hackerone-client 0.8.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 794e38d3185f76e57cc54c068d18aa55c47f1603
-  data.tar.gz: b27ec2e1e57def5a56f4c6ea05f64c434ba361b5
+  metadata.gz: 94884f2e83bc01298d110763495fd447a2a05516
+  data.tar.gz: 7777f1f30b8c352f90d5468b0183d583dbc7110c
 SHA512:
-  metadata.gz: 2a6a4da87504cf4768308a779e4d620464b3eaba5c7e22ae623bcb44f96c4bceb66fe9a30f2515d019a28a0a73598612de5ab740752c60f3172fa5b1084b9a49
-  data.tar.gz: 961ffd6216a04ee835e37818a362c9b2472e9affd6f830cfd603fc0a0a5f1f0fbbaa9def0f024d1b009f15bf7268af54feff348976dacb006737d27394374908
+  metadata.gz: 1e01b867715db5cfba87f65db099d287958ea8cf2efe1769fc7fb185a9d07a702c31756405ea7b530939fab8e198392e5feb1d94762d3148beed70762633bfd2
+  data.tar.gz: 9e509df444be9dd599d47a557fcf96567e4a3bf36fc11b1721f798d593d6a5c54d9fc83a43968483262e5cfa73ae8001d4eab7e225b0b7b138c2ab4df0a7325d

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## [0.9.0] - 2017-10-09
+
+- API: move actions from client into report (@esjee)
+
+This is a breaking change, but this is still not a 1.0 and shouldn't be considered stable.
+
 ## [0.8.0] - 2017-09-05
 
 - Feature: add ability to suggest and award swag, cash, and bonuses (@esjee)

data/fixtures/vcr_cassettes/add_comment.yml

@@ -2,7 +2,7 @@
 http_interactions:
 - request:
     method: post
-    uri: https://api.hackerone.com/v1/reports/215230/activities
+    uri: https://api.hackerone.com/v1/reports/200/activities
     body:
       encoding: UTF-8
       string: "{\"data\":{\"type\":\"activity-comment\",\"attributes\":{\"message\":\"I
@@ -77,81 +77,3 @@ http_interactions:
         am an internal comment\",\"created_at\":\"2017-07-20T19:31:19.733Z\",\"updated_at\":\"2017-07-20T19:31:19.733Z\",\"internal\":true},\"relationships\":{\"actor\":{\"data\":{\"type\":\"user\",\"id\":\"185283\",\"attributes\":{\"username\":\"oreoshake-test-token-4\",\"name\":null,\"disabled\":false,\"created_at\":\"2017-07-20T19:22:56.881Z\",\"profile_picture\":{\"62x62\":\"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png\",\"82x82\":\"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png\",\"110x110\":\"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png\",\"260x260\":\"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png\"}}}}}}}"
     http_version:
   recorded_at: Thu, 20 Jul 2017 19:31:19 GMT
-- request:
-    method: post
-    uri: https://api.hackerone.com/v1/reports/132170/activities
-    body:
-      encoding: UTF-8
-      string: "{\"data\":{\"type\":\"activity-comment\",\"attributes\":{\"message\":\"I
-        am not an internal comment\",\"internal\":false}}}"
-    headers:
-      Authorization:
-      - Basic ==
-      User-Agent:
-      - Faraday v0.11.0
-      Content-Type:
-      - application/json
-      Accept-Encoding:
-      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
-      Accept:
-      - "*/*"
-  response:
-    status:
-      code: 201
-      message: Created
-    headers:
-      Date:
-      - Thu, 20 Jul 2017 19:31:20 GMT
-      Content-Type:
-      - application/json; charset=utf-8
-      Transfer-Encoding:
-      - chunked
-      Connection:
-      - keep-alive
-      Set-Cookie:
-      - __cfduid=d104d11a7dd0d4d546ad5de4a34ae70091500579080; expires=Fri, 20-Jul-18
-        19:31:20 GMT; path=/; Domain=api.hackerone.com; HttpOnly
-      X-Request-Id:
-      - d3253b5d-6f40-4070-8a49-2c9fddc85b6f
-      Etag:
-      - W/"5409aa55cb4b50a7801681b8f529bcfd"
-      Cache-Control:
-      - max-age=0, private, must-revalidate
-      Strict-Transport-Security:
-      - max-age=31536000; includeSubDomains; preload
-      Content-Security-Policy:
-      - 'default-src ''none''; base-uri ''self''; block-all-mixed-content; child-src
-        www.youtube-nocookie.com; connect-src ''self'' www.google-analytics.com errors.hackerone.net;
-        font-src ''self''; form-action ''self''; frame-ancestors ''none''; img-src
-        ''self'' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com
-        profile-photos.hackerone-user-content.com hackerone-attachments.s3.amazonaws.com;
-        media-src ''self'' hackerone-attachments.s3.amazonaws.com; script-src ''self''
-        www.google-analytics.com; style-src ''self'' ''unsafe-inline''; report-uri
-        https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598'
-      X-Content-Type-Options:
-      - nosniff
-      X-Download-Options:
-      - noopen
-      X-Frame-Options:
-      - DENY
-      X-Permitted-Cross-Domain-Policies:
-      - none
-      X-Xss-Protection:
-      - 1; mode=block
-      Public-Key-Pins-Report-Only:
-      - pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
-        pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
-        pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
-        pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
-        report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
-      Server:
-      - cloudflare-nginx
-      Cf-Ray:
-      - 381857128fff7820-LAX
-    body:
-      encoding: UTF-8
-      string: "{\"data\":{\"type\":\"activity-comment\",\"id\":\"1854711\",\"attributes\":{\"message\":\"I
-        am not an internal comment\",\"created_at\":\"2017-07-20T19:31:20.181Z\",\"updated_at\":\"2017-07-20T19:31:20.181Z\",\"internal\":false},\"relationships\":{\"actor\":{\"data\":{\"type\":\"user\",\"id\":\"185283\",\"attributes\":{\"username\":\"oreoshake-test-token-4\",\"name\":null,\"disabled\":false,\"created_at\":\"2017-07-20T19:22:56.881Z\",\"profile_picture\":{\"62x62\":\"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png\",\"82x82\":\"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png\",\"110x110\":\"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png\",\"260x260\":\"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png\"}}}}}}}"
-    http_version:
-  recorded_at: Thu, 20 Jul 2017 19:31:20 GMT
-recorded_with: VCR 3.0.3

