scopes_extractor 0.5.0 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: edd3e5dc9cc8ae3d8cf7ca78b46f59ef66efda9d24c295b7f9577ce34752a681
|
4
|
+
data.tar.gz: 2e1762a5bbb34bb239249e7288ad6e8efdc29d4bac8748d968f8d7620c706d8c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d8777cfd7ecce621fa075c32af17e48ef38674dc24dfef40ee97bb297aa2956dece20aec4c5dccbafcf79f37d19457c9d78ab5aa40ee47477f68806c9e8a93e7
|
7
|
+
data.tar.gz: '0216516396422fad634543f57fd61c250edf1abe6975ffb2d1187ac9659e9cdc5bfd1772013865a1c0cf98768292d2674edd1ee44dd5d3e0a48c60ff0bd12617'
|
@@ -33,10 +33,12 @@ class Bugcrowd
|
|
33
33
|
scopes.each do |scope|
|
34
34
|
next unless scope['category'] == 'website' || scope['category'] == 'api'
|
35
35
|
|
36
|
-
endpoint = scope['name']
|
36
|
+
endpoint = scope['name'].split.first
|
37
37
|
next if exclusions.any? { |exclusion| endpoint.include?(exclusion) } || !endpoint.include?('.')
|
38
|
+
next if endpoint.include?('*') && !endpoint.start_with?('*.')
|
38
39
|
|
39
|
-
|
40
|
+
endpoint.sub!(%r{/$}, '')
|
41
|
+
scopes_normalized << endpoint.sub('/*', '')
|
40
42
|
end
|
41
43
|
|
42
44
|
scopes_normalized
|
@@ -14,7 +14,7 @@ class Hackerone
|
|
14
14
|
next if options[:skip_vdp] && !program['attributes']['offers_bounties']
|
15
15
|
|
16
16
|
results[program['attributes']['name']] = program_info(program)
|
17
|
-
results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program))
|
17
|
+
results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program), options)
|
18
18
|
end
|
19
19
|
|
20
20
|
sync(results, options, page_id + 1) if programs_infos[:next_page]
|
@@ -3,30 +3,36 @@
|
|
3
3
|
class Hackerone
|
4
4
|
# Hackerone Sync Programs
|
5
5
|
class Scopes
|
6
|
-
def self.sync(program)
|
6
|
+
def self.sync(program, options)
|
7
7
|
scopes = {}
|
8
8
|
response = HttpClient.get("https://api.hackerone.com/v1/hackers/programs/#{program[:slug]}")
|
9
9
|
return scopes unless response&.code == 200
|
10
10
|
|
11
11
|
in_scopes = JSON.parse(response.body)['relationships']['structured_scopes']['data']
|
12
|
-
scopes['in'] = parse_scopes(in_scopes)
|
12
|
+
scopes['in'] = parse_scopes(in_scopes, options)
|
13
13
|
|
14
14
|
scopes['out'] = {} # TODO
|
15
15
|
|
16
16
|
scopes
|
17
17
|
end
|
18
18
|
|
19
|
-
def self.parse_scopes(scopes)
|
19
|
+
def self.parse_scopes(scopes, options)
|
20
20
|
scopes_normalized = []
|
21
21
|
|
22
22
|
scopes.each do |scope|
|
23
|
-
next
|
23
|
+
next if scope['attributes']['eligible_for_submission'] == false ||
|
24
|
+
(scope['attributes']['eligible_for_bounty'] == false && options[:skip_vdp])
|
25
|
+
next unless %w[URL WILDCARD].any?(scope['attributes']['asset_type'])
|
24
26
|
|
25
27
|
endpoint = scope['attributes']['asset_identifier']
|
26
28
|
normalized = normalized(endpoint)
|
27
29
|
|
28
30
|
normalized.each do |asset|
|
29
|
-
|
31
|
+
next unless asset.include?('.')
|
32
|
+
next if asset.include?('*') && !asset.start_with?('*.')
|
33
|
+
next unless asset.match?(/\w\./)
|
34
|
+
|
35
|
+
scopes_normalized << asset.sub('/*', '')
|
30
36
|
end
|
31
37
|
end
|
32
38
|
|
@@ -39,9 +45,9 @@ class Hackerone
|
|
39
45
|
normalized = []
|
40
46
|
|
41
47
|
if endpoint.include?(',')
|
42
|
-
endpoint.split(',').each { |asset| normalized << asset }
|
48
|
+
endpoint.split(',').each { |asset| normalized << asset.sub('/*', '') }
|
43
49
|
else
|
44
|
-
normalized << endpoint
|
50
|
+
normalized << endpoint.sub('/*', '')
|
45
51
|
end
|
46
52
|
|
47
53
|
normalized
|
@@ -26,8 +26,9 @@ class YesWeHack
|
|
26
26
|
normalized = normalize(infos['scope'])
|
27
27
|
normalized.each do |asset|
|
28
28
|
next unless asset.include?('.')
|
29
|
+
next if asset.include?('*') && !asset.start_with?('*.')
|
29
30
|
|
30
|
-
scopes_normalized << asset
|
31
|
+
scopes_normalized << asset.sub('/*', '')
|
31
32
|
end
|
32
33
|
end
|
33
34
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: scopes_extractor
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Joshua MARTINELLE
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-05-
|
11
|
+
date: 2023-05-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: colorize
|