hackerone-client 0.15.0 → 0.16.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/build.yml +28 -12
- data/.rubocop.yml +4 -0
- data/CHANGELOG.md +4 -0
- data/Gemfile +11 -3
- data/Guardfile +2 -0
- data/Rakefile +10 -1
- data/bin/console +1 -0
- data/hackerone-client.gemspec +4 -2
- data/lib/hackerone/client.rb +8 -6
- data/lib/hackerone/client/activity.rb +10 -8
- data/lib/hackerone/client/address.rb +2 -0
- data/lib/hackerone/client/bounty.rb +2 -0
- data/lib/hackerone/client/group.rb +2 -0
- data/lib/hackerone/client/incremental/activities.rb +3 -1
- data/lib/hackerone/client/member.rb +2 -0
- data/lib/hackerone/client/program.rb +4 -2
- data/lib/hackerone/client/report.rb +7 -5
- data/lib/hackerone/client/reporter.rb +2 -0
- data/lib/hackerone/client/resource_helper.rb +5 -3
- data/lib/hackerone/client/structured_scope.rb +2 -0
- data/lib/hackerone/client/swag.rb +2 -0
- data/lib/hackerone/client/user.rb +2 -0
- data/lib/hackerone/client/version.rb +3 -1
- data/lib/hackerone/client/weakness.rb +16 -14
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 99cdf21603a490301a3901f5f62430f10fc7a8425ee7ffe08944ac046d85c2d8
|
|
4
|
+
data.tar.gz: d390b20bc3611d74ab4d94a3fc22292f4c419ec7be9a6a0fc151b518fc713fa0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 500e402f964f2e5bf53ec230e598ec9418846f4abcc45683e2e2e0b7dec220c05b406213b4a934f82a59ac6a2425d6fe35021c1aa8a0b8963a8a8cfd0d2d888e
|
|
7
|
+
data.tar.gz: 3d1fe92e5a018419a6d4c04b0651ffe0453c6d9f3194a26e8f4cf446ab20d029e6dda18e375bf5ebfd72373818f94a3f65f733db204a2341db118c1276db7a62
|
data/.github/workflows/build.yml
CHANGED
|
@@ -1,19 +1,35 @@
|
|
|
1
1
|
name: Build + Test
|
|
2
|
-
on: [
|
|
2
|
+
on: [pull_request]
|
|
3
3
|
|
|
4
4
|
jobs:
|
|
5
5
|
build:
|
|
6
6
|
name: Build + Test
|
|
7
7
|
runs-on: ubuntu-latest
|
|
8
|
-
|
|
8
|
+
strategy:
|
|
9
|
+
matrix:
|
|
10
|
+
ruby: [ '2.4', '2.5', '2.6', '2.7']
|
|
11
|
+
steps:
|
|
12
|
+
- uses: actions/checkout@master
|
|
13
|
+
- name: Set up Ruby ${{ matrix.ruby }}
|
|
14
|
+
uses: actions/setup-ruby@v1
|
|
15
|
+
with:
|
|
16
|
+
ruby-version: ${{ matrix.ruby }}
|
|
17
|
+
- name: Build and test with Rake with Ruby ${{ matrix.ruby }}
|
|
18
|
+
run: |
|
|
19
|
+
gem install bundler
|
|
20
|
+
bundle install --jobs 4 --retry 3
|
|
21
|
+
bundle exec rake spec
|
|
22
|
+
lint:
|
|
23
|
+
name: Rubocop
|
|
24
|
+
runs-on: ubuntu-latest
|
|
9
25
|
steps:
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
26
|
+
- uses: actions/checkout@master
|
|
27
|
+
- name: Set up Ruby 2.6
|
|
28
|
+
uses: actions/setup-ruby@v1
|
|
29
|
+
with:
|
|
30
|
+
ruby-version: 2.6
|
|
31
|
+
- name: Run linters
|
|
32
|
+
run: |
|
|
33
|
+
gem install bundler
|
|
34
|
+
bundle install --jobs 4 --retry 3
|
|
35
|
+
bundle exec rake rubocop
|
data/.rubocop.yml
ADDED
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
## [0.16.0] - 2020-03-23
|
|
2
|
+
|
|
3
|
+
- [Add support for updating the severity of an issue](https://github.com/oreoshake/hackerone-client/pull/50) (@rzhade3)
|
|
4
|
+
|
|
1
5
|
## [0.15.0] - 2020-03-09
|
|
2
6
|
|
|
3
7
|
- [Add 'update program policy' API support](https://github.com/oreoshake/hackerone-client/pull/47) (@rzhade3)
|
data/Gemfile
CHANGED
