scopes_extractor 0.5.0 → 0.7.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f4d182543a95c5350e15e48ac31e9294144bbfac8b8ab7b46c2fe473e0e29853
4
- data.tar.gz: a7b9dd659a243d2c9714a807824d11631040ee4e199756b79d99f5dbf5f5c7e5
3
+ metadata.gz: edd3e5dc9cc8ae3d8cf7ca78b46f59ef66efda9d24c295b7f9577ce34752a681
4
+ data.tar.gz: 2e1762a5bbb34bb239249e7288ad6e8efdc29d4bac8748d968f8d7620c706d8c
5
5
  SHA512:
6
- metadata.gz: 3b7dce096f56b17a31ad146b8f2b6b0c0f11643fa703f77410b4b0f1de2cf2ef9dc0557849144e9abef3628216032a909d5d65bb5d385a2a382d9eb6c718c5b6
7
- data.tar.gz: 44c364cd7de7a23903e380dc1d6d367a55ac81143054bae1688b0eaf2de80efb0d59bcf5464fdbdf223c298ab24821f65ceedb11cb26fbfbd8a0f2e69e5b4e84
6
+ metadata.gz: d8777cfd7ecce621fa075c32af17e48ef38674dc24dfef40ee97bb297aa2956dece20aec4c5dccbafcf79f37d19457c9d78ab5aa40ee47477f68806c9e8a93e7
7
+ data.tar.gz: '0216516396422fad634543f57fd61c250edf1abe6975ffb2d1187ac9659e9cdc5bfd1772013865a1c0cf98768292d2674edd1ee44dd5d3e0a48c60ff0bd12617'
@@ -33,10 +33,12 @@ class Bugcrowd
33
33
  scopes.each do |scope|
34
34
  next unless scope['category'] == 'website' || scope['category'] == 'api'
35
35
 
36
- endpoint = scope['name']
36
+ endpoint = scope['name'].split.first
37
37
  next if exclusions.any? { |exclusion| endpoint.include?(exclusion) } || !endpoint.include?('.')
38
+ next if endpoint.include?('*') && !endpoint.start_with?('*.')
38
39
 
39
- scopes_normalized << endpoint
40
+ endpoint.sub!(%r{/$}, '')
41
+ scopes_normalized << endpoint.sub('/*', '')
40
42
  end
41
43
 
42
44
  scopes_normalized
@@ -14,7 +14,7 @@ class Hackerone
14
14
  next if options[:skip_vdp] && !program['attributes']['offers_bounties']
15
15
 
16
16
  results[program['attributes']['name']] = program_info(program)
17
- results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program))
17
+ results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program), options)
18
18
  end
19
19
 
20
20
  sync(results, options, page_id + 1) if programs_infos[:next_page]
@@ -3,30 +3,36 @@
3
3
  class Hackerone
4
4
  # Hackerone Sync Programs
5
5
  class Scopes
6
- def self.sync(program)
6
+ def self.sync(program, options)
7
7
  scopes = {}
8
8
  response = HttpClient.get("https://api.hackerone.com/v1/hackers/programs/#{program[:slug]}")
9
9
  return scopes unless response&.code == 200
10
10
 
11
11
  in_scopes = JSON.parse(response.body)['relationships']['structured_scopes']['data']
12
- scopes['in'] = parse_scopes(in_scopes)
12
+ scopes['in'] = parse_scopes(in_scopes, options)
13
13
 
14
14
  scopes['out'] = {} # TODO
15
15
 
16
16
  scopes
17
17
  end
18
18
 
19
- def self.parse_scopes(scopes)
19
+ def self.parse_scopes(scopes, options)
20
20
  scopes_normalized = []
21
21
 
22
22
  scopes.each do |scope|
23
- next unless scope['attributes']['asset_type'] == 'URL'
23
+ next if scope['attributes']['eligible_for_submission'] == false ||
24
+ (scope['attributes']['eligible_for_bounty'] == false && options[:skip_vdp])
25
+ next unless %w[URL WILDCARD].any?(scope['attributes']['asset_type'])
24
26
 
25
27
  endpoint = scope['attributes']['asset_identifier']
26
28
  normalized = normalized(endpoint)
27
29
 
28
30
  normalized.each do |asset|
29
- scopes_normalized << asset
31
+ next unless asset.include?('.')
32
+ next if asset.include?('*') && !asset.start_with?('*.')
33
+ next unless asset.match?(/\w\./)
34
+
35
+ scopes_normalized << asset.sub('/*', '')
30
36
  end
31
37
  end
32
38
 
@@ -39,9 +45,9 @@ class Hackerone
39
45
  normalized = []
40
46
 
41
47
  if endpoint.include?(',')
42
- endpoint.split(',').each { |asset| normalized << asset }
48
+ endpoint.split(',').each { |asset| normalized << asset.sub('/*', '') }
43
49
  else
44
- normalized << endpoint
50
+ normalized << endpoint.sub('/*', '')
45
51
  end
46
52
 
47
53
  normalized
@@ -26,8 +26,9 @@ class YesWeHack
26
26
  normalized = normalize(infos['scope'])
27
27
  normalized.each do |asset|
28
28
  next unless asset.include?('.')
29
+ next if asset.include?('*') && !asset.start_with?('*.')
29
30
 
30
- scopes_normalized << asset
31
+ scopes_normalized << asset.sub('/*', '')
31
32
  end
32
33
  end
33
34
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: scopes_extractor
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joshua MARTINELLE
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-05-23 00:00:00.000000000 Z
11
+ date: 2023-05-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: colorize