data/fixtures/vcr_cassettes/add_public_comment.yml

@@ -0,0 +1,80 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.hackerone.com/v1/reports/200/activities
+    body:
+      encoding: UTF-8
+      string: "{\"data\":{\"type\":\"activity-comment\",\"attributes\":{\"message\":\"I
+        am not an internal comment\",\"internal\":false}}}"
+    headers:
+      Authorization:
+      - Basic ==
+      User-Agent:
+      - Faraday v0.11.0
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 201
+      message: Created
+    headers:
+      Date:
+      - Thu, 20 Jul 2017 19:31:20 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Set-Cookie:
+      - __cfduid=d104d11a7dd0d4d546ad5de4a34ae70091500579080; expires=Fri, 20-Jul-18
+        19:31:20 GMT; path=/; Domain=api.hackerone.com; HttpOnly
+      X-Request-Id:
+      - d3253b5d-6f40-4070-8a49-2c9fddc85b6f
+      Etag:
+      - W/"5409aa55cb4b50a7801681b8f529bcfd"
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Strict-Transport-Security:
+      - max-age=31536000; includeSubDomains; preload
+      Content-Security-Policy:
+      - 'default-src ''none''; base-uri ''self''; block-all-mixed-content; child-src
+        www.youtube-nocookie.com; connect-src ''self'' www.google-analytics.com errors.hackerone.net;
+        font-src ''self''; form-action ''self''; frame-ancestors ''none''; img-src
+        ''self'' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com
+        profile-photos.hackerone-user-content.com hackerone-attachments.s3.amazonaws.com;
+        media-src ''self'' hackerone-attachments.s3.amazonaws.com; script-src ''self''
+        www.google-analytics.com; style-src ''self'' ''unsafe-inline''; report-uri
+        https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598'
+      X-Content-Type-Options:
+      - nosniff
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - DENY
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Xss-Protection:
+      - 1; mode=block
+      Public-Key-Pins-Report-Only:
+      - pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
+        pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
+        pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4=";
+        pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains;
+        report-uri="https://hackerone.report-uri.io/r/default/hpkp/reportOnly"
+      Server:
+      - cloudflare-nginx
+      Cf-Ray:
+      - 381857128fff7820-LAX
+    body:
+      encoding: UTF-8
+      string: "{\"data\":{\"type\":\"activity-comment\",\"id\":\"1854711\",\"attributes\":{\"message\":\"I
+        am not an internal comment\",\"created_at\":\"2017-07-20T19:31:20.181Z\",\"updated_at\":\"2017-07-20T19:31:20.181Z\",\"internal\":false},\"relationships\":{\"actor\":{\"data\":{\"type\":\"user\",\"id\":\"185283\",\"attributes\":{\"username\":\"oreoshake-test-token-4\",\"name\":null,\"disabled\":false,\"created_at\":\"2017-07-20T19:22:56.881Z\",\"profile_picture\":{\"62x62\":\"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png\",\"82x82\":\"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png\",\"110x110\":\"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png\",\"260x260\":\"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png\"}}}}}}}"
+    http_version:
+  recorded_at: Thu, 20 Jul 2017 19:31:20 GMT
+recorded_with: VCR 3.0.3