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
source "https://rubygems.org"
|
|
2
4
|
|
|
3
5
|
# Specify your gem's dependencies in hackerone-client.gemspec
|
|
4
6
|
gemspec
|
|
@@ -7,8 +9,14 @@ group :developement do
|
|
|
7
9
|
gem "pry"
|
|
8
10
|
end
|
|
9
11
|
|
|
12
|
+
group :test do
|
|
13
|
+
gem "rubocop", "< 0.68"
|
|
14
|
+
gem "rubocop-github"
|
|
15
|
+
gem "rubocop-performance"
|
|
16
|
+
end
|
|
17
|
+
|
|
10
18
|
group :guard do
|
|
11
|
-
gem "growl", :
|
|
12
|
-
gem "rb-fsevent", :require => RUBY_PLATFORM.include?('darwin') && 'rb-fsevent'
|
|
19
|
+
gem "growl", require: RUBY_PLATFORM.include?("darwin") && "growl"
|
|
13
20
|
gem "guard-rspec"
|
|
21
|
+
gem "rb-fsevent", require: RUBY_PLATFORM.include?("darwin") && "rb-fsevent"
|
|
14
22
|
end
|
data/Guardfile
CHANGED
data/Rakefile
CHANGED
|
@@ -1,6 +1,15 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require "bundler/gem_tasks"
|
|
2
4
|
require "rspec/core/rake_task"
|
|
3
5
|
|
|
4
6
|
RSpec::Core::RakeTask.new(:spec)
|
|
5
7
|
|
|
6
|
-
task :
|
|
8
|
+
task default: :spec
|
|
9
|
+
|
|
10
|
+
begin
|
|
11
|
+
require "rubocop/rake_task"
|
|
12
|
+
RuboCop::RakeTask.new
|
|
13
|
+
rescue LoadError
|
|
14
|
+
task(:rubocop) { $stderr.puts "RuboCop is disabled" }
|
|
15
|
+
end
|
data/bin/console
CHANGED
data/hackerone-client.gemspec
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
# coding: utf-8
|
|
2
|
-
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
lib = File.expand_path("../lib", __FILE__)
|
|
3
5
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
|
-
require
|
|
6
|
+
require "hackerone/client/version"
|
|
5
7
|
|
|
6
8
|
Gem::Specification.new do |spec|
|
|
7
9
|
spec.name = "hackerone-client"
|
data/lib/hackerone/client.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require "faraday"
|
|
2
4
|
require "json"
|
|
3
5
|
require "active_support/time"
|
|
@@ -24,7 +26,7 @@ module HackerOne
|
|
|
24
26
|
DEFAULT_HIGH_RANGE = 2500...4999
|
|
25
27
|
DEFAULT_CRITICAL_RANGE = 5000...100_000_000
|
|
26
28
|
|
|
27
|
-
LENIENT_MODE_ENV_VARIABLE =
|
|
29
|
+
LENIENT_MODE_ENV_VARIABLE = "HACKERONE_CLIENT_LENIENT_MODE"
|
|
28
30
|
|
|
29
31
|
class << self
|
|
30
32
|
ATTRS = [:low_range, :medium_range, :high_range, :critical_range].freeze
|
|
@@ -102,7 +104,7 @@ module HackerOne
|
|
|
102
104
|
def post(endpoint, body)
|
|
103
105
|
response = with_retry do
|
|
104
106
|
self.class.hackerone_api_connection.post do |req|
|
|
105
|
-
req.headers[
|
|
107
|
+
req.headers["Content-Type"] = "application/json"
|
|
106
108
|
req.body = body.to_json
|
|
107
109
|
req.url endpoint
|
|
108
110
|
end
|
|
@@ -114,7 +116,7 @@ module HackerOne
|
|
|
114
116
|
def get(endpoint, params = nil)
|
|
115
117
|
response = with_retry do
|
|
116
118
|
self.class.hackerone_api_connection.get do |req|
|
|
117
|
-
req.headers[
|
|
119
|
+
req.headers["Content-Type"] = "application/json"
|
|
118
120
|
req.params = params || {}
|
|
119
121
|
req.url endpoint
|
|
120
122
|
end
|
|
@@ -129,7 +131,7 @@ module HackerOne
|
|
|
129
131
|
elsif response.status.to_s.start_with?("5")
|
|
130
132
|
raise RuntimeError, "API called failed, probably their fault: #{response.body}"
|
|
131
133
|
elsif response.success?
