scopes_extractor 0.5.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: edd3e5dc9cc8ae3d8cf7ca78b46f59ef66efda9d24c295b7f9577ce34752a681
|
4
|
+
data.tar.gz: 2e1762a5bbb34bb239249e7288ad6e8efdc29d4bac8748d968f8d7620c706d8c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d8777cfd7ecce621fa075c32af17e48ef38674dc24dfef40ee97bb297aa2956dece20aec4c5dccbafcf79f37d19457c9d78ab5aa40ee47477f68806c9e8a93e7
|
7
|
+
data.tar.gz: '0216516396422fad634543f57fd61c250edf1abe6975ffb2d1187ac9659e9cdc5bfd1772013865a1c0cf98768292d2674edd1ee44dd5d3e0a48c60ff0bd12617'
|
@@ -33,10 +33,12 @@ class Bugcrowd
|
|
33
33
|
scopes.each do |scope|
|
34
34
|
next unless scope['category'] == 'website' || scope['category'] == 'api'
|
35
35
|
|
36
|
-
endpoint = scope['name']
|
36
|
+
endpoint = scope['name'].split.first
|
37
37
|
next if exclusions.any? { |exclusion| endpoint.include?(exclusion) } || !endpoint.include?('.')
|
38
|
+
next if endpoint.include?('*') && !endpoint.start_with?('*.')
|
38
39
|
|
39
|
-
|
40
|
+
endpoint.sub!(%r{/$}, '')
|
41
|
+
scopes_normalized << endpoint.sub('/*', '')
|
40
42
|
end
|
41
43
|
|
42
44
|
scopes_normalized
|
@@ -14,7 +14,7 @@ class Hackerone
|
|
14
14
|
next if options[:skip_vdp] && !program['attributes']['offers_bounties']
|
15
15
|
|
16
16
|
results[program['attributes']['name']] = program_info(program)
|
17
|
-
results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program))
|
17
|
+
results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program), options)
|
18
18
|
end
|
19
19
|
|
20
20
|
sync(results, options, page_id + 1) if programs_infos[:next_page]
|
@@ -3,30 +3,36 @@
|
|
3
3
|
class Hackerone
|
4
4
|
# Hackerone Sync Programs
|
5
5
|
class Scopes
|
6
|
-
def self.sync(program)
|
6
|
+
def self.sync(program, options)
|
7
7
|
scopes = {}
|
8
8
|
response = HttpClient.get("https://api.hackerone.com/v1/hackers/programs/#{program[:slug]}")
|
9
9
|
return scopes unless response&.code == 200
|
10
10
|
|
11
11
|
in_scopes = JSON.parse(response.body)['relationships']['structured_scopes']['data']
|
12
|
-
scopes['in'] = parse_scopes(in_scopes)
|
12
|
+
scopes['in'] = parse_scopes(in_scopes, options)
|
13
13
|
|
14
14
|
scopes['out'] = {} # TODO
|
15
15
|
|
16
16
|
scopes
|
17
17
|
end
|
18
18
|
|
19
|
-
def self.parse_scopes(scopes)
|
19
|
+
def self.parse_scopes(scopes, options)
|
20
20
|
scopes_normalized = []
|
21
21
|
|
22
22
|
scopes.each do |scope|
|
23
|
-
next
|
23
|
+
next if scope['attributes']['eligible_for_submission'] == false ||
|
24
|
+
(scope['attributes']['eligible_for_bounty'] == false && options[:skip_vdp])
|
25
|
+
next unless %w[URL WILDCARD].any?(scope['attributes']['asset_type'])
|
24
26
|
|
25
27
|
endpoint = scope['attributes']['asset_identifier']
|
26
28
|
normalized = normalized(endpoint)
|
27
29
|
|
28
30
|
normalized.each do |asset|
|
29
|
-
|
31
|
+
next unless asset.include?('.')
|
32
|
+
next if asset.include?('*') && !asset.start_with?('*.')
|
33
|
+
next unless asset.match?(/\w\./)
|
34
|
+
|
35
|
+
scopes_normalized << asset.sub('/*', '')
|
30
36
|
end
|
31
37
|
end
|
32
38
|
|
@@ -39,9 +45,9 @@ class Hackerone
|
|
39
45
|
normalized = []
|
40
46
|
|
41
47
|
if endpoint.include?(',')
|
42
|
-
endpoint.split(',').each { |asset| normalized << asset }
|
48
|
+
endpoint.split(',').each { |asset| normalized << asset.sub('/*', '') }
|
43
49
|
else
|
44
|
-
normalized << endpoint
|
50
|
+
normalized << endpoint.sub('/*', '')
|
45
51
|
end
|
46
52
|
|
47
53
|
normalized
|
@@ -26,8 +26,9 @@ class YesWeHack
|
|
26
26
|
normalized = normalize(infos['scope'])
|
27
27
|
normalized.each do |asset|
|
28
28
|
next unless asset.include?('.')
|
29
|
+
next if asset.include?('*') && !asset.start_with?('*.')
|
29
30
|
|
30
|
-
scopes_normalized << asset
|
31
|
+
scopes_normalized << asset.sub('/*', '')
|
31
32
|
end
|
32
33
|
end
|
33
34
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: scopes_extractor
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Joshua MARTINELLE
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-05-
|
11
|
+
date: 2023-05-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: colorize
|