Code Monkey home page Code Monkey logo

hackerone-client's Introduction

Hackerone::Client

A limited client library for interacting with HackerOne in Ruby. Currently supports a few operations:

client = HackerOne::Client::Api.new("github")

# POST '/reports' creates a new report
client.create_report(title: "hi", summary: "hi", impact: "string", severity_rating: :high, source: "api")

# GET '/reports' returns all reports in a given state for a program, by default :new
client.reports(since: 10.days.ago, before: 1.day.ago, state: :new)

# GET '/report/{id}' returns report data for a given report
report = client.report(id)

# PUT '/reports/{id}/assignee'
report.assign_to_user("username")
report.assign_to_group("groupname")

# POST '/reports/#{id}/activities'
report.add_comment(message, internal: false) # internal is true by default

# POST '/report/{id}/state_change change the state of a report
# `state` can be one of  new, triaged, needs-more-info, resolved, not-applicable, informative, duplicate, spam
# when marking as duplicate, you can supply the original report ID
report.state_change(:duplicate, "Your issue has been marked as X", original_report_id: 12345)

# POST '/report/{id}/add_report_reference add a "reference" e.g. internal issue number
report.add_report_reference(reference)

# Triage an issue (add a reference and set state to :triaged)
report.triage(reference)

# Set the severity on a report (rating can be :none, :low, :medium, :high or :critical)
report.update_severity(rating: :high)

# POST /reports/{id}/bounty_suggestions
report.suggest_bounty(message: "I suggest $500 with a small bonus. Report is well-written.", amount: 500, bonus_amount: 50)

# POST /reports/{id}/bounties
report.award_bounty(message: "Here's your bounty!", amount: 500, bonus_amount: 50)

# POST /reports/{id}/swags
report.award_swag(message: "Here's your T-Shirt")

# GET `/{program}/reporters` returns a list of unique reporters that have reported to your program
client.reporters

program = HackerOne::Client::Program.find("insert-program-name-here")

# returns all common responses
program.common_responses

# Updates a program's policy
program.update_policy(policy: "Please submit valid vulnerabilities")

# Gets a program's balance
program.balance

# Gets a list of structured scopes
program.structured_scopes

# Gets an organization for a program
program.organization

# Gets assets for an organization
program.organization.assets

# Updates an asset for an organization
asset = program.organization.assets[0]
asset.update(
  attributes: {
    description: "This is the new description"
  }
)

State change hooks

You can add hooks that will be called for every state change. This can be useful e.g. for ensuring that reports always get assigned or calling out to external services for specific state changes.

# Initialization

HackerOne::Client::Report.add_state_change_hook ->(report, old_state, new_state) do
  # ...
end

Usage

Credential management

You'll need to generate an API token at https://hackerone.com/<program>/api.

  • Click "Create API token"
  • Name the token
  • Click "Create"
  • Copy down the value

Set the HACKERONE_TOKEN and HACKERONE_TOKEN_NAME environment variables.

Program name

In order to retrieve all reports for a given program, you need to supply a default program:

HackerOne::Client.program = "github"

Risk classification

Configure the low/med/high/crit ranges for easier classification based on payouts:

HackerOne::Client.low_range = 1..999
HackerOne::Client.medium_range = 1000...2500
HackerOne::Client.high_range = 2500...5000
HackerOne::Client.critical_range = 5000...100_000_000

Configuration

In order to configure whether error handling is strict or lenient, set the HACKERONE_CLIENT_LENIENT_MODE variable.

Setting this variable will make the client try to absorb errors, like a malformed bounty or bonus amount. Not setting this variable will cause the client to raise errors.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/oreoshake/hackerone-client. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

License

This project is licensed under the terms of the MIT open source license. Please refer to MIT for the full terms.

hackerone-client's People

Contributors

oreoshake avatar rzhade3 avatar esjee avatar willianvdv avatar anglinb avatar jobertabma avatar brentjo avatar bobek avatar jeffgran-dox avatar leila-alderman avatar maclarel avatar

Stargazers

Zigao Wang avatar Weldhapi avatar avatar avatar avatar Hridoy Dash avatar Md. Rumon Khan avatar avatar Tim Kersey avatar Marcela Aguiar avatar Amriddin Jo'rayev avatar Hebert F. Barros avatar Tsubasa Irisawa avatar

