RubyGems - hackerone-client - Versions diffs - 0.1.1 → 0.2.0 - Mend

hackerone-client 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/fixtures/vcr_cassettes/add_report_reference.yml +78 -0
data/fixtures/vcr_cassettes/missing_report.yml +141 -2
data/fixtures/vcr_cassettes/stage_change.yml +79 -0
data/lib/hackerone/client.rb +95 -4
data/lib/hackerone/client/version.rb +1 -1
metadata +4 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5a8c5920dd2fbc7effbbeb896aef7fbb300c2652
-  data.tar.gz: 1527aeec85b20f74364d5616621c78d4f878cd86
+  metadata.gz: ebb425c241793e7a304c86e2432a9cd8c1fbfa4c
+  data.tar.gz: ef459ac5cab769b0ab7ee5ccc012f74c1492a37a
 SHA512:
-  metadata.gz: 386da678af280aab7fc4aff32a47a702f7339969b78fb3ba4d6bffd129eb3bbfb989e302f833fa32577de52bda46d20477f435292063b36a20864ccf5debd1ab
-  data.tar.gz: 0c0520cb9da4b1dc160de2d9df8b283ae6dd8d8b9d8c8dda2202e08dd0327c96164aa0a2eaed3d333bb543b4d57f8f5925bb8baff443d4f67ed812280287403b
+  metadata.gz: 7ae32de2ce5143b8b694a72434057e9d991422f0e374dda94c0f6a26f3b9ef8c8a12b14938bab7e2f5023c890b944dccc55bc6e73ea67bfc26cd01106e1bfe27
+  data.tar.gz: c179d3c6ac1e2ca293126ebcdf9d5a7d731e069f9b209edcc5fc93ac154cdb11763835abca01447de94cf694e8eb4bf741b24997e0772df8e587d367b1e9410c

