scopes_extractor 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/scopes_extractor/platforms/bugcrowd/scopes.rb +2 -1
  3. data/lib/scopes_extractor/platforms/hackerone/programs.rb +1 -1
  4. data/lib/scopes_extractor/platforms/hackerone/scopes.rb +10 -7
  5. data/lib/scopes_extractor/platforms/yeswehack/scopes.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 53708b2ee96a050695c28add808c5b8bf8cdfb7e6497aa5d35f0aff99fe7cca3
4
- data.tar.gz: 1c598a6d8de2708c3b8431e84ac8456dde7f9e4f468d69e2c29e9e36ea26b4f0
3
+ metadata.gz: edd3e5dc9cc8ae3d8cf7ca78b46f59ef66efda9d24c295b7f9577ce34752a681
4
+ data.tar.gz: 2e1762a5bbb34bb239249e7288ad6e8efdc29d4bac8748d968f8d7620c706d8c
5
5
  SHA512:
6
- metadata.gz: 74947fc21e47e8373e92598b38f856241f837051f86d9de70cd5a857ee12daf6c1ecc111d69ff3652ca1a459bd66c69deb3989ff7d23f35ff65580075a861c16
7
- data.tar.gz: e34117a9518c303601948111c24beafb2c3f4b594891c11eef01240a19bcc76ee94e4ce0670da6323db796553d8c85a0dfdce3bbf6fcd6ae42d17664b88308a6
6
+ metadata.gz: d8777cfd7ecce621fa075c32af17e48ef38674dc24dfef40ee97bb297aa2956dece20aec4c5dccbafcf79f37d19457c9d78ab5aa40ee47477f68806c9e8a93e7
7
+ data.tar.gz: '0216516396422fad634543f57fd61c250edf1abe6975ffb2d1187ac9659e9cdc5bfd1772013865a1c0cf98768292d2674edd1ee44dd5d3e0a48c60ff0bd12617'
data/lib/scopes_extractor/platforms/bugcrowd/scopes.rb CHANGED
@@ -37,7 +37,8 @@ class Bugcrowd
37
37
  next if exclusions.any? { |exclusion| endpoint.include?(exclusion) } || !endpoint.include?('.')
38
38
  next if endpoint.include?('*') && !endpoint.start_with?('*.')
39
39
 
40
- scopes_normalized << endpoint
40
+ endpoint.sub!(%r{/$}, '')
41
+ scopes_normalized << endpoint.sub('/*', '')
41
42
  end
42
43
 
43
44
  scopes_normalized
data/lib/scopes_extractor/platforms/hackerone/programs.rb CHANGED
@@ -14,7 +14,7 @@ class Hackerone
14
14
  next if options[:skip_vdp] && !program['attributes']['offers_bounties']
15
15
 
16
16
  results[program['attributes']['name']] = program_info(program)
17
- results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program))
17
+ results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program), options)
18
18
  end
19
19
 
20
20
  sync(results, options, page_id + 1) if programs_infos[:next_page]
data/lib/scopes_extractor/platforms/hackerone/scopes.rb CHANGED
@@ -3,24 +3,26 @@
3
3
  class Hackerone
4
4
  # Hackerone Sync Programs
5
5
  class Scopes
6
- def self.sync(program)
6
+ def self.sync(program, options)
7
7
  scopes = {}
8
8
  response = HttpClient.get("https://api.hackerone.com/v1/hackers/programs/#{program[:slug]}")
9
9
  return scopes unless response&.code == 200
10
10
 
11
11
  in_scopes = JSON.parse(response.body)['relationships']['structured_scopes']['data']
12
- scopes['in'] = parse_scopes(in_scopes)
12
+ scopes['in'] = parse_scopes(in_scopes, options)
13
13
 
14
14
  scopes['out'] = {} # TODO
15
15
 
16
16
  scopes
17
17
  end
18
18
 
19
- def self.parse_scopes(scopes)
19
+ def self.parse_scopes(scopes, options)
20
20
  scopes_normalized = []
21
21
 
22
22
  scopes.each do |scope|
23
- next unless scope['attributes']['asset_type'] == 'URL'
23
+ next if scope['attributes']['eligible_for_submission'] == false ||
24
+ (scope['attributes']['eligible_for_bounty'] == false && options[:skip_vdp])
25
+ next unless %w[URL WILDCARD].any?(scope['attributes']['asset_type'])
24
26
 
25
27
  endpoint = scope['attributes']['asset_identifier']
26
28
  normalized = normalized(endpoint)
@@ -28,8 +30,9 @@ class Hackerone
28
30
  normalized.each do |asset|
29
31
  next unless asset.include?('.')
30
32
  next if asset.include?('*') && !asset.start_with?('*.')
33
+ next unless asset.match?(/\w\./)
31
34
 
32
- scopes_normalized << asset
35
+ scopes_normalized << asset.sub('/*', '')
33
36
  end
34
37
  end
35
38
 
@@ -42,9 +45,9 @@ class Hackerone
42
45
  normalized = []
43
46
 
44
47
  if endpoint.include?(',')
45
- endpoint.split(',').each { |asset| normalized << asset }
48
+ endpoint.split(',').each { |asset| normalized << asset.sub('/*', '') }
46
49
  else
47
- normalized << endpoint
50
+ normalized << endpoint.sub('/*', '')
48
51
  end
49
52
 
50
53
  normalized
data/lib/scopes_extractor/platforms/yeswehack/scopes.rb CHANGED
@@ -28,7 +28,7 @@ class YesWeHack
28
28
  next unless asset.include?('.')
29
29
  next if asset.include?('*') && !asset.start_with?('*.')
30
30
 
31
- scopes_normalized << asset
31
+ scopes_normalized << asset.sub('/*', '')
32
32
  end
33
33
  end
34
34
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: scopes_extractor
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joshua MARTINELLE
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-05-23 00:00:00.000000000 Z
11
+ date: 2023-05-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: colorize