Watchers

Andrea Pigato avatar Rinat Shagisultanov avatar Mike Cherry avatar Seth Juarez avatar avatar Aasim Malladi avatar Tyler Johnston avatar Carlo Curino avatar Thomas Stiehm avatar Felipe Gentil avatar Brendan Forster avatar Diego Colombo avatar Gabriel Ryan avatar SM avatar Michael Dang avatar avatar Sarah Schneider avatar James Cloos avatar Daniel Kosalla avatar Kazumi OHIRA / @dz_ avatar Rafferty Uy avatar Sigurjón Vídalín Lýðsson avatar James Smith avatar Alex Nelson avatar Cheerag Patel avatar Nikola Stamatović avatar Alfred Mazimbe avatar Evgenii Utkin avatar Wayne W. avatar Don Jayamanne avatar Andrew M. Flick avatar Baligh Hatem Mehrez avatar Lu Wang avatar Kaitlin Vignali avatar Jaykiran Teraiya avatar avatar Orko Momin avatar David Paquette avatar Andrii Tretiak avatar Nagendra Posani avatar Rob Jellinghaus avatar Natalya Glaktionova avatar Léonie Watson avatar Yves Van Stappen avatar avatar Mohan Bulusu avatar Ganon avatar avatar Rafael Rodriguez avatar Jason Wyckoff avatar Shantanu Phadke avatar JP Waller avatar avatar Peter Groenewegen avatar Persephone Karnstein avatar Colin Clement avatar Nick Alteen avatar Laud Bruce-Tagoe avatar Cody Bodfield avatar Jeremy Henson avatar avatar Anvar Ramazanov avatar avatar Ravi Kaushal Prasad avatar Ankit Honey avatar Ania Halliop avatar Juan Carlos Fiorenzano avatar Arjun Gill avatar Chris Bartlett avatar Omar Lari avatar Blake DeBray avatar Steve Zenone avatar avatar Kevin Crosby avatar Griffin Ashe avatar Dhashrath G avatar Jade avatar Jason Barnwell avatar Jose Ramos avatar Ramakrishna Bairi avatar Adrian Murphy avatar Allen Conway avatar Eyal Gal avatar Aurélien Hervé avatar Carlos Chico avatar Carl Brochu avatar Louis Williams avatar Oskar Pienkos avatar Shubham Chandel avatar avatar Suvam Mukherjee avatar Lan Kaim avatar Mingzi avatar Joshua Jack avatar Vallie Joseph avatar Ambily avatar Diego Altamirano avatar Soojin (Min) Choi avatar Andy Sterland avatar Ava Stancu avatar

Forkers

willianvdv doximity

hackerone-client's Issues

Allow for pagination and better filtering among reports

@bobek:

Hi, I've need to be able to define more extensive filters on reports and also noticed that you don't do pagination, which yield in missing records. I've hacked something quickly in https://github.com/Showmax/hackerone-client/tree/reports-find . It should be considered WIP, for example abstracting pagination out of this methods and actually making it more robust (similarly to your parse_response method).

But I thought that you may be interested in the work.

@oreoshake:

Thanks for the branch! I hadn't even thought about pagination, thankfully our queries always return a small result.

Just some bikesheding: I think we should augment the existing reports method rather than adding a new one.

@bobek:

Just some bikesheding: I think we should augment the existing reports method rather than adding a new one.

I am totally for it. I've just created a new method to separate the code at the moment, before I get some feedback from you.

@esjee:

This is really great! Would you be up for creating a pull request? Is there anything I can do to help you?

@oreoshake:

Just adding a note here that independent of pagination implementation, we should eventually add an auto-paginate feature a la octokit.

Transferred from oreoshake/hackerone-client#27

Allow passing H1 Credentials as variables

@rzhade3:

Currently, we only support instantiation of the H1 credentials as Environment variables. This means that it is very difficult to use in an environment with multiple programs.

In order to fix this, we should allow instantiation of the H1-client with the creds passed in as variables, and allow callers to decide where the credentials originate from.

Transferred from oreoshake/hackerone-client#67

Prevent invalid state changes

@oreoshake:

The API doesn't like invalid state changes or even state changes to the current state. This can lead to confusing 400 errors.

For the case where you're doing a state change to the current state, we could raise an error in the client.

For the other cases, we'd probably need to map out the valid transitions and check this prior to making a call.

/cc @brentjo @gregose

Transfered from oreoshake/hackerone-client#26

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.