hackerone-client 0.7.0 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 19b5c8045568698cffb058a287be354b48252d72
-  data.tar.gz: 1a839adb7d84c5c61ac7f019f31a752425c9c3fc
+  metadata.gz: 794e38d3185f76e57cc54c068d18aa55c47f1603
+  data.tar.gz: b27ec2e1e57def5a56f4c6ea05f64c434ba361b5
 SHA512:
-  metadata.gz: eddbaa770af39b40503c29ced0b963b40c673fff48312114f806c040d13fddfd6f24d1cfac1c06f74c6b45ddf3561c9d1228e087ec41d0b2a4144821b0d83350
-  data.tar.gz: 0ddc584b516d072e2c8e32f216be16d4e16dc38d39ee99b0e52bf89737a79ec948ccd044c8ef4bf5b1a919c35ffda3a795695955ef46151279af744d88c5b4a0
+  metadata.gz: 2a6a4da87504cf4768308a779e4d620464b3eaba5c7e22ae623bcb44f96c4bceb66fe9a30f2515d019a28a0a73598612de5ab740752c60f3172fa5b1084b9a49
+  data.tar.gz: 961ffd6216a04ee835e37818a362c9b2472e9affd6f830cfd603fc0a0a5f1f0fbbaa9def0f024d1b009f15bf7268af54feff348976dacb006737d27394374908

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## [0.8.0] - 2017-09-05
+
+- Feature: add ability to suggest and award swag, cash, and bonuses (@esjee)
+
 ## [0.7.0] - 2017-08-28
 
 - Feature: retrieve common responses (@esjee)

data/README.md

@@ -15,6 +15,15 @@ report = client.report(id)
 report.assign_to_user("username")
 report.assign_to_group("groupname")
 
+# POST /reports/{id}/bounty_suggestions
+report.suggest_bounty(message: "I suggest $500 with a small bonus. Report is well-written.", amount: 500, bonus_amount: 50)
+
+# POST /reports/{id}/bounties
+report.award_bounty(message: "Here's your bounty!", amount: 500, bonus_amount: 50)
+
+# POST /reports/{id}/swags
+report.award_swag(message: "Here's your T-Shirt")
+
 # POST '/reports/#{id}/activities'
 
 client.add_comment(id, message, internal: false) # internal is true by default

data/fixtures/vcr_cassettes/award_a_bounty.yml

@@ -0,0 +1,78 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.hackerone.com/v1/reports/200/bounties
+    body:
+      encoding: UTF-8
+      string: '{"data":{"message":"Thanks for the great report!","amount":1330,"bonus_amount":7}}'
+    headers:
+      Authorization:
+      - Basic NOPE
+      User-Agent:
+      - Faraday v0.13.0
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 201
+      message: Created
+    headers:
+      Date:
+      - Tue, 22 Aug 2017 15:03:46 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Set-Cookie:
+      - __cfduid=d068dbf4c0fe50bf2d44f3cb68388bbd11503414225; expires=Wed, 22-Aug-18
+        15:03:45 GMT; path=/; Domain=api.hackerone.com; HttpOnly
+      X-Request-Id:
+      - 723974f5-3988-4f59-ae9e-70198ab702d9
+      Etag:
+      - W/"f8d7a0dd4f35f9a89533b12bc651ccca"
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Strict-Transport-Security:
+      - max-age=31536000; includeSubDomains; preload
+      Content-Security-Policy:
+      - 'default-src ''none''; base-uri ''self''; block-all-mixed-content; child-src
+        www.youtube-nocookie.com; connect-src ''self'' www.google-analytics.com errors.hackerone.net;
+        font-src ''self''; form-action ''self''; frame-ancestors ''none''; img-src
+        ''self'' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com
+        profile-photos.hackerone-user-content.com hackerone-attachments.s3.amazonaws.com;
+        media-src ''self'' hackerone-attachments.s3.amazonaws.com; script-src ''self''
+        www.google-analytics.com; style-src ''self'' ''unsafe-inline''; report-uri
+        https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598'
+      X-Content-Type-Options:
+      - nosniff
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - DENY
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Xss-Protection:
+      - 1; mode=block
+      Public-Key-Pins-Report-Only:
+      - pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
+        pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
+        pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
+        pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
+        report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
+      Server:
+      - cloudflare-nginx
+      Cf-Ray:
+      - 3926b87dce5c0761-AMS
+    body:
+      encoding: UTF-8
+      string: '{"data":{"id":"58549","type":"bounty","attributes":{"amount":"1330.00","bonus_amount":"7.00","awarded_amount":"1330.00","awarded_bonus_amount":"7.00","awarded_currency":"USD","created_at":"2017-08-22T15:03:46.183Z"}}}'
+    http_version: 
+  recorded_at: Tue, 22 Aug 2017 15:03:45 GMT
+recorded_with: VCR 3.0.3