data/fixtures/vcr_cassettes/add_report_reference.yml ADDED Viewed

@@ -0,0 +1,78 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.hackerone.com/v1/reports/132170/issue_tracker_reference_id
+    body:
+      encoding: UTF-8
+      string: '{"data":{"type":"issue-tracker-reference-id","attributes":{"reference":"fooooo"}}}'
+    headers:
+      Authorization:
+      - Basic nope
+      User-Agent:
+      - Faraday v0.11.0
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Date:
+      - Thu, 16 Mar 2017 20:21:44 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Set-Cookie:
+      - __cfduid=d4b57ca8890f7f0e1428003db73c2a8f41489695704; expires=Fri, 16-Mar-18
+        20:21:44 GMT; path=/; Domain=api.hackerone.com; HttpOnly
+      X-Request-Id:
+      - 2c20eb84-1d41-48c2-a64a-6fffd601dce9
+      Etag:
+      - W/"e6e4cf756fbd434e3375eec1c1256611"
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Strict-Transport-Security:
+      - max-age=31536000; includeSubDomains; preload
+      Content-Security-Policy:
+      - default-src 'none'; connect-src 'self' www.google-analytics.com errors.hackerone.net;
+        font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'
+        'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598
+      X-Content-Type-Options:
+      - nosniff
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - DENY
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Xss-Protection:
+      - 1; mode=block
+      Public-Key-Pins-Report-Only:
+      - pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
+        pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
+        pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
+        pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
+        report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
+      Server:
+      - cloudflare-nginx
+      Cf-Ray:
+      - 340a6ba9fa5653a8-LAX
+    body:
+      encoding: ASCII-8BIT
+      string: '{"relationships":{"report":{"data":{"id":"132170","type":"report","attributes":{"title":"ssss","state":"triaged","created_at":"2016-04-18T22:24:50.065Z","vulnerability_information":"sssss","triaged_at":"2017-03-16T19:53:49.939Z","closed_at":null,"last_reporter_activity_at":"2016-04-18T22:24:50.118Z","first_program_activity_at":"2017-03-16T18:36:40.650Z","last_program_activity_at":"2017-03-16T19:53:49.939Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"last_activity_at":"2017-03-16T19:53:49.939Z","issue_tracker_reference_id":"fooooo"},"relationships":{"reporter":{"data":{"id":"57690","type":"user","attributes":{"username":"ndm-github","name":"Neil
+        Matatall","disabled":false,"created_at":"2016-02-24T01:33:01.258Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/production/000/057/690/1e0c9ef6fc8bcc17806ae82e6f73cdd4d0e74eb9_small.jpg?1469554487","82x82":"https://profile-photos.hackerone-user-content.com/production/000/057/690/f6a17c40a6c910ba801014d1498b55727ea858e3_medium.jpg?1469554487","110x110":"https://profile-photos.hackerone-user-content.com/production/000/057/690/2259dde15230756d99f68a9ca824af11081ab965_large.jpg?1469554487","260x260":"https://profile-photos.hackerone-user-content.com/production/000/057/690/6d2da33805fef8b8ac4cf513e1562699e79365e0_xtralarge.jpg?1469554487"}}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github-test","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2016-09-20T14:54:15.448Z"}}},"swag":{"data":[]},"attachments":{"data":[]},"vulnerability_types":{"data":[{"id":"107921","type":"vulnerability-type","attributes":{"name":"Cross-Site
+        Scripting (XSS)","description":"Failure of a site to validate, filter, or
+        encode user input before returning it to another user''s web client.\n","created_at":"2016-04-15T17:10:39.169Z"}}]},"activities":{"data":[{"type":"activity-reference-id-added","id":"1546419","attributes":{"message":"","created_at":"2017-03-16T20:21:44.883Z","updated_at":"2017-03-16T20:21:44.883Z","internal":true,"reference":"fooooo","reference_url":null},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}},{"type":"activity-bug-triaged","id":"1546376","attributes":{"message":"This
+        is has been triaged internally.","created_at":"2017-03-16T19:53:49.939Z","updated_at":"2017-03-16T19:53:49.939Z","internal":false},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}},{"type":"activity-reference-id-added","id":"1546123","attributes":{"message":"","created_at":"2017-03-16T18:36:49.045Z","updated_at":"2017-03-16T18:36:49.045Z","internal":true,"reference":"3476","reference_url":null},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}},{"type":"activity-bug-needs-more-info","id":"1546120","attributes":{"message":"This
+        is has been triaged internally.","created_at":"2017-03-16T18:36:40.650Z","updated_at":"2017-03-16T18:36:40.650Z","internal":false},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}}]},"bounties":{"data":[]},"summaries":{"data":[]}}}}}}'
+    http_version:
+  recorded_at: Thu, 16 Mar 2017 20:21:45 GMT
+recorded_with: VCR 3.0.3