data/fixtures/vcr_cassettes/add_report_reference.yml

@@ -2,7 +2,7 @@
 http_interactions:
 - request:
     method: post
-    uri: https://api.hackerone.com/v1/reports/132170/issue_tracker_reference_id
+    uri: https://api.hackerone.com/v1/reports/200/issue_tracker_reference_id
     body:
       encoding: UTF-8
       string: '{"data":{"type":"issue-tracker-reference-id","attributes":{"reference":"fooooo"}}}'
@@ -67,7 +67,7 @@ http_interactions:
       - 340a6ba9fa5653a8-LAX
     body:
       encoding: ASCII-8BIT
-      string: '{"relationships":{"report":{"data":{"id":"132170","type":"report","attributes":{"title":"ssss","state":"triaged","created_at":"2016-04-18T22:24:50.065Z","vulnerability_information":"sssss","triaged_at":"2017-03-16T19:53:49.939Z","closed_at":null,"last_reporter_activity_at":"2016-04-18T22:24:50.118Z","first_program_activity_at":"2017-03-16T18:36:40.650Z","last_program_activity_at":"2017-03-16T19:53:49.939Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"last_activity_at":"2017-03-16T19:53:49.939Z","issue_tracker_reference_id":"fooooo"},"relationships":{"reporter":{"data":{"id":"57690","type":"user","attributes":{"username":"ndm-github","name":"Neil
+      string: '{"relationships":{"report":{"data":{"id":"200","type":"report","attributes":{"title":"ssss","state":"triaged","created_at":"2016-04-18T22:24:50.065Z","vulnerability_information":"sssss","triaged_at":"2017-03-16T19:53:49.939Z","closed_at":null,"last_reporter_activity_at":"2016-04-18T22:24:50.118Z","first_program_activity_at":"2017-03-16T18:36:40.650Z","last_program_activity_at":"2017-03-16T19:53:49.939Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"last_activity_at":"2017-03-16T19:53:49.939Z","issue_tracker_reference_id":"fooooo"},"relationships":{"reporter":{"data":{"id":"57690","type":"user","attributes":{"username":"ndm-github","name":"Neil
         Matatall","disabled":false,"created_at":"2016-02-24T01:33:01.258Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/production/000/057/690/1e0c9ef6fc8bcc17806ae82e6f73cdd4d0e74eb9_small.jpg?1469554487","82x82":"https://profile-photos.hackerone-user-content.com/production/000/057/690/f6a17c40a6c910ba801014d1498b55727ea858e3_medium.jpg?1469554487","110x110":"https://profile-photos.hackerone-user-content.com/production/000/057/690/2259dde15230756d99f68a9ca824af11081ab965_large.jpg?1469554487","260x260":"https://profile-photos.hackerone-user-content.com/production/000/057/690/6d2da33805fef8b8ac4cf513e1562699e79365e0_xtralarge.jpg?1469554487"}}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github-test","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2016-09-20T14:54:15.448Z"}}},"swag":{"data":[]},"attachments":{"data":[]},"vulnerability_types":{"data":[{"id":"107921","type":"vulnerability-type","attributes":{"name":"Cross-Site
         Scripting (XSS)","description":"Failure of a site to validate, filter, or
         encode user input before returning it to another user''s web client.\n","created_at":"2016-04-15T17:10:39.169Z"}}]},"activities":{"data":[{"type":"activity-reference-id-added","id":"1546419","attributes":{"message":"","created_at":"2017-03-16T20:21:44.883Z","updated_at":"2017-03-16T20:21:44.883Z","internal":true,"reference":"fooooo","reference_url":null},"relationships":{"actor":{"data":{"type":"user","id":"151303","attributes":{"username":"testingagain","name":null,"disabled":false,"created_at":"2017-03-16T00:35:19.472Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}}}}}},{"type":"activity-bug-triaged","id":"1546376","attributes":{"message":"This