data/fixtures/vcr_cassettes/award_swag.yml

@@ -0,0 +1,78 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.hackerone.com/v1/reports/200/swags
+    body:
+      encoding: UTF-8
+      string: '{"data":{"message":"Enjoy this cool swag!"}}'
+    headers:
+      Authorization:
+      - Basic NOPE
+      User-Agent:
+      - Faraday v0.13.0
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 201
+      message: Created
+    headers:
+      Date:
+      - Tue, 22 Aug 2017 15:09:44 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Set-Cookie:
+      - __cfduid=d09e856041f6ae0c3a2a91e50ba326b211503414583; expires=Wed, 22-Aug-18
+        15:09:43 GMT; path=/; Domain=api.hackerone.com; HttpOnly
+      X-Request-Id:
+      - 8d9d9f70-ee1e-49a8-b396-0d763383d9e2
+      Etag:
+      - W/"31f75873e2b18f42b69b8d094d270f58"
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Strict-Transport-Security:
+      - max-age=31536000; includeSubDomains; preload
+      Content-Security-Policy:
+      - 'default-src ''none''; base-uri ''self''; block-all-mixed-content; child-src
+        www.youtube-nocookie.com; connect-src ''self'' www.google-analytics.com errors.hackerone.net;
+        font-src ''self''; form-action ''self''; frame-ancestors ''none''; img-src
+        ''self'' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com
+        profile-photos.hackerone-user-content.com hackerone-attachments.s3.amazonaws.com;
+        media-src ''self'' hackerone-attachments.s3.amazonaws.com; script-src ''self''
+        www.google-analytics.com; style-src ''self'' ''unsafe-inline''; report-uri
+        https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598'
+      X-Content-Type-Options:
+      - nosniff
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - DENY
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Xss-Protection:
+      - 1; mode=block
+      Public-Key-Pins-Report-Only:
+      - pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
+        pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
+        pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
+        pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
+        report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
+      Server:
+      - cloudflare-nginx
+      Cf-Ray:
+      - 3926c13b49050761-AMS
+    body:
+      encoding: UTF-8
+      string: '{"data":{"id":"2057","type":"swag","attributes":{"sent":false,"created_at":"2017-08-22T15:09:44.176Z"}}}'
+    http_version: 
+  recorded_at: Tue, 22 Aug 2017 15:09:43 GMT
+recorded_with: VCR 3.0.3

