scopes_extractor 0.6.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 53708b2ee96a050695c28add808c5b8bf8cdfb7e6497aa5d35f0aff99fe7cca3
4
- data.tar.gz: 1c598a6d8de2708c3b8431e84ac8456dde7f9e4f468d69e2c29e9e36ea26b4f0
3
+ metadata.gz: 97fa26671708b0b7dbf28fbcfc431405e3a417022c17b877bd0c060afc654b36
4
+ data.tar.gz: 70b3d8febc68244cce74ff7ae7275db58071e6bf3ee10daa5d730d080bbbb812
5
5
  SHA512:
6
- metadata.gz: 74947fc21e47e8373e92598b38f856241f837051f86d9de70cd5a857ee12daf6c1ecc111d69ff3652ca1a459bd66c69deb3989ff7d23f35ff65580075a861c16
7
- data.tar.gz: e34117a9518c303601948111c24beafb2c3f4b594891c11eef01240a19bcc76ee94e4ce0670da6323db796553d8c85a0dfdce3bbf6fcd6ae42d17664b88308a6
6
+ metadata.gz: a58a4210168e3b7d4d85ecba63babef6bf5bef0cd7baee972ba366589f96d393faee0bf0df5168cc96a9c8e394439d831f5fac82baf9eb9c1bf2535e1cf99bfa
7
+ data.tar.gz: 5dfae355baf7da881c47b56abbf8a0d040bf961c52d8ab7678b0869c7e13c175542219c144f447beaf4009898d8a578804076c446d490d3759d07ea750b50383
@@ -6,9 +6,10 @@ class Bugcrowd
6
6
  # Bugcrowd Sync Programs
7
7
  class Programs
8
8
  def self.sync(results, options, cookie, page_id = 1)
9
- response = HttpClient.get(
10
- "https://bugcrowd.com/programs.json?page[]=#{page_id}&waitlistable[]=false&joinable[]=false", cookie
11
- )
9
+ url = "https://bugcrowd.com/programs.json?page[]=#{page_id}&waitlistable[]=false&joinable[]=false"
10
+ url += "&vdp[]=false" if options[:skip_vdp]
11
+
12
+ response = HttpClient.get(url, cookie)
12
13
  return unless response&.code == 200
13
14
 
14
15
  body = JSON.parse(response.body)
@@ -20,7 +21,6 @@ class Bugcrowd
20
21
  def self.parse_programs(programs, options, results, cookie)
21
22
  programs.each do |program|
22
23
  next if program['status'] == 4 # Disabled
23
- next if program['min_rewards'].nil? && options[:skip_vdp]
24
24
 
25
25
  results[program['name']] = program_info(program)
26
26
  results[program['name']]['scopes'] = Scopes.sync(program_info(program), cookie)
@@ -37,7 +37,8 @@ class Bugcrowd
37
37
  next if exclusions.any? { |exclusion| endpoint.include?(exclusion) } || !endpoint.include?('.')
38
38
  next if endpoint.include?('*') && !endpoint.start_with?('*.')
39
39
 
40
- scopes_normalized << endpoint
40
+ endpoint.sub!(%r{/$}, '')
41
+ scopes_normalized << endpoint.sub('/*', '')
41
42
  end
42
43
 
43
44
  scopes_normalized
@@ -14,7 +14,7 @@ class Hackerone
14
14
  next if options[:skip_vdp] && !program['attributes']['offers_bounties']
15
15
 
16
16
  results[program['attributes']['name']] = program_info(program)
17
- results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program))
17
+ results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program), options)
18
18
  end
19
19
 
20
20
  sync(results, options, page_id + 1) if programs_infos[:next_page]
@@ -3,24 +3,26 @@
3
3
  class Hackerone
4
4
  # Hackerone Sync Programs
5
5
  class Scopes
6
- def self.sync(program)
6
+ def self.sync(program, options)
7
7
  scopes = {}
8
8
  response = HttpClient.get("https://api.hackerone.com/v1/hackers/programs/#{program[:slug]}")
9
9
  return scopes unless response&.code == 200
10
10
 
11
11
  in_scopes = JSON.parse(response.body)['relationships']['structured_scopes']['data']
12
- scopes['in'] = parse_scopes(in_scopes)
12
+ scopes['in'] = parse_scopes(in_scopes, options)
13
13
 
14
14
  scopes['out'] = {} # TODO
15
15
 
16
16
  scopes
17
17
  end
18
18
 
19
- def self.parse_scopes(scopes)
19
+ def self.parse_scopes(scopes, options)
20
20
  scopes_normalized = []
21
21
 
22
22
  scopes.each do |scope|
23
- next unless scope['attributes']['asset_type'] == 'URL'
23
+ next if scope['attributes']['eligible_for_submission'] == false ||
24
+ (scope['attributes']['eligible_for_bounty'] == false && options[:skip_vdp])
25
+ next unless %w[URL WILDCARD].any?(scope['attributes']['asset_type'])
24
26
 
25
27
  endpoint = scope['attributes']['asset_identifier']
26
28
  normalized = normalized(endpoint)
@@ -28,8 +30,9 @@ class Hackerone
28
30
  normalized.each do |asset|
29
31
  next unless asset.include?('.')
30
32
  next if asset.include?('*') && !asset.start_with?('*.')
33
+ next unless asset.match?(/\w\./)
31
34
 
32
- scopes_normalized << asset
35
+ scopes_normalized << asset.sub('/*', '')
33
36
  end
34
37
  end
35
38
 
@@ -42,9 +45,9 @@ class Hackerone
42
45
  normalized = []
43
46
 
44
47
  if endpoint.include?(',')
45
- endpoint.split(',').each { |asset| normalized << asset }
48
+ endpoint.split(',').each { |asset| normalized << asset.sub('/*', '') }
46
49
  else
47
- normalized << endpoint
50
+ normalized << endpoint.sub('/*', '')
48
51
  end
49
52
 
50
53
  normalized
@@ -28,7 +28,7 @@ class YesWeHack
28
28
  next unless asset.include?('.')
29
29
  next if asset.include?('*') && !asset.start_with?('*.')
30
30
 
31
- scopes_normalized << asset
31
+ scopes_normalized << asset.sub('/*', '')
32
32
  end
33
33
  end
34
34
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: scopes_extractor
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0
4
+ version: 0.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joshua MARTINELLE
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-05-23 00:00:00.000000000 Z
11
+ date: 2023-07-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: colorize
@@ -164,7 +164,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
164
164
  - !ruby/object:Gem::Version
165
165
  version: '0'
166
166
  requirements: []
167
- rubygems_version: 3.1.2
167
+ rubygems_version: 3.3.26
168
168
  signing_key:
169
169
  specification_version: 4
170
170
  summary: BugBounty Scopes Extractor