|
|
132
|
-
response_body_json = JSON.parse(response.body, :
|
|
134
|
+
response_body_json = JSON.parse(response.body, symbolize_names: true)
|
|
133
135
|
if extract_data && response_body_json.key?(:data)
|
|
134
136
|
response_body_json[:data]
|
|
135
137
|
else
|
|
@@ -145,13 +147,13 @@ module HackerOne
|
|
|
145
147
|
raise NotConfiguredError, "HACKERONE_TOKEN_NAME HACKERONE_TOKEN environment variables must be set"
|
|
146
148
|
end
|
|
147
149
|
|
|
148
|
-
@connection ||= Faraday.new(:
|
|
150
|
+
@connection ||= Faraday.new(url: "https://api.hackerone.com/v1") do |faraday|
|
|
149
151
|
faraday.basic_auth(ENV["HACKERONE_TOKEN_NAME"], ENV["HACKERONE_TOKEN"])
|
|
150
152
|
faraday.adapter Faraday.default_adapter
|
|
151
153
|
end
|
|
152
154
|
end
|
|
153
155
|
|
|
154
|
-
def with_retry(attempts=3, &block)
|
|
156
|
+
def with_retry(attempts = 3, &block)
|
|
155
157
|
attempts_remaining = attempts
|
|
156
158
|
|
|
157
159
|
begin
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module HackerOne
|
|
2
4
|
module Client
|
|
3
5
|
module Activities
|
|
@@ -84,14 +86,14 @@ module HackerOne
|
|
|
84
86
|
end
|
|
85
87
|
|
|
86
88
|
ACTIVITY_TYPE_CLASS_MAPPING = {
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
89
|
+
"activity-bounty-awarded" => BountyAwarded,
|
|
90
|
+
"activity-swag-awarded" => SwagAwarded,
|
|
91
|
+
"activity-user-assigned-to-bug" => UserAssignedToBug,
|
|
92
|
+
"activity-group-assigned-to-bug" => GroupAssignedToBug,
|
|
93
|
+
"activity-bug-triaged" => BugTriaged,
|
|
94
|
+
"activity-reference-id-added" => ReferenceIdAdded,
|
|
95
|
+
"activity-comment" => CommentAdded,
|
|
96
|
+
"activity-bounty-suggested" => BountySuggested
|
|
95
97
|
}.freeze
|
|
96
98
|
|
|
97
99
|
def self.build(activity_data)
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module HackerOne
|
|
2
4
|
module Client
|
|
3
5
|
module Incremental
|
|
@@ -48,7 +50,7 @@ module HackerOne
|
|
|
48
50
|
|
|
49
51
|
def current_page
|
|
50
52
|
@current_page ||= make_get_request(
|
|
51
|
-
|
|
53
|
+
"incremental/activities",
|
|
52
54
|
extract_data: false,
|
|
53
55
|
params: {
|
|
54
56
|
handle: program.handle,
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative "./resource_helper"
|
|
2
4
|
|
|
3
5
|
module HackerOne
|
|
4
6
|
module Client
|
|
@@ -71,7 +73,7 @@ module HackerOne
|
|
|
71
73
|
"programs/#{id}/swag",
|
|
72
74
|
params: { page: { number: page_number, size: page_size } }
|
|
73
75
|
)
|
|
74
|
-
response_body.map{|r| Swag.new(r, self) }
|
|
76
|
+
response_body.map { |r| Swag.new(r, self) }
|
|
75
77
|
end
|
|
76
78
|
|
|
77
79
|
private
|
|
@@ -1,6 +1,8 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
require_relative
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative "./resource_helper"
|
|
4
|
+
require_relative "./weakness"
|
|
5
|
+
require_relative "./activity"
