scopes_extractor 0.6.0 → 0.7.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/scopes_extractor/platforms/bugcrowd/scopes.rb +2 -1
  3. data/lib/scopes_extractor/platforms/hackerone/programs.rb +1 -1
  4. data/lib/scopes_extractor/platforms/hackerone/scopes.rb +10 -7
  5. data/lib/scopes_extractor/platforms/yeswehack/scopes.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 53708b2ee96a050695c28add808c5b8bf8cdfb7e6497aa5d35f0aff99fe7cca3
4
- data.tar.gz: 1c598a6d8de2708c3b8431e84ac8456dde7f9e4f468d69e2c29e9e36ea26b4f0
3
+ metadata.gz: edd3e5dc9cc8ae3d8cf7ca78b46f59ef66efda9d24c295b7f9577ce34752a681
4
+ data.tar.gz: 2e1762a5bbb34bb239249e7288ad6e8efdc29d4bac8748d968f8d7620c706d8c
5
5
  SHA512:
6
- metadata.gz: 74947fc21e47e8373e92598b38f856241f837051f86d9de70cd5a857ee12daf6c1ecc111d69ff3652ca1a459bd66c69deb3989ff7d23f35ff65580075a861c16
7
- data.tar.gz: e34117a9518c303601948111c24beafb2c3f4b594891c11eef01240a19bcc76ee94e4ce0670da6323db796553d8c85a0dfdce3bbf6fcd6ae42d17664b88308a6
6
+ metadata.gz: d8777cfd7ecce621fa075c32af17e48ef38674dc24dfef40ee97bb297aa2956dece20aec4c5dccbafcf79f37d19457c9d78ab5aa40ee47477f68806c9e8a93e7
7
+ data.tar.gz: '0216516396422fad634543f57fd61c250edf1abe6975ffb2d1187ac9659e9cdc5bfd1772013865a1c0cf98768292d2674edd1ee44dd5d3e0a48c60ff0bd12617'
data/lib/scopes_extractor/platforms/bugcrowd/scopes.rb CHANGED
@@ -37,7 +37,8 @@ class Bugcrowd
37
37
  next if exclusions.any? { |exclusion| endpoint.include?(exclusion) } || !endpoint.include?('.')
38
38
  next if endpoint.include?('*') && !endpoint.start_with?('*.')
39
39
 
40
- scopes_normalized << endpoint
40
+ endpoint.sub!(%r{/$}, '')
41
+ scopes_normalized << endpoint.sub('/*', '')
41
42
  end
42
43
 
43
44
  scopes_normalized
data/lib/scopes_extractor/platforms/hackerone/programs.rb CHANGED
@@ -14,7 +14,7 @@ class Hackerone
14
14
  next if options[:skip_vdp] && !program['attributes']['offers_bounties']
15
15
 
16
16
  results[program['attributes']['name']] = program_info(program)
17
- results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program))
17
+ results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program), options)
18
18
  end
19
19
 
20
20
  sync(results, options, page_id + 1) if programs_infos[:next_page]
data/lib/scopes_extractor/platforms/hackerone/scopes.rb CHANGED
@@ -3,24 +3,26 @@
3
3
  class Hackerone
4
4
  # Hackerone Sync Programs
5
5
  class Scopes
6
- def self.sync(program)
6
+ def self.sync(program, options)
7
7
  scopes = {}
8
8
  response = HttpClient.get("https://api.hackerone.com/v1/hackers/programs/#{program[:slug]}")
9
9
  return scopes unless response&.code == 200
10
10
 
11
11
  in_scopes = JSON.parse(response.body)['relationships']['structured_scopes']['data']
12
- scopes['in'] = parse_scopes(in_scopes)
12
+ scopes['in'] = parse_scopes(in_scopes, options)
13
13
 
14
14
  scopes['out'] = {} # TODO
15
15
 
16
16
  scopes
17
17
  end
18
18
 
19
- def self.parse_scopes(scopes)
19
+ def self.parse_scopes(scopes, options)
20
20
  scopes_normalized = []
21
21
 
22
22
  scopes.each do |scope|
23
- next unless scope['attributes']['asset_type'] == 'URL'
23
+ next if scope['attributes']['eligible_for_submission'] == false ||
24
+ (scope['attributes']['eligible_for_bounty'] == false && options[:skip_vdp])
25
+ next unless %w[URL WILDCARD].any?(scope['attributes']['asset_type'])
24
26
 
25
27
  endpoint = scope['attributes']['asset_identifier']
26
28
  normalized = normalized(endpoint)
@@ -28,8 +30,9 @@ class Hackerone
28
30
  normalized.each do |asset|
29
31
  next unless asset.include?('.')
30
32
  next if asset.include?('*') && !asset.start_with?('*.')
33
+ next unless asset.match?(/\w\./)
31
34
 
32
- scopes_normalized << asset
35
+ scopes_normalized << asset.sub('/*', '')
33
36
  end
34
37
  end
35
38
 
@@ -42,9 +45,9 @@ class Hackerone
42
45
  normalized = []
43
46
 
44
47
  if endpoint.include?(',')
45
- endpoint.split(',').each { |asset| normalized << asset }
48
+ endpoint.split(',').each { |asset| normalized << asset.sub('/*', '') }
46
49
  else
47
- normalized << endpoint
50
+ normalized << endpoint.sub('/*', '')
48
51
  end
49
52
 
50
53
  normalized
data/lib/scopes_extractor/platforms/yeswehack/scopes.rb CHANGED
@@ -28,7 +28,7 @@ class YesWeHack
28
28
  next unless asset.include?('.')
29
29
  next if asset.include?('*') && !asset.start_with?('*.')
30
30
 
31
- scopes_normalized << asset
31
+ scopes_normalized << asset.sub('/*', '')
32
32
  end
33
33
  end
34
34
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: scopes_extractor
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joshua MARTINELLE
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-05-23 00:00:00.000000000 Z
11
+ date: 2023-05-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: colorize