scopes_extractor 0.6.0 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/scopes_extractor/platforms/bugcrowd/programs.rb +4 -4
- data/lib/scopes_extractor/platforms/bugcrowd/scopes.rb +2 -1
- data/lib/scopes_extractor/platforms/hackerone/programs.rb +1 -1
- data/lib/scopes_extractor/platforms/hackerone/scopes.rb +10 -7
- data/lib/scopes_extractor/platforms/yeswehack/scopes.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 97fa26671708b0b7dbf28fbcfc431405e3a417022c17b877bd0c060afc654b36
|
|
4
|
+
data.tar.gz: 70b3d8febc68244cce74ff7ae7275db58071e6bf3ee10daa5d730d080bbbb812
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a58a4210168e3b7d4d85ecba63babef6bf5bef0cd7baee972ba366589f96d393faee0bf0df5168cc96a9c8e394439d831f5fac82baf9eb9c1bf2535e1cf99bfa
|
|
7
|
+
data.tar.gz: 5dfae355baf7da881c47b56abbf8a0d040bf961c52d8ab7678b0869c7e13c175542219c144f447beaf4009898d8a578804076c446d490d3759d07ea750b50383
|
|
@@ -6,9 +6,10 @@ class Bugcrowd
|
|
|
6
6
|
# Bugcrowd Sync Programs
|
|
7
7
|
class Programs
|
|
8
8
|
def self.sync(results, options, cookie, page_id = 1)
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
url = "https://bugcrowd.com/programs.json?page[]=#{page_id}&waitlistable[]=false&joinable[]=false"
|
|
10
|
+
url += "&vdp[]=false" if options[:skip_vdp]
|
|
11
|
+
|
|
12
|
+
response = HttpClient.get(url, cookie)
|
|
12
13
|
return unless response&.code == 200
|
|
13
14
|
|
|
14
15
|
body = JSON.parse(response.body)
|
|
@@ -20,7 +21,6 @@ class Bugcrowd
|
|
|
20
21
|
def self.parse_programs(programs, options, results, cookie)
|
|
21
22
|
programs.each do |program|
|
|
22
23
|
next if program['status'] == 4 # Disabled
|
|
23
|
-
next if program['min_rewards'].nil? && options[:skip_vdp]
|
|
24
24
|
|
|
25
25
|
results[program['name']] = program_info(program)
|
|
26
26
|
results[program['name']]['scopes'] = Scopes.sync(program_info(program), cookie)
|
|
@@ -37,7 +37,8 @@ class Bugcrowd
|
|
|
37
37
|
next if exclusions.any? { |exclusion| endpoint.include?(exclusion) } || !endpoint.include?('.')
|
|
38
38
|
next if endpoint.include?('*') && !endpoint.start_with?('*.')
|
|
39
39
|
|
|
40
|
-
|
|
40
|
+
endpoint.sub!(%r{/$}, '')
|
|
41
|
+
scopes_normalized << endpoint.sub('/*', '')
|
|
41
42
|
end
|
|
42
43
|
|
|
43
44
|
scopes_normalized
|
|
@@ -14,7 +14,7 @@ class Hackerone
|
|
|
14
14
|
next if options[:skip_vdp] && !program['attributes']['offers_bounties']
|
|
15
15
|
|
|
16
16
|
results[program['attributes']['name']] = program_info(program)
|
|
17
|
-
results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program))
|
|
17
|
+
results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program), options)
|
|
18
18
|
end
|
|
19
19
|
|
|
20
20
|
sync(results, options, page_id + 1) if programs_infos[:next_page]
|
|
@@ -3,24 +3,26 @@
|
|
|
3
3
|
class Hackerone
|
|
4
4
|
# Hackerone Sync Programs
|
|
5
5
|
class Scopes
|
|
6
|
-
def self.sync(program)
|
|
6
|
+
def self.sync(program, options)
|
|
7
7
|
scopes = {}
|
|
8
8
|
response = HttpClient.get("https://api.hackerone.com/v1/hackers/programs/#{program[:slug]}")
|
|
9
9
|
return scopes unless response&.code == 200
|
|
10
10
|
|
|
11
11
|
in_scopes = JSON.parse(response.body)['relationships']['structured_scopes']['data']
|
|
12
|
-
scopes['in'] = parse_scopes(in_scopes)
|
|
12
|
+
scopes['in'] = parse_scopes(in_scopes, options)
|
|
13
13
|
|
|
14
14
|
scopes['out'] = {} # TODO
|
|
15
15
|
|
|
16
16
|
scopes
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
-
def self.parse_scopes(scopes)
|
|
19
|
+
def self.parse_scopes(scopes, options)
|
|
20
20
|
scopes_normalized = []
|
|
21
21
|
|
|
22
22
|
scopes.each do |scope|
|
|
23
|
-
next
|
|
23
|
+
next if scope['attributes']['eligible_for_submission'] == false ||
|
|
24
|
+
(scope['attributes']['eligible_for_bounty'] == false && options[:skip_vdp])
|
|
25
|
+
next unless %w[URL WILDCARD].any?(scope['attributes']['asset_type'])
|
|
24
26
|
|
|
25
27
|
endpoint = scope['attributes']['asset_identifier']
|
|
26
28
|
normalized = normalized(endpoint)
|
|
@@ -28,8 +30,9 @@ class Hackerone
|
|
|
28
30
|
normalized.each do |asset|
|
|
29
31
|
next unless asset.include?('.')
|
|
30
32
|
next if asset.include?('*') && !asset.start_with?('*.')
|
|
33
|
+
next unless asset.match?(/\w\./)
|
|
31
34
|
|
|
32
|
-
scopes_normalized << asset
|
|
35
|
+
scopes_normalized << asset.sub('/*', '')
|
|
33
36
|
end
|
|
34
37
|
end
|
|
35
38
|
|
|
@@ -42,9 +45,9 @@ class Hackerone
|
|
|
42
45
|
normalized = []
|
|
43
46
|
|
|
44
47
|
if endpoint.include?(',')
|
|
45
|
-
endpoint.split(',').each { |asset| normalized << asset }
|
|
48
|
+
endpoint.split(',').each { |asset| normalized << asset.sub('/*', '') }
|
|
46
49
|
else
|
|
47
|
-
normalized << endpoint
|
|
50
|
+
normalized << endpoint.sub('/*', '')
|
|
48
51
|
end
|
|
49
52
|
|
|
50
53
|
normalized
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: scopes_extractor
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.8.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Joshua MARTINELLE
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-07-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: colorize
|
|
@@ -164,7 +164,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
164
164
|
- !ruby/object:Gem::Version
|
|
165
165
|
version: '0'
|
|
166
166
|
requirements: []
|
|
167
|
-
rubygems_version: 3.
|
|
167
|
+
rubygems_version: 3.3.26
|
|
168
168
|
signing_key:
|
|
169
169
|
specification_version: 4
|
|
170
170
|
summary: BugBounty Scopes Extractor
|