data/fixtures/vcr_cassettes/stage_change.yml

@@ -2,7 +2,7 @@
 http_interactions:
 - request:
     method: post
-    uri: https://api.hackerone.com/v1/reports/132170/state_changes
+    uri: https://api.hackerone.com/v1/reports/200/state_changes
     body:
       encoding: UTF-8
       string: '{"data":{"type":"state-change","attributes":{"message":"This is has
@@ -68,7 +68,7 @@ http_interactions:
       - 340a42c58e9553de-LAX
     body:
       encoding: UTF-8
-      string: '{"data":{"id":"132170","type":"report","attributes":{"title":"ssss","state":"triaged","created_at":"2016-04-18T22:24:50.065Z","vulnerability_information":"sssss","triaged_at":"2017-03-16T19:53:49.939Z","closed_at":null,"last_reporter_activity_at":"2016-04-18T22:24:50.118Z","first_program_activity_at":"2017-03-16T18:36:40.650Z","last_program_activity_at":"2017-03-16T19:53:49.939Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"last_activity_at":"2017-03-16T19:53:49.939Z","issue_tracker_reference_id":"3476"},"relationships":{"reporter":{"data":{"id":"57690","type":"user","attributes":{"username":"ndm-github","name":"Neil
+      string: '{"data":{"id":"200","type":"report","attributes":{"title":"ssss","state":"triaged","created_at":"2016-04-18T22:24:50.065Z","vulnerability_information":"sssss","triaged_at":"2017-03-16T19:53:49.939Z","closed_at":null,"last_reporter_activity_at":"2016-04-18T22:24:50.118Z","first_program_activity_at":"2017-03-16T18:36:40.650Z","last_program_activity_at":"2017-03-16T19:53:49.939Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"last_activity_at":"2017-03-16T19:53:49.939Z","issue_tracker_reference_id":"3476"},"relationships":{"reporter":{"data":{"id":"57690","type":"user","attributes":{"username":"ndm-github","name":"Neil
         Matatall","disabled":false,"created_at":"2016-02-24T01:33:01.258Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/production/000/057/690/1e0c9ef6fc8bcc17806ae82e6f73cdd4d0e74eb9_small.jpg?1469554487","82x82":"https://profile-photos.hackerone-user-content.com/production/000/057/690/f6a17c40a6c910ba801014d1498b55727ea858e3_medium.jpg?1469554487","110x110":"https://profile-photos.hackerone-user-content.com/production/000/057/690/2259dde15230756d99f68a9ca824af11081ab965_large.jpg?1469554487","260x260":"https://profile-photos.hackerone-user-content.com/production/000/057/690/6d2da33805fef8b8ac4cf513e1562699e79365e0_xtralarge.jpg?1469554487"}}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github-test","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2016-09-20T14:54:15.448Z"}}},"swag":{"data":[]},"attachments":{"data":[]},"vulnerability_types":{"data":[{"id":"107921","type":"vulnerability-type","attributes":{"name":"Cross-Site
         Scripting (XSS)","description":"Failure of a site to validate, filter, or
         encode user input before returning it to another user''s web client.\n","created_at":"2016-04-15T17:10:39.169Z"}}]},"activities":{"data":[{"type":"activity-bug-triaged","id":"1546376","attributes":{"message":"This

data/lib/hackerone/client.rb

@@ -22,23 +22,6 @@ module HackerOne
     DEFAULT_HIGH_RANGE = 2500...4999
     DEFAULT_CRITICAL_RANGE = 5000...100_000_000
 
