317
+ "82x82": "https://profile-photos.hackerone-user-content.com/production/000/057/690/f6a17c40a6c910ba801014d1498b55727ea858e3_medium.jpg?1469554487",
318
+ "110x110": "https://profile-photos.hackerone-user-content.com/production/000/057/690/2259dde15230756d99f68a9ca824af11081ab965_large.jpg?1469554487",
319
+ "260x260": "https://profile-photos.hackerone-user-content.com/production/000/057/690/6d2da33805fef8b8ac4cf513e1562699e79365e0_xtralarge.jpg?1469554487"
320
+ }
321
+ }
322
+ }
323
+ }
324
+ }
325
+ },
326
+ {
327
+ "type": "activity-user-assigned-to-bug",
328
+ "id": "1434860",
329
+ "attributes": {
330
+ "message": "",
331
+ "created_at": "2017-01-21T17:15:34.351Z",
332
+ "updated_at": "2017-01-21T17:15:34.351Z",
333
+ "internal": true
334
+ },
335
+ "relationships": {
336
+ "actor": {
337
+ "data": {
338
+ "type": "user",
339
+ "id": "57690",
340
+ "attributes": {
341
+ "username": "ndm-github",
342
+ "name": "Neil Matatall",
343
+ "disabled": false,
344
+ "created_at": "2016-02-24T01:33:01.258Z",
345
+ "profile_picture": {
346
+ "62x62": "https://profile-photos.hackerone-user-content.com/production/000/057/690/1e0c9ef6fc8bcc17806ae82e6f73cdd4d0e74eb9_small.jpg?1469554487",
347
+ "82x82": "https://profile-photos.hackerone-user-content.com/production/000/057/690/f6a17c40a6c910ba801014d1498b55727ea858e3_medium.jpg?1469554487",
348
+ "110x110": "https://profile-photos.hackerone-user-content.com/production/000/057/690/2259dde15230756d99f68a9ca824af11081ab965_large.jpg?1469554487",
349
+ "260x260": "https://profile-photos.hackerone-user-content.com/production/000/057/690/6d2da33805fef8b8ac4cf513e1562699e79365e0_xtralarge.jpg?1469554487"
350
+ }
351
+ }
352
+ }
353
+ },
354
+ "assigned_user": {
355
+ "data": {
356
+ "id": "57690",
357
+ "type": "user",
358
+ "attributes": {
359
+ "username": "ndm-github",
360
+ "name": "Neil Matatall",
361
+ "disabled": false,
362
+ "created_at": "2016-02-24T01:33:01.258Z",
363
+ "profile_picture": {
364
+ "62x62": "https://profile-photos.hackerone-user-content.com/production/000/057/690/1e0c9ef6fc8bcc17806ae82e6f73cdd4d0e74eb9_small.jpg?1469554487",
365
+ "82x82": "https://profile-photos.hackerone-user-content.com/production/000/057/690/f6a17c40a6c910ba801014d1498b55727ea858e3_medium.jpg?1469554487",
366
+ "110x110": "https://profile-photos.hackerone-user-content.com/production/000/057/690/2259dde15230756d99f68a9ca824af11081ab965_large.jpg?1469554487",
367
+ "260x260": "https://profile-photos.hackerone-user-content.com/production/000/057/690/6d2da33805fef8b8ac4cf513e1562699e79365e0_xtralarge.jpg?1469554487"
368
+ }
369
+ }
370
+ }
371
+ }
372
+ }
373
+ },
374
+ {
375
+ "type": "activity-bug-triaged",
376
+ "id": "1434859",
377
+ "attributes": {
378
+ "message": "Thanks for the report. I''ve escalated this to the appropriate team for validation.",
379
+ "created_at": "2017-01-21T17:15:20.272Z",
380
+ "updated_at": "2017-01-21T17:15:20.272Z",
381
+ "internal": false
382
+ },
383
+ "relationships": {
384
+ "actor": {
385
+ "data": {
386
+ "type": "user",
387
+ "id": "57690",
388
+ "attributes": {
389
+ "username": "ndm-github",
390
+ "name": "Neil Matatall",
391
+ "disabled": false,
392
+ "created_at": "2016-02-24T01:33:01.258Z",
393
+ "profile_picture": {
394
+ "62x62": "https://profile-photos.hackerone-user-content.com/production/000/057/690/1e0c9ef6fc8bcc17806ae82e6f73cdd4d0e74eb9_small.jpg?1469554487",
395
+ "82x82": "https://profile-photos.hackerone-user-content.com/production/000/057/690/f6a17c40a6c910ba801014d1498b55727ea858e3_medium.jpg?1469554487",
396
+ "110x110": "https://profile-photos.hackerone-user-content.com/production/000/057/690/2259dde15230756d99f68a9ca824af11081ab965_large.jpg?1469554487",
397
+ "260x260": "https://profile-photos.hackerone-user-content.com/production/000/057/690/6d2da33805fef8b8ac4cf513e1562699e79365e0_xtralarge.jpg?1469554487"
398
+ }
399
+ }
400
+ }
401
+ }
402
+ }
403
+ },
404
+ {
405
+ "type": "activity-reference-id-added",
406
+ "id": "1434858",
407
+ "attributes": {
408
+ "message": "",
409
+ "created_at": "2017-01-21T17:15:20.240Z",
410
+ "updated_at": "2017-01-21T17:15:20.240Z",
411
+ "internal": true,
412
+ "reference": "67650",
413
+ "reference_url": "https://github.com/internal/repo/issues/67650"
414
+ },
415
+ "relationships": {
416
+ "actor": {
417
+ "data": {
418
+ "type": "user",
419
+ "id": "57690",
420
+ "attributes": {
421
+ "username": "ndm-github",
422
+ "name": "Neil Matatall",
423
+ "disabled": false,
424
+ "created_at": "2016-02-24T01:33:01.258Z",
425
+ "profile_picture": {
426
+ "62x62": "https://profile-photos.hackerone-user-content.com/production/000/057/690/1e0c9ef6fc8bcc17806ae82e6f73cdd4d0e74eb9_small.jpg?1469554487",
427
+ "82x82": "https://profile-photos.hackerone-user-content.com/production/000/057/690/f6a17c40a6c910ba801014d1498b55727ea858e3_medium.jpg?1469554487",
428
+ "110x110": "https://profile-photos.hackerone-user-content.com/production/000/057/690/2259dde15230756d99f68a9ca824af11081ab965_large.jpg?1469554487",
429
+ "260x260": "https://profile-photos.hackerone-user-content.com/production/000/057/690/6d2da33805fef8b8ac4cf513e1562699e79365e0_xtralarge.jpg?1469554487"
430
+ }
431
+ }
432
+ }
433
+ }
434
+ }
435
+ }
436
+ ]
437
+ },
438
+ "bounties": {
439
+ "data": [
440
+ {
441
+ "id": "41216",
442
+ "type": "bounty",
443
+ "attributes": {
444
+ "amount": "500.00",
445
+ "bonus_amount": "0.00",
446
+ "awarded_amount": "500.00",
447
+ "awarded_bonus_amount": "0.00",
448
+ "awarded_currency": "USD",
449
+ "created_at": "2017-02-02T06:27:53.511Z"
450
+ }
451
+ }
452
+ ]
453
+ },
454
+ "summaries": {
455
+ "data": [
456
+
457
+ ]
458
+ }
459
+ }
460
+ }
461
+ }'
462
+ http_version:
463
+ recorded_at: Wed, 15 Feb 2017 00:50:01 GMT
464
+ recorded_with: VCR 3.0.3