data/fixtures/vcr_cassettes/suggest_a_bounty.yml

@@ -0,0 +1,80 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.hackerone.com/v1/reports/200/bounty_suggestions
+    body:
+      encoding: UTF-8
+      string: '{"data":{"message":"This report is great, I think we should award a
+        high bounty.","amount":5000,"bonus_amount":2500}}'
+    headers:
+      Authorization:
+      - Basic NOPE
+      User-Agent:
+      - Faraday v0.13.0
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 201
+      message: Created
+    headers:
+      Date:
+      - Tue, 22 Aug 2017 15:10:02 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Set-Cookie:
+      - __cfduid=d024b34c2f975a4ee9ede2a5bc288fdc11503414602; expires=Wed, 22-Aug-18
+        15:10:02 GMT; path=/; Domain=api.hackerone.com; HttpOnly
+      X-Request-Id:
+      - 6114bb66-4dad-4bb0-8913-530c38758156
+      Etag:
+      - W/"554f310fcd9c49f5d069ea686e38e8e2"
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Strict-Transport-Security:
+      - max-age=31536000; includeSubDomains; preload
+      Content-Security-Policy:
+      - 'default-src ''none''; base-uri ''self''; block-all-mixed-content; child-src
+        www.youtube-nocookie.com; connect-src ''self'' www.google-analytics.com errors.hackerone.net;
+        font-src ''self''; form-action ''self''; frame-ancestors ''none''; img-src
+        ''self'' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com
+        profile-photos.hackerone-user-content.com hackerone-attachments.s3.amazonaws.com;
+        media-src ''self'' hackerone-attachments.s3.amazonaws.com; script-src ''self''
+        www.google-analytics.com; style-src ''self'' ''unsafe-inline''; report-uri
+        https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598'
+      X-Content-Type-Options:
+      - nosniff
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - DENY
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Xss-Protection:
+      - 1; mode=block
+      Public-Key-Pins-Report-Only:
+      - pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
+        pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
+        pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
+        pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
+        report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
+      Server:
+      - cloudflare-nginx
+      Cf-Ray:
+      - 3926c1aecfdb2c72-AMS
+    body:
+      encoding: UTF-8
+      string: '{"data":{"type":"activity-bounty-suggested","id":"1946481","attributes":{"message":"This
+        report is great, I think we should award a high bounty.","created_at":"2017-08-22T15:10:02.699Z","updated_at":"2017-08-22T15:10:02.699Z","internal":true,"bounty_amount":"5,000","bonus_amount":"2,500"},"relationships":{"actor":{"data":{"type":"user","id":"193855","attributes":{"username":"sjors","name":null,"disabled":false,"created_at":"2017-08-22T13:18:29.084Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}}}'
+    http_version: 
+  recorded_at: Tue, 22 Aug 2017 15:10:02 GMT
+recorded_with: VCR 3.0.3

data/lib/hackerone/client.rb

@@ -10,6 +10,8 @@ require_relative "client/member"
 require_relative "client/user"
 require_relative "client/group"
 require_relative "client/structured_scope"
+require_relative "client/swag"
+require_relative "client/bounty"
 
 module HackerOne
   module Client

data/lib/hackerone/client/activity.rb

@@ -57,13 +57,18 @@ module HackerOne
         delegate :message, :internal, to: :attributes
       end
 
+      class BountySuggested < Activity
+        delegate :message, :bounty_amount, :bonus_amount, to: :attributes
+      end
+
       ACTIVITY_TYPE_CLASS_MAPPING = {
         'activity-bounty-awarded' => BountyAwarded,
         'activity-swag-awarded' => SwagAwarded,
         'activity-user-assigned-to-bug' => UserAssignedToBug,
         'activity-bug-triaged' => BugTriaged,
         'activity-reference-id-added' => ReferenceIdAdded,
-        'activity-comment' => CommentAdded
+        'activity-comment' => CommentAdded,
+        'activity-bounty-suggested' => BountySuggested
       }.freeze
 
       def self.build(activity_data)

data/lib/hackerone/client/bounty.rb

@@ -0,0 +1,29 @@
+module HackerOne
+  module Client
+    class Bounty
+      delegate(
+        :amount,
+        :bonus_amount,
+        :awarded_amount,
+        :awarded_bonus_amount,
+        :awarded_currency,
+        :created_at,
+        to: :attributes
+      )
+
+      def initialize(bounty)
+        @bounty = bounty
+      end
+
+      def id
+        @bounty[:id]
+      end
+
+      private
+
+      def attributes
+        OpenStruct.new(@bounty[:attributes])
+      end
+    end
+  end
+end

data/lib/hackerone/client/report.rb

@@ -1,9 +1,12 @@
+require_relative './resource_helper'
 require_relative './weakness'
 require_relative './activity'
 
 module HackerOne
   module Client
     class Report
+      include ResourceHelper
+
       def initialize(report)
         @report = report
       end
@@ -83,6 +86,46 @@ module HackerOne
         @program || Program.find(relationships[:program][:data][:attributes][:handle])
       end
 