data/fixtures/vcr_cassettes/missing_report.yml CHANGED Viewed

@@ -29,8 +29,8 @@ http_interactions:
       Connection:
       - keep-alive
       Set-Cookie:
-      - __cfduid=123; expires=Thu, 15-Feb-18
-        01:01:17 GMT; path=/; Domain=api.hackerone.com; HttpOnly
+      - __cfduid=123; expires=Thu, 15-Feb-18 01:01:17 GMT; path=/; Domain=api.hackerone.com;
+        HttpOnly
       X-Request-Id:
       - 21757437-7a32-4560-af4a-885b09f20381
       Cache-Control:
@@ -66,4 +66,143 @@ http_interactions:
       string: '{"errors":[{"status":403}]}'
     http_version:
   recorded_at: Wed, 15 Feb 2017 01:01:18 GMT
+- request:
+    method: post
+    uri: https://api.hackerone.com/v1/reports/4040000000000000/state_changes
+    body:
+      encoding: UTF-8
+      string: '{"data":{"type":"state-change","attributes":{"message":"This is has
+        been triaged internally.","state":"triaged"}}}'
+    headers:
+      Authorization:
+      - Basic nope
+      User-Agent:
+      - Faraday v0.11.0
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 400
+      message: Bad Request
+    headers:
+      Date:
+      - Thu, 16 Mar 2017 20:06:07 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Set-Cookie:
+      - __cfduid=d5e022e1aea468d8848bf0720edab1cae1489694766; expires=Fri, 16-Mar-18
+        20:06:06 GMT; path=/; Domain=api.hackerone.com; HttpOnly
+      X-Request-Id:
+      - 73b52183-e64f-45db-bcc4-11d46a021364
+      Cache-Control:
+      - no-cache
+      Strict-Transport-Security:
+      - max-age=31536000; includeSubDomains; preload
+      Content-Security-Policy:
+      - default-src 'none'; connect-src 'self' www.google-analytics.com errors.hackerone.net;
+        font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'
+        'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598
+      X-Content-Type-Options:
+      - nosniff
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - DENY
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Xss-Protection:
+      - 1; mode=block
+      Public-Key-Pins-Report-Only:
+      - pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
+        pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
+        pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
+        pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
+        report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
+      Server:
+      - cloudflare-nginx
+      Cf-Ray:
+      - 340a54c4fbc92240-LAX
+    body:
+      encoding: UTF-8
+      string: '{"errors":[{"status":400,"title":"Invalid Parameter","detail":"The
+        parameter ''report_id'' is invalid.","source":{"parameter":"report_id"}}]}'
+    http_version:
+  recorded_at: Thu, 16 Mar 2017 20:06:07 GMT
+- request:
+    method: post
+    uri: https://api.hackerone.com/v1/reports/4040000000000000/issue_tracker_reference_id
+    body:
+      encoding: UTF-8
+      string: '{"data":{"type":"issue-tracker-reference-id","attributes":{"reference":"fooooo"}}}'
+    headers:
+      Authorization:
+      - Basic nope
+      User-Agent:
+      - Faraday v0.11.0
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 400
+      message: Bad Request
+    headers:
+      Date:
+      - Thu, 16 Mar 2017 20:23:27 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Set-Cookie:
+      - __cfduid=d937ff918b1e20c9491cb8b44ba307c1d1489695807; expires=Fri, 16-Mar-18
+        20:23:27 GMT; path=/; Domain=api.hackerone.com; HttpOnly
+      X-Request-Id:
+      - 80d19f89-5fc0-412a-b30a-6caaad350d0c
+      Cache-Control:
+      - no-cache
+      Strict-Transport-Security:
+      - max-age=31536000; includeSubDomains; preload
+      Content-Security-Policy:
+      - default-src 'none'; connect-src 'self' www.google-analytics.com errors.hackerone.net;
+        font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'
+        'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598
+      X-Content-Type-Options:
+      - nosniff
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - DENY
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Xss-Protection:
+      - 1; mode=block
+      Public-Key-Pins-Report-Only:
+      - pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
+        pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
+        pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
+        pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
+        report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
+      Server:
+      - cloudflare-nginx
+      Cf-Ray:
+      - 340a6e2b3a0522c4-LAX
+    body:
+      encoding: UTF-8
+      string: '{"errors":[{"status":400,"title":"Invalid Parameter","detail":"The
+        parameter ''report_id'' is invalid.","source":{"parameter":"report_id"}}]}'
+    http_version:
+  recorded_at: Thu, 16 Mar 2017 20:23:27 GMT
 recorded_with: VCR 3.0.3

