scopes_extractor 0.6.0 → 0.8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/scopes_extractor/platforms/bugcrowd/programs.rb +4 -4
- data/lib/scopes_extractor/platforms/bugcrowd/scopes.rb +2 -1
- data/lib/scopes_extractor/platforms/hackerone/programs.rb +1 -1
- data/lib/scopes_extractor/platforms/hackerone/scopes.rb +10 -7
- data/lib/scopes_extractor/platforms/yeswehack/scopes.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 97fa26671708b0b7dbf28fbcfc431405e3a417022c17b877bd0c060afc654b36
|
|
4
|
+
data.tar.gz: 70b3d8febc68244cce74ff7ae7275db58071e6bf3ee10daa5d730d080bbbb812
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a58a4210168e3b7d4d85ecba63babef6bf5bef0cd7baee972ba366589f96d393faee0bf0df5168cc96a9c8e394439d831f5fac82baf9eb9c1bf2535e1cf99bfa
|
|
7
|
+
data.tar.gz: 5dfae355baf7da881c47b56abbf8a0d040bf961c52d8ab7678b0869c7e13c175542219c144f447beaf4009898d8a578804076c446d490d3759d07ea750b50383
|
|
@@ -6,9 +6,10 @@ class Bugcrowd
|
|
|
6
6
|
# Bugcrowd Sync Programs
|
|
7
7
|
class Programs
|
|
8
8
|
def self.sync(results, options, cookie, page_id = 1)
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
url = "https://bugcrowd.com/programs.json?page[]=#{page_id}&waitlistable[]=false&joinable[]=false"
|
|
10
|
+
url += "&vdp[]=false" if options[:skip_vdp]
|
|
11
|
+
|
|
12
|
+
response = HttpClient.get(url, cookie)
|
|
12
13
|
return unless response&.code == 200
|
|
13
14
|
|
|
14
15
|
body = JSON.parse(response.body)
|
|
@@ -20,7 +21,6 @@ class Bugcrowd
|
|
|
20
21
|
def self.parse_programs(programs, options, results, cookie)
|
|
21
22
|
programs.each do |program|
|
|
22
23
|
next if program['status'] == 4 # Disabled
|
|
23
|
-
next if program['min_rewards'].nil? && options[:skip_vdp]
|
|
24
24
|
|
|
25
25
|
results[program['name']] = program_info(program)
|
|
26
26
|
results[program['name']]['scopes'] = Scopes.sync(program_info(program), cookie)
|
|
@@ -37,7 +37,8 @@ class Bugcrowd
|
|
|
37
37
|
next if exclusions.any? { |exclusion| endpoint.include?(exclusion) } || !endpoint.include?('.')
|
|
38
38
|
next if endpoint.include?('*') && !endpoint.start_with?('*.')
|
|
39
39
|
|
|
40
|
-
|
|
40
|
+
endpoint.sub!(%r{/$}, '')
|
|
41
|
+
scopes_normalized << endpoint.sub('/*', '')
|
|
41
42
|
end
|
|
42
43
|
|
|
43
44
|
scopes_normalized
|
|
@@ -14,7 +14,7 @@ class Hackerone
|
|
|
14
14
|
next if options[:skip_vdp] && !program['attributes']['offers_bounties']
|
|
15
15
|
|
|
16
16
|
results[program['attributes']['name']] = program_info(program)
|
|
17
|
-
results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program))
|
|
17
|
+
results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program), options)
|
|
18
18
|
end
|
|
19
19
|
|
|
20
20
|
sync(results, options, page_id + 1) if programs_infos[:next_page]
|
|
@@ -3,24 +3,26 @@
|
|
|
3
3
|
class Hackerone
|
|
4
4
|
# Hackerone Sync Programs
|
|
5
5
|
class Scopes
|
|
6
|
-
def self.sync(program)
|
|
6
|
+
def self.sync(program, options)
|
|
7
7
|
scopes = {}
|
|
8
8
|
response = HttpClient.get("https://api.hackerone.com/v1/hackers/programs/#{program[:slug]}")
|
|
9
9
|
return scopes unless response&.code == 200
|
|
10
10
|
|
|
11
11
|
in_scopes = JSON.parse(response.body)['relationships']['structured_scopes']['data']
|
|
12
|
-
scopes['in'] = parse_scopes(in_scopes)
|
|
12
|
+
scopes['in'] = parse_scopes(in_scopes, options)
|
|
13
13
|
|
|
14
14
|
scopes['out'] = {} # TODO
|
|
15
15
|
|
|
16
16
|
scopes
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
-
def self.parse_scopes(scopes)
|
|
19
|
+
def self.parse_scopes(scopes, options)
|
|
20
20
|
scopes_normalized = []
|
|
21
21
|
|
|
22
22
|
scopes.each do |scope|
|
|
23
|
-
next
|
|
23
|
+
next if scope['attributes']['eligible_for_submission'] == false ||
|
|
24
|
+
(scope['attributes']['eligible_for_bounty'] == false && options[:skip_vdp])
|
|
25
|
+
next unless %w[URL WILDCARD].any?(scope['attributes']['asset_type'])
|
|
24
26
|
|
|
25
27
|
endpoint = scope['attributes']['asset_identifier']
|
|
26
28
|
normalized = normalized(endpoint)
|
|
@@ -28,8 +30,9 @@ class Hackerone
|
|
|
28
30
|
normalized.each do |asset|
|
|
29
31
|
next unless asset.include?('.')
|
|
30
32
|
next if asset.include?('*') && !asset.start_with?('*.')
|
|
33
|
+
next unless asset.match?(/\w\./)
|
|
31
34
|
|
|
32
|
-
scopes_normalized << asset
|
|
35
|
+
scopes_normalized << asset.sub('/*', '')
|
|
33
36
|
end
|
|
34
37
|
end
|
|
35
38
|
|
|
@@ -42,9 +45,9 @@ class Hackerone
|
|
|
42
45
|
normalized = []
|
|
43
46
|
|
|
44
47
|
if endpoint.include?(',')
|
|
45
|
-
endpoint.split(',').each { |asset| normalized << asset }
|
|
48
|
+
endpoint.split(',').each { |asset| normalized << asset.sub('/*', '') }
|
|
46
49
|
else
|
|
47
|
-
normalized << endpoint
|
|
50
|
+
normalized << endpoint.sub('/*', '')
|
|
48
51
|
end
|
|
49
52
|
|
|
50
53
|
normalized
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: scopes_extractor
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.8.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Joshua MARTINELLE
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-07-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: colorize
|
|
@@ -164,7 +164,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
164
164
|
- !ruby/object:Gem::Version
|
|
165
165
|
version: '0'
|
|
166
166
|
requirements: []
|
|
167
|
-
rubygems_version: 3.
|
|
167
|
+
rubygems_version: 3.3.26
|
|
168
168
|
signing_key:
|
|
169
169
|
specification_version: 4
|
|
170
170
|
summary: BugBounty Scopes Extractor
|