+      def award_bounty(message:, amount:, bonus_amount: nil)
+        request_body = {
+          message: message,
+          amount: amount,
+          bonus_amount: bonus_amount
+        }
+
+        response_body = make_post_request(
+          "reports/#{id}/bounties",
+          request_body: request_body
+        )
+        Bounty.new(response_body)
+      end
+
+      def award_swag(message:)
+        request_body = {
+          message: message
+        }
+
+        response_body = make_post_request(
+          "reports/#{id}/swags",
+          request_body: request_body
+        )
+        Swag.new(response_body)
+      end
+
+      def suggest_bounty(message:, amount:, bonus_amount: nil)
+        request_body = {
+          message: message,
+          amount: amount,
+          bonus_amount: bonus_amount
+        }
+
+        response_body = make_post_request(
+          "reports/#{id}/bounty_suggestions",
+          request_body: request_body
+        )
+        Activities.build(response_body)
+      end
+
       def assign_to_user(name)
         member = program.find_member(name)
         _assign_to(member.user.id, :user)

data/lib/hackerone/client/swag.rb

@@ -0,0 +1,21 @@
+module HackerOne
+  module Client
+    class Swag
+      delegate :sent, :created_at, to: :attributes
+
+      def initialize(swag)
+        @swag = swag
+      end
+
+      def id
+        @swag[:id]
+      end
+
+      private
+
+      def attributes
+        OpenStruct.new(@swag[:attributes])
+      end
+    end
+  end
+end

data/lib/hackerone/client/version.rb

@@ -1,5 +1,5 @@
 module Hackerone
   module Client
-    VERSION = "0.7.0"
+    VERSION = "0.8.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hackerone-client
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.8.0
 platform: ruby
 authors:
 - Neil Matatall
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-08-28 00:00:00.000000000 Z
+date: 2017-09-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -142,6 +142,8 @@ files:
 - fixtures/vcr_cassettes/assign_report_to_nobody_no_permission.yml
 - fixtures/vcr_cassettes/assign_report_to_user.yml
 - fixtures/vcr_cassettes/assign_report_to_user_no_permission.yml
+- fixtures/vcr_cassettes/award_a_bounty.yml
+- fixtures/vcr_cassettes/award_swag.yml
 - fixtures/vcr_cassettes/common_responses.yml
 - fixtures/vcr_cassettes/empty_report_list.yml
 - fixtures/vcr_cassettes/missing_report.yml
@@ -152,9 +154,11 @@ files:
 - fixtures/vcr_cassettes/server_error.yml
 - fixtures/vcr_cassettes/server_error_when_assigning_report_to_user.yml
 - fixtures/vcr_cassettes/stage_change.yml
+- fixtures/vcr_cassettes/suggest_a_bounty.yml
 - hackerone-client.gemspec
 - lib/hackerone/client.rb
 - lib/hackerone/client/activity.rb
+- lib/hackerone/client/bounty.rb
 - lib/hackerone/client/group.rb
 - lib/hackerone/client/member.rb
 - lib/hackerone/client/program.rb
@@ -162,6 +166,7 @@ files:
 - lib/hackerone/client/reporter.rb
 - lib/hackerone/client/resource_helper.rb
 - lib/hackerone/client/structured_scope.rb
+- lib/hackerone/client/swag.rb
 - lib/hackerone/client/user.rb
 - lib/hackerone/client/version.rb
 - lib/hackerone/client/weakness.rb
@@ -185,7 +190,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 2.2.0
 signing_key: 
 specification_version: 4
 summary: A limited client for the HackerOne API