oreoshake / hackerone-client Goto Github PK
View Code? Open in Web Editor NEWAn unofficial wrapper for the HackerOne API
Home Page: https://api.hackerone.com/docs/v1
License: MIT License
An unofficial wrapper for the HackerOne API
Home Page: https://api.hackerone.com/docs/v1
License: MIT License
๐ When a weakness references an external_id
that starts with capec-
, calling to_owasp
will throw an error.
=> #<HackerOne::Client::Weakness:0x00007fb8503c9de8 @attributes={:name=>"Privilege Escalation", :description=>"An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.", :external_id=>"capec-233", :created_at=>"2017-01-05T01:51:19.000Z"}>
Calling weakness.to_owasp
throws an error in weakeness.rb
/cc @rzhade3
state_change
, add_comment
, triage
, add_report_reference
are all specific to reports yet live in the hodge podge HackerOne::Client
class.
This is fine when the library is tiny and with few developers, but it can get out of hand quickly.
There's probably a few opportunities to DRY up the code too.
Internal and external. See https://api.hackerone.com/docs/v1#/reports/comments/create
Hi, I've need to be able to define more extensive filters on reports and also noticed that you don't do pagination, which yield in missing records. I've hacked something quickly in https://github.com/Showmax/hackerone-client/tree/reports-find . It should be considered WIP, for example abstracting pagination out of this methods and actually making it more robust (similarly to your parse_response
method).
But I thought that you may be interested in the work.
We should consider adding Sorbet type checking.
In order to ensure all reports are assigned to a user, we should opportunistically assign issues upon any state change if the report is unassigned.
def triage(reference, assignee: nil)
def award_bounty(message:, amount:, bonus_amount: nil, assignee: nil)
etc. It seems like this would be a common use case and it's entirely optional anyways.
We should add support for Report/ Program Custom fields: https://api.hackerone.com/customer-resources/#reports-manage-custom-field-values
The API doesn't like invalid state changes or even state changes to the current state. This can lead to confusing 400
errors.
For the case where you're doing a state change to the current state, we could raise an error in the client.
For the other cases, we'd probably need to map out the valid transitions and check this prior to making a call.
Currently, we only support instantiation of the H1 credentials as Environment variables. This means that it is very difficult to use in an environment with multiple programs.
In order to fix this, we should allow instantiation of the H1-client with the creds passed in as variables, and allow callers to decide where the credentials originate from.
@esjee is working on adding support to pay bounties via the API. This includes:
Hey!
I am thinking of adding a pull request to get all reporters. So we need to set the page[size] =100 and increment page[number]= 1...2...3 etc. till we get zero array size.
I don't see those params for client.reporter am I missing something ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.