Class: Intigriti::Scopes

Inherits:
Object
  • Object
show all
Defined in:
lib/scopes_extractor/platforms/intigriti/scopes.rb

Overview

Intigrit Sync Programs

Class Method Summary collapse

Class Method Details

.extract_description(description) ⇒ Object 



52
53
54
55
56
57
58
59
 
# File 'lib/scopes_extractor/platforms/intigriti/scopes.rb', line 52

def self.extract_description(description)
  return [] unless description

  match = description.match(/In Scope(.*)Out of Scope/im)
  return unless match && match[1]

  match[1].scan(/\*\.[\w.-]+\.\w+/)
end

.normalize(endpoint) ⇒ Object 



47
48
49
50
 
# File 'lib/scopes_extractor/platforms/intigriti/scopes.rb', line 47

def self.normalize(endpoint)
  endpoint.gsub('/*', '').gsub(' ', '').sub('.*', '.com').sub('.<tld>', '.com')
          .sub(%r{/$}, '').sub(/\*$/, '')
end

.parse_scopes(scopes) ⇒ Object 



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/scopes_extractor/platforms/intigriti/scopes.rb', line 25

def self.parse_scopes(scopes)
  exclusions = %w[> | \] } Anyrelated] # TODO : Try to normalize this, it only concerns 1 or 2 programs currently
  scopes_normalized = []

  scopes.each do |scope|
    next unless scope['type'] == 1 || scope['type'] == 6 # 1 == Web Application || 6 == Other

    if scope['type'] == 1 # Web Application
      endpoint = normalize(scope['endpoint'])
      scopes_normalized << endpoint unless exclusions.any? { |exclusion| endpoint.include?(exclusion) } || !endpoint.include?('.')
    end

    endpoints_description = extract_description(scope['description'])
    endpoints_description&.each do |endpoint_description|
      endpoint_description = normalize(endpoint_description)
      scopes_normalized << endpoint_description unless exclusions.any? { |exclusion| endpoint_description.include?(exclusion) } || !endpoint_description.include?('.')
    end
  end

  scopes_normalized
end

.sync(program, token) ⇒ Object 



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
# File 'lib/scopes_extractor/platforms/intigriti/scopes.rb', line 8

def self.sync(program, token)
  scopes = {}
  company = CGI.escape(program[:company])
  handle = CGI.escape(program[:handle])

  response = HttpClient.get("https://api.intigriti.com/core/researcher/programs/#{company}/#{handle}", token)
  return scopes unless response&.code == 200

  in_scopes = JSON.parse(response.body)['domains']&.last['content']
  scopes['in'] = parse_scopes(in_scopes)

  out_scopes = JSON.parse(response.body)['outOfScopes'].last['content']['content']
  scopes['out'] = out_scopes

  scopes
end