-    STATES = %w(
-      new
-      triaged
-      needs-more-info
-      resolved
-      not-applicable
-      informative
-      duplicate
-      spam
-    ).map(&:to_sym).freeze
-
-    STATES_REQUIRING_STATE_CHANGE_MESSAGE = %w(
-      needs-more-info
-      informative
-      duplicate
-    ).map(&:to_sym).freeze
-
     class << self
       ATTRS = [:low_range, :medium_range, :high_range, :critical_range].freeze
       attr_accessor :program
@@ -101,89 +84,6 @@ module HackerOne
         end
       end
 
-      ## Idempotent: add the issue reference and put the report into the "triage" state.
-      #
-      # id: the ID of the report
-      # state: value for the reference (e.g. issue number or relative path to cross-repo issue)
-      #
-      # returns an HackerOne::Client::Report object or raises an error if
-      # no report is found.
-      def triage(id, reference)
-        add_report_reference(id, reference)
-        state_change(id, :triaged)
-      end
-
-      ## Idempotent: Add a report reference to a project
-      #
-      # id: the ID of the report
-      # state: value for the reference (e.g. issue number or relative path to cross-repo issue)
-      #
-      # returns an HackerOne::Client::Report object or raises an error if
-      # no report is found.
-      def add_report_reference(id, reference)
-        body = {
-          data: {
-            type: "issue-tracker-reference-id",
-            attributes: {
-              reference: reference
-            }
-          }
-        }
-
-        Report.new(post("reports/#{id}/issue_tracker_reference_id", body))
-      end
-
-      ## Idempotent: change the state of a report. See STATES for valid values.
-      #
-      # id: the ID of the report
-      # state: the state in which the report is to be put in
-      #
-      # returns an HackerOne::Client::Report object or raises an error if
-      # no report is found.
-      def state_change(id, state, message = nil)
-        raise ArgumentError, "state (#{state}) must be one of #{STATES}" unless STATES.include?(state)
-
-        body = {
-          data: {
-            type: "state-change",
-            attributes: {
-              state: state
-            }
-          }
-        }
-
-        if message
-          body[:data][:attributes][:message] = message
-        elsif STATES_REQUIRING_STATE_CHANGE_MESSAGE.include?(state)
-          fail ArgumentError, "State #{state} requires a message. No message was supplied."
-        else
-          # message is in theory optional, but a value appears to be required.
-          body[:data][:attributes][:message] = ""
-        end
-        post("reports/#{id}/state_changes", body)
-      end
-
-      # Add a comment to a report. By default, internal comments will be added.
-      #
-      # id: the ID of the report
-      # message: the content of the comment that will be created
-      # internal: "team only" comment (true, default) or "all participants"
-      def add_comment(id, message, internal: true)
-        fail ArgumentError, "message is required" if message.blank?
-
-        body = {
-          data: {
-            type: "activity-comment",
-            attributes: {
-              message: message,
-              internal: internal
-            }
-          }
-        }
-
-        post("reports/#{id}/activities", body)
-      end
-
       ## Public: retrieve a report
       #
       # id: the ID of a specific report
@@ -225,7 +125,12 @@ module HackerOne
         elsif response.status.to_s.start_with?("5")
           raise RuntimeError, "API called failed, probably their fault: #{response.body}"
         elsif response.success?
-          JSON.parse(response.body, :symbolize_names => true)[:data]
+          response_body_json = JSON.parse(response.body, :symbolize_names => true)
+          if response_body_json.key?(:data)
+            response_body_json[:data]
+          else
+            response_body_json
+          end
         else
           raise RuntimeError, "Not sure what to do here: #{response.body}"
         end

data/lib/hackerone/client/report.rb

@@ -7,6 +7,23 @@ module HackerOne
     class Report
       include ResourceHelper
 
