scopes_extractor 0.5.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f4d182543a95c5350e15e48ac31e9294144bbfac8b8ab7b46c2fe473e0e29853
4
- data.tar.gz: a7b9dd659a243d2c9714a807824d11631040ee4e199756b79d99f5dbf5f5c7e5
3
+ metadata.gz: edd3e5dc9cc8ae3d8cf7ca78b46f59ef66efda9d24c295b7f9577ce34752a681
4
+ data.tar.gz: 2e1762a5bbb34bb239249e7288ad6e8efdc29d4bac8748d968f8d7620c706d8c
5
5
  SHA512:
6
- metadata.gz: 3b7dce096f56b17a31ad146b8f2b6b0c0f11643fa703f77410b4b0f1de2cf2ef9dc0557849144e9abef3628216032a909d5d65bb5d385a2a382d9eb6c718c5b6
7
- data.tar.gz: 44c364cd7de7a23903e380dc1d6d367a55ac81143054bae1688b0eaf2de80efb0d59bcf5464fdbdf223c298ab24821f65ceedb11cb26fbfbd8a0f2e69e5b4e84
6
+ metadata.gz: d8777cfd7ecce621fa075c32af17e48ef38674dc24dfef40ee97bb297aa2956dece20aec4c5dccbafcf79f37d19457c9d78ab5aa40ee47477f68806c9e8a93e7
7
+ data.tar.gz: '0216516396422fad634543f57fd61c250edf1abe6975ffb2d1187ac9659e9cdc5bfd1772013865a1c0cf98768292d2674edd1ee44dd5d3e0a48c60ff0bd12617'
@@ -33,10 +33,12 @@ class Bugcrowd
33
33
  scopes.each do |scope|
34
34
  next unless scope['category'] == 'website' || scope['category'] == 'api'
35
35
 
36
- endpoint = scope['name']
36
+ endpoint = scope['name'].split.first
37
37
  next if exclusions.any? { |exclusion| endpoint.include?(exclusion) } || !endpoint.include?('.')
38
+ next if endpoint.include?('*') && !endpoint.start_with?('*.')
38
39
 
39
- scopes_normalized << endpoint
40
+ endpoint.sub!(%r{/$}, '')
41
+ scopes_normalized << endpoint.sub('/*', '')
40
42
  end
41
43
 
42
44
  scopes_normalized
@@ -14,7 +14,7 @@ class Hackerone
14
14
  next if options[:skip_vdp] && !program['attributes']['offers_bounties']
15
15
 
16
16
  results[program['attributes']['name']] = program_info(program)
17
- results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program))
17
+ results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program), options)
18
18
  end
19
19
 
20
20
  sync(results, options, page_id + 1) if programs_infos[:next_page]
@@ -3,30 +3,36 @@
3
3
  class Hackerone
4
4
  # Hackerone Sync Programs
5
5
  class Scopes
6
- def self.sync(program)
6
+ def self.sync(program, options)
7
7
  scopes = {}
8
8
  response = HttpClient.get("https://api.hackerone.com/v1/hackers/programs/#{program[:slug]}")
9
9
  return scopes unless response&.code == 200
10
10
 
11
11
  in_scopes = JSON.parse(response.body)['relationships']['structured_scopes']['data']
12
- scopes['in'] = parse_scopes(in_scopes)
12
+ scopes['in'] = parse_scopes(in_scopes, options)
13
13
 
14
14
  scopes['out'] = {} # TODO
15
15
 
16
16
  scopes
17
17
  end
18
18
 
19
- def self.parse_scopes(scopes)
19
+ def self.parse_scopes(scopes, options)
20
20
  scopes_normalized = []
21
21
 
22
22
  scopes.each do |scope|
23
- next unless scope['attributes']['asset_type'] == 'URL'
23
+ next if scope['attributes']['eligible_for_submission'] == false ||
24
+ (scope['attributes']['eligible_for_bounty'] == false && options[:skip_vdp])
25
+ next unless %w[URL WILDCARD].any?(scope['attributes']['asset_type'])
24
26
 
25
27
  endpoint = scope['attributes']['asset_identifier']
26
28
  normalized = normalized(endpoint)
27
29
 
28
30
  normalized.each do |asset|
29
- scopes_normalized << asset
31
+ next unless asset.include?('.')
32
+ next if asset.include?('*') && !asset.start_with?('*.')
33
+ next unless asset.match?(/\w\./)
34
+
35
+ scopes_normalized << asset.sub('/*', '')
30
36
  end
31
37
  end
32
38
 
@@ -39,9 +45,9 @@ class Hackerone
39
45
  normalized = []
40
46
 
41
47
  if endpoint.include?(',')
42
- endpoint.split(',').each { |asset| normalized << asset }
48
+ endpoint.split(',').each { |asset| normalized << asset.sub('/*', '') }
43
49
  else
44
- normalized << endpoint
50
+ normalized << endpoint.sub('/*', '')
45
51
  end
46
52
 
47
53
  normalized
@@ -26,8 +26,9 @@ class YesWeHack
26
26
  normalized = normalize(infos['scope'])
27
27
  normalized.each do |asset|
28
28
  next unless asset.include?('.')
29
+ next if asset.include?('*') && !asset.start_with?('*.')
29
30
 
30
- scopes_normalized << asset
31
+ scopes_normalized << asset.sub('/*', '')
31
32
  end
32
33
  end
33
34
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: scopes_extractor
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joshua MARTINELLE
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-05-23 00:00:00.000000000 Z
11
+ date: 2023-05-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: colorize