Class: YesWeHack::Scopes

Inherits:
Object
  • Object
show all
Defined in:
lib/scopes_extractor/platforms/yeswehack/scopes.rb

Overview

YesWeHack Sync Scopes

Class Method Summary collapse

Class Method Details

.normalize(scope) ⇒ Object 



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/scopes_extractor/platforms/yeswehack/scopes.rb', line 38

def self.normalize(scope)
  # Remove (+++) & When end with '*'
  scope = scope.gsub(/\(?\+\)?/, '').sub(/\*$/, '').strip
  return [] if scope.include?('<') # <yourdomain>-yeswehack.domain.tld

  scope = scope.split[0] # When spaces

  normalized = []

  multi_subs = scope.match(/^\((.*)\)(.*)/) # Ex: (online|portal|agents|agentuat|surinameuat|surinameopsuat|suriname|thailandevoa).vfsevisa.com
  multi_tld = scope.match(/^(.*)\((.*)\)$/) # Ex: *.lazada.(sg|vn|co.id|co.th|com|com.ph|com.my)
  if multi_tld && multi_tld[1] && multi_tld[2]
    tlds = multi_tld[2].split('|')
    tlds.each { |tld| normalized << "#{multi_tld[1]}#{tld}" }
  elsif scope.match?(%r{https?://\*})
    normalized << scope.sub(%r{https?://}, '')
  elsif multi_subs && multi_subs[1] && multi_subs[2]
    subs = multi_subs[1].split('|')
    subs.each { |sub| normalized << "#{sub}#{multi_subs[2]}"}
  else
    normalized << scope
  end

  normalized
end

.parse_scopes(scopes) ⇒ Object 



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/scopes_extractor/platforms/yeswehack/scopes.rb', line 20

def self.parse_scopes(scopes)
  scopes_normalized = []

  scopes.each do |infos|
    next unless %w[web-application api].include?(infos['scope_type'])

    normalized = normalize(infos['scope'])
    normalized.each do |asset|
      next unless asset.include?('.')
      next if asset.include?('*') && !asset.start_with?('*.')

      scopes_normalized << asset.sub('/*', '')
    end
  end

  scopes_normalized
end

.sync(program, jwt) ⇒ Object 



6
7
8
9
10
11
12
13
14
15
16
17
18
 
# File 'lib/scopes_extractor/platforms/yeswehack/scopes.rb', line 6

def self.sync(program, jwt)
  scopes = {}
  response = HttpClient.get("https://api.yeswehack.com/programs/#{program[:slug]}", jwt)
  return scopes unless response&.code == 200

  in_scopes = JSON.parse(response.body)['scopes']
  scopes['in'] = parse_scopes(in_scopes)

  out_scopes = JSON.parse(response.body)&.dig('out_of_scope')
  scopes['out'] = out_scopes

  scopes
end