+      STATES = %w(
+        new
+        triaged
+        needs-more-info
+        resolved
+        not-applicable
+        informative
+        duplicate
+        spam
+      ).map(&:to_sym).freeze
+
+      STATES_REQUIRING_STATE_CHANGE_MESSAGE = %w(
+        needs-more-info
+        informative
+        duplicate
+      ).map(&:to_sym).freeze
+
       def initialize(report)
         @report = report
       end
@@ -27,6 +44,10 @@ module HackerOne
         attributes[:issue_tracker_reference_url]
       end
 
+      def issue_tracker_reference_id
+        attributes[:issue_tracker_reference_id]
+      end
+
       def reporter
         relationships
           .fetch(:reporter, {})
@@ -126,6 +147,89 @@ module HackerOne
         Activities.build(response_body)
       end
 
+      ## Idempotent: change the state of a report. See STATES for valid values.
+      #
+      # id: the ID of the report
+      # state: the state in which the report is to be put in
+      #
+      # returns an HackerOne::Client::Report object or raises an error if
+      # no report is found.
+      def state_change(state, message = nil)
+        raise ArgumentError, "state (#{state}) must be one of #{STATES}" unless STATES.include?(state)
+
+        body = {
+          type: "state-change",
+          attributes: {
+            state: state
+          }
+        }
+
+        if message
+          body[:attributes][:message] = message
+        elsif STATES_REQUIRING_STATE_CHANGE_MESSAGE.include?(state)
+          fail ArgumentError, "State #{state} requires a message. No message was supplied."
+        else
+          # message is in theory optional, but a value appears to be required.
+          body[:attributes][:message] = ""
+        end
+
+        response_json = make_post_request("reports/#{id}/state_changes", request_body: body)
+        @report = response_json
+        self
+      end
+
+      ## Idempotent: Add a report reference to a project
+      #
+      # id: the ID of the report
+      # state: value for the reference (e.g. issue number or relative path to cross-repo issue)
+      #
+      # returns an HackerOne::Client::Report object or raises an error if
+      # no report is found.
+      def add_report_reference(reference)
+        body = {
+          type: "issue-tracker-reference-id",
+          attributes: {
+            reference: reference
+          }
+        }
+
+        response_json = make_post_request("reports/#{id}/issue_tracker_reference_id", request_body: body)
+        @report = response_json[:relationships][:report][:data]
+        self
+      end
+
+      ## Idempotent: add the issue reference and put the report into the "triage" state.
+      #
+      # id: the ID of the report
+      # state: value for the reference (e.g. issue number or relative path to cross-repo issue)
+      #
+      # returns an HackerOne::Client::Report object or raises an error if
+      # no report is found.
+      def triage(reference)
+        add_report_reference(reference)
+        state_change(:triaged)
+      end
+
+      # Add a comment to a report. By default, internal comments will be added.
+      #
+      # id: the ID of the report
+      # message: the content of the comment that will be created
+      # internal: "team only" comment (true, default) or "all participants"
+      def add_comment(message, internal: true)
+        fail ArgumentError, "message is required" if message.blank?
+
+        body = {
+          type: "activity-comment",
+          attributes: {
+            message: message,
+            internal: internal
+          }
+        }
+
+        response_json = make_post_request("reports/#{id}/activities", request_body: body)
+        HackerOne::Client::Activities.build(response_json)
+      end
+
       def assign_to_user(name)
         member = program.find_member(name)
         _assign_to(member.user.id, :user)

data/lib/hackerone/client/version.rb

@@ -1,5 +1,5 @@
 module Hackerone
   module Client
-    VERSION = "0.8.0"
+    VERSION = "0.9.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hackerone-client
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.9.0
 platform: ruby
 authors:
 - Neil Matatall
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-09-05 00:00:00.000000000 Z
+date: 2017-10-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -135,6 +135,7 @@ files:
 - bin/console
 - bin/setup
 - fixtures/vcr_cassettes/add_comment.yml
+- fixtures/vcr_cassettes/add_public_comment.yml
 - fixtures/vcr_cassettes/add_report_reference.yml
 - fixtures/vcr_cassettes/assign_report_to_group.yml
 - fixtures/vcr_cassettes/assign_report_to_group_no_permission.yml