Class: Hackerone::Scopes

Inherits:
Object
  • Object
show all
Defined in:
lib/scopes_extractor/platforms/hackerone/scopes.rb

Overview

Hackerone Sync Programs

Class Method Summary collapse

Class Method Details

.normalized(endpoint) ⇒ Object 



42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/scopes_extractor/platforms/hackerone/scopes.rb', line 42

def self.normalized(endpoint)
  endpoint.sub!(%r{/$}, '')

  normalized = []

  if endpoint.include?(',')
    endpoint.split(',').each { |asset| normalized << asset.sub('/*', '') }
  else
    normalized << endpoint.sub('/*', '')
  end

  normalized
end

.parse_scopes(scopes, options) ⇒ Object 



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/scopes_extractor/platforms/hackerone/scopes.rb', line 19

def self.parse_scopes(scopes, options)
  scopes_normalized = []

  scopes.each do |scope|
    next if scope['attributes']['eligible_for_submission'] == false ||
      (scope['attributes']['eligible_for_bounty'] == false && options[:skip_vdp])
    next unless %w[URL WILDCARD].any?(scope['attributes']['asset_type'])

    endpoint = scope['attributes']['asset_identifier']
    normalized = normalized(endpoint)

    normalized.each do |asset|
      next unless asset.include?('.')
      next if asset.include?('*') && !asset.start_with?('*.')
      next unless asset.match?(/\w\./)

      scopes_normalized << asset.sub('/*', '')
    end
  end

  scopes_normalized
end

.sync(program, options) ⇒ Object 



6
7
8
9
10
11
12
13
14
15
16
17
 
# File 'lib/scopes_extractor/platforms/hackerone/scopes.rb', line 6

def self.sync(program, options)
  scopes = {}
  response = HttpClient.get("https://api.hackerone.com/v1/hackers/programs/#{program[:slug]}")
  return scopes unless response&.code == 200

  in_scopes = JSON.parse(response.body)['relationships']['structured_scopes']['data']
  scopes['in'] = parse_scopes(in_scopes, options)

  scopes['out'] = {} # TODO

  scopes
end