data/fixtures/vcr_cassettes/stage_change.yml ADDED Viewed

@@ -0,0 +1,79 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.hackerone.com/v1/reports/132170/state_changes
+    body:
+      encoding: UTF-8
+      string: '{"data":{"type":"state-change","attributes":{"message":"This is has
+        been triaged internally.","state":"triaged"}}}'
+    headers:
+      Authorization:
+      - Basic nope
+      User-Agent:
+      - Faraday v0.11.0
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 201
+      message: Created
+    headers:
+      Date:
+      - Thu, 16 Mar 2017 19:53:50 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Set-Cookie:
+      - __cfduid=d6abf05e4448cfd8e6f406e1fb105f1911489694029; expires=Fri, 16-Mar-18
+        19:53:49 GMT; path=/; Domain=api.hackerone.com; HttpOnly
+      X-Request-Id:
+      - cd191af9-7666-4ed1-8a52-8a1305e29f5e
+      Etag:
+      - W/"ec64e6720b3ad3ce4838299e5a951f99"
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Strict-Transport-Security:
+      - max-age=31536000; includeSubDomains; preload
+      Content-Security-Policy:
+      - default-src 'none'; connect-src 'self' www.google-analytics.com errors.hackerone.net;
+        font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'
+        'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598
+      X-Content-Type-Options:
+      - nosniff
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - DENY
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Xss-Protection:
+      - 1; mode=block
+      Public-Key-Pins-Report-Only:
+      - pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
+        pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
+        pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
+        pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
+        report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
+      Server:
+      - cloudflare-nginx
+      Cf-Ray:
+      - 340a42c58e9553de-LAX
+    body:
+      encoding: UTF-8
+      string: '{"data":{"id":"132170","type":"report","attributes":{"title":"ssss","state":"triaged","created_at":"2016-04-18T22:24:50.065Z","vulnerability_information":"sssss","triaged_at":"2017-03-16T19:53:49.939Z","closed_at":null,"last_reporter_activity_at":"2016-04-18T22:24:50.118Z","first_program_activity_at":"2017-03-16T18:36:40.650Z","last_program_activity_at":"2017-03-16T19:53:49.939Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"last_activity_at":"2017-03-16T19:53:49.939Z","issue_tracker_reference_id":"3476"},"relationships":{"reporter":{"data":{"id":"57690","type":"user","attributes":{"username":"ndm-github","name":"Neil
+        Matatall","disabled":false,"created_at":"2016-02-24T01:33:01.258Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/production/000/057/690/1e0c9ef6fc8bcc17806ae82e6f73cdd4d0e74eb9_small.jpg?1469554487","82x82":"https://profile-photos.hackerone-user-content.com/production/000/057/690/f6a17c40a6c910ba801014d1498b55727ea858e3_medium.jpg?1469554487","110x110":"https://profile-photos.hackerone-user-content.com/production/000/057/690/2259dde15230756d99f68a9ca824af11081ab965_large.jpg?1469554487","260x260":"https://profile-photos.hackerone-user-content.com/production/000/057/690/6d2da33805fef8b8ac4cf513e1562699e79365e0_xtralarge.jpg?1469554487"}}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github-test","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2016-09-20T14:54:15.448Z"}}},"swag":{"data":[]},"attachments":{"data":[]},"vulnerability_types":{"data":[{"id":"107921","type":"vulnerability-type","attributes":{"name":"Cross-Site
+        Scripting (XSS)","description":"Failure of a site to validate, filter, or
+        encode user input before returning it to another user''s web client.\n","created_at":"2016-04-15T17:10:39.169Z"}}]},"activities":{"data":[{"type":"activity-bug-triaged","id":"1546376","attributes":{"message":"This
+        is has been triaged internally.","created_at":"2017-03-16T19:53:49.939Z","updated_at":"2017-03-16T19:53:49.939Z","internal":false},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}},{"type":"activity-reference-id-added","id":"1546123","attributes":{"message":"","created_at":"2017-03-16T18:36:49.045Z","updated_at":"2017-03-16T18:36:49.045Z","internal":true,"reference":"3476","reference_url":null},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}},{"type":"activity-bug-needs-more-info","id":"1546120","attributes":{"message":"This
+        is has been triaged internally.","created_at":"2017-03-16T18:36:40.650Z","updated_at":"2017-03-16T18:36:40.650Z","internal":false},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}}]},"bounties":{"data":[]},"summaries":{"data":[]}}}}'
+    http_version:
+  recorded_at: Thu, 16 Mar 2017 19:53:50 GMT
+recorded_with: VCR 3.0.3

