Class: Bugcrowd::Scopes

Inherits:
Object
  • Object
show all
Defined in:
lib/scopes_extractor/platforms/bugcrowd/scopes.rb

Overview

Bugcrowd Sync Programs

Class Method Summary collapse

Class Method Details

.parse_scopes(scopes) ⇒ Object 



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/scopes_extractor/platforms/bugcrowd/scopes.rb', line 29

def self.parse_scopes(scopes)
  exclusions = %w[}] # TODO : Try to normalize this
  scopes_normalized = []

  scopes.each do |scope|
    next unless scope['category'] == 'website' || scope['category'] == 'api'

    endpoint = scope['name'].split.first
    next if exclusions.any? { |exclusion| endpoint.include?(exclusion) } || !endpoint.include?('.')
    next if endpoint.include?('*') && !endpoint.start_with?('*.')

    endpoint.sub!(%r{/$}, '')
    scopes_normalized << endpoint.sub('/*', '')
  end

  scopes_normalized
end

.sync(program, cookie) ⇒ Object 



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/scopes_extractor/platforms/bugcrowd/scopes.rb', line 6

def self.sync(program, cookie)
  scopes = {}
  response = HttpClient.get("https://bugcrowd.com/#{program[:slug]}.json", cookie)
  return scopes unless response&.code == 200

  target_group_url = JSON.parse(response.body).dig('program', 'targetGroupsUrl')
  response = HttpClient.get(File.join('https://bugcrowd.com/', target_group_url), cookie)
  return scopes unless response&.code == 200

  targets_url = JSON.parse(response.body).dig('groups', 0, 'targets_url')
  return scopes unless targets_url

  response = HttpClient.get(File.join('https://bugcrowd.com/', targets_url), cookie)
  return scopes unless response&.code == 200

  in_scopes = JSON.parse(response.body)['targets']
  scopes['in'] = parse_scopes(in_scopes)

  scopes['out'] = {} # TODO

  scopes
end