|
|
4
6
|
|
|
5
7
|
module HackerOne
|
|
6
8
|
module Client
|
|
@@ -118,7 +120,7 @@ module HackerOne
|
|
|
118
120
|
|
|
119
121
|
# Bounty writeups just use the key, and not the label value.
|
|
120
122
|
def writeup_classification
|
|
121
|
-
classification_label
|
|
123
|
+
classification_label.split("-").first
|
|
122
124
|
end
|
|
123
125
|
|
|
124
126
|
def activities
|
|
@@ -304,7 +306,7 @@ module HackerOne
|
|
|
304
306
|
request_body[:id] = assignee_id if assignee_id
|
|
305
307
|
|
|
306
308
|
response = HackerOne::Client::Api.hackerone_api_connection.put do |req|
|
|
307
|
-
req.headers[
|
|
309
|
+
req.headers["Content-Type"] = "application/json"
|
|
308
310
|
req.url "reports/#{id}/assignee"
|
|
309
311
|
req.body = { data: request_body }.to_json
|
|
310
312
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module HackerOne
|
|
2
4
|
module Client
|
|
3
5
|
module ResourceHelper
|
|
@@ -14,7 +16,7 @@ module HackerOne
|
|
|
14
16
|
|
|
15
17
|
def make_put_request(url, request_body:, extract_data: true)
|
|
16
18
|
response = HackerOne::Client::Api.hackerone_api_connection.put do |req|
|
|
17
|
-
req.headers[
|
|
19
|
+
req.headers["Content-Type"] = "application/json"
|
|
18
20
|
req.url url
|
|
19
21
|
req.body = { data: request_body }.to_json
|
|
20
22
|
end
|
|
@@ -24,7 +26,7 @@ module HackerOne
|
|
|
24
26
|
|
|
25
27
|
def make_post_request(url, request_body:, extract_data: true)
|
|
26
28
|
response = HackerOne::Client::Api.hackerone_api_connection.post do |req|
|
|
27
|
-
req.headers[
|
|
29
|
+
req.headers["Content-Type"] = "application/json"
|
|
28
30
|
req.url url
|
|
29
31
|
req.body = { data: request_body }.to_json
|
|
30
32
|
end
|
|
@@ -34,7 +36,7 @@ module HackerOne
|
|
|
34
36
|
|
|
35
37
|
def make_get_request(url, params: {}, extract_data: true)
|
|
36
38
|
response = HackerOne::Client::Api.hackerone_api_connection.get do |req|
|
|
37
|
-
req.headers[
|
|
39
|
+
req.headers["Content-Type"] = "application/json"
|
|
38
40
|
req.url url
|
|
39
41
|
req.params = params
|
|
40
42
|
end
|
|
@@ -1,17 +1,19 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module HackerOne
|
|
2
4
|
module Client
|
|
3
5
|
class Weakness
|
|
4
6
|
class << self
|
|
5
7
|
def validate_cwe!(cwe)
|
|
6
|
-
fail NotAnOwaspWeaknessError if cwe.upcase.start_with?(
|
|
7
|
-
fail StandardError::ArgumentError unless cwe.upcase.start_with?(
|
|
8
|
+
fail NotAnOwaspWeaknessError if cwe.upcase.start_with?("CAPEC-")
|
|
9
|
+
fail StandardError::ArgumentError unless cwe.upcase.start_with?("CWE-")
|
|
8
10
|
end
|
|
9
11
|
|
|
10
12
|
def extract_cwe_number(cwe)
|
|
11
13
|
return if cwe.nil?
|
|
12
14
|
validate_cwe!(cwe)
|
|
13
15
|
|
|
14
|
-
cwe.split(
|
|
16
|
+
cwe.split("CWE-").last.to_i
|
|
15
17
|
end
|
|
16
18
|
end
|
|
17
19
|
|
|
@@ -39,20 +41,20 @@ module HackerOne
|
|
|
39
41
|
}
|
|
40
42
|
|
|
41
43
|
OWASP_TOP_10_2013_TO_CWE = {
|
|
42
|
-
|
|
43
|
-
|
|
44
|
+
"A1-Injection" => [77, 78, 88, 89, 90, 91, 564],
|
|
45
|
+
"A2-AuthSession" =>
|
|
44
46
|
[287, 613, 522, 256, 384, 472, 346, 441, 523, 620, 640, 319, 311],
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
47
|
+
"A3-XSS" => [79],
|
|
48
|
+
"A4-DirectObjRef" => [639, 99, 22],
|
|
49
|
+
"A5-Misconfig" => [16, 2, 215, 548, 209],
|
|
50
|
+
"A6-DataExposure" => [312, 319, 310, 326, 320, 311, 325, 328, 327],
|
|
51
|
+
"A7-MissingACL" => [285, 287],
|
|
52
|
+
"A8-CSRF" => [352, 642, 613, 346, 441],
|
|
53
|
+
"A9-KnownVuln" => [],
|
|
54
|
+
"A10-Redirects" => [601],
|
|
53
55
|
}.freeze
|
|
54
56
|
|
|
55
|
-
OWASP_DEFAULT =
|
|
57
|
+
OWASP_DEFAULT = "A0-Other".freeze
|
|
56
58
|
|
|
57
59
|
def initialize(weakness)
|
|
58
60
|
@attributes = weakness
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hackerone-client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.16.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Neil Matatall
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-03-
|
|
11
|
+
date: 2020-03-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -118,6 +118,7 @@ files:
|
|
|
118
118
|
- ".github/workflows/build.yml"
|
|
119
119
|
- ".gitignore"
|
|
120
120
|
- ".rspec"
|
|
121
|
+
- ".rubocop.yml"
|
|
121
122
|
- ".travis.yml"
|
|
122
123
|
- CHANGELOG.md
|
|
123
124
|
- CODE_OF_CONDUCT.md
|