data/lib/hackerone/client.rb CHANGED Viewed

@@ -12,6 +12,17 @@ module HackerOne
     DEFAULT_HIGH_RANGE = 2500...4999
     DEFAULT_CRITICAL_RANGE = 5000...100_000_000
+    STATES = %w(
+      new
+      triaged
+      needs-more-info
+      resolved
+      not-applicable
+      informative
+      duplicate
+      spam
+    ).map(&:to_sym)
     class << self
       ATTRS = [:low_range, :medium_range, :high_range, :critical_range].freeze
       attr_accessor :program
@@ -61,6 +72,60 @@ module HackerOne
         end
       end
+      ## Idempotent: add the issue reference and put the report into the "triage" state.
+      #
+      # id: the ID of the report
+      # state: value for the reference (e.g. issue number or relative path to cross-repo issue)
+      #
+      # returns an HackerOne::Client::Report object or raises an error if
+      # no report is found.
+      def triage(id, reference)
+        add_report_reference(id, reference)
+        state_change(id, :triaged)
+      end
+      ## Idempotent: Add a report reference to a project
+      #
+      # id: the ID of the report
+      # state: value for the reference (e.g. issue number or relative path to cross-repo issue)
+      #
+      # returns an HackerOne::Client::Report object or raises an error if
+      # no report is found.
+      def add_report_reference(id, reference)
+        body = {
+          data: {
+            type: "issue-tracker-reference-id",
+            attributes: {
+              reference: reference
+            }
+          }
+        }
+        post("reports/#{id}/issue_tracker_reference_id", body)
+      end
+      ## Idempotent: change the state of a report. See STATES for valid values.
+      #
+      # id: the ID of the report
+      # state: the state in which the report is to be put in
+      #
+      # returns an HackerOne::Client::Report object or raises an error if
+      # no report is found.
+      def state_change(id, state)
+        raise ArgumentError, "state (#{state}) must be one of #{STATES}" unless STATES.include?(state)
+        body = {
+          data: {
+            type: "state-change",
+            attributes: {
+              message: "This is has been triaged internally.",
+              state: state
+            }
+          }
+        }
+        post("reports/#{id}/state_changes", body)
+      end
       ## Public: retrieve a report
       #
       # id: the ID of a specific report
@@ -68,20 +133,46 @@ module HackerOne
       # returns an HackerOne::Client::Report object or raises an error if
       # no report is found.
       def report(id)
+        get("reports/#{id}")
+      end
+      private
+      def post(endpoint, body)
+        response = with_retry do
+          self.class.hackerone_api_connection.post do |req|
+            req.headers['Content-Type'] = 'application/json'
+            req.body = body.to_json
+            req.url endpoint
+          end
+        end
+        parse_response(response)
+      end
+      def get(endpoint, params = nil)
         response = with_retry do
           self.class.hackerone_api_connection.get do |req|
-            req.url "reports/#{id}"
+            req.headers['Content-Type'] = 'application/json'
+            req.params = params || {}
+            req.url endpoint
           end
         end
-        if response.success?
+        parse_response(response)
+      end
+      def parse_response(response)
+        if response.status.to_s.start_with?("4")
+          raise ArgumentError, "API called failed, probably your fault: #{response.body}"
+        elsif response.status.to_s.start_with?("5")
+          raise Runtime, "API called failed, probobly their fault: #{response.body}"
+        elsif response.success?
           Report.new(JSON.parse(response.body, :symbolize_names => true)[:data])
         else
-          raise ArgumentError, "Could not retrieve HackerOne report ##{id}: #{response.body}"
+          raise RuntimeError, "Not sure what to do here: #{response.body}"
         end
       end
-      private
       def self.hackerone_api_connection
         unless ENV["HACKERONE_TOKEN_NAME"] && ENV["HACKERONE_TOKEN"]
           raise NotConfiguredError, "HACKERONE_TOKEN_NAME HACKERONE_TOKEN environment variables must be set"

data/lib/hackerone/client/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Hackerone
   module Client
-    VERSION = "0.1.1"
+    VERSION = "0.2.0"
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hackerone-client
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Neil Matatall
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-03-15 00:00:00.000000000 Z
+date: 2017-03-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -132,10 +132,12 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
+- fixtures/vcr_cassettes/add_report_reference.yml
 - fixtures/vcr_cassettes/empty_report_list.yml
 - fixtures/vcr_cassettes/missing_report.yml
 - fixtures/vcr_cassettes/report.yml
 - fixtures/vcr_cassettes/report_list.yml
+- fixtures/vcr_cassettes/stage_change.yml
 - hackerone-client.gemspec
 - lib/hackerone/client.rb
 - lib/hackerone/client/report.rb