Handle bugcrowd engagements

arkadiyt · Jun 26, 2024 · 846e710 · 846e710
1 parent 230c201
commit 846e710
Showing 1 changed file with 47 additions and 4 deletions.
diff --git a/lib/bounty-targets/bugcrowd.rb b/lib/bounty-targets/bugcrowd.rb
@@ -45,13 +45,11 @@ def directory_index
         program_links.concat(programs)
         page += 1
       end
-
-      program_links.reject do |link|
-        link.start_with?('https://bugcrowd.com/engagements/')
-      end
     end
 
     def parse_program(program_link)
+      return parse_engagement(program_link) if program_link.start_with?('https://bugcrowd.com/engagements/')
+
       uri = URI(program_link)
       response = ::SsrfFilter.get(uri).body
       document = ::Nokogiri::HTML(response)
@@ -99,6 +97,40 @@ def parse_program(program_link)
       }
     end
 
+    def parse_engagement(program_link)
+      uri = URI(program_link)
+      response = ::SsrfFilter.get(uri).body
+      document = ::Nokogiri::HTML(response)
+
+      brief_url = ::JSON.parse(document.css('div[data-react-class="ResearcherEngagementBrief"]').attr('data-api-endpoints').value)['engagementBriefApi']['getBriefVersionDocument']
+      brief = ::JSON.parse(::SsrfFilter.get(URI("https://bugcrowd.com/#{brief_url}.json")).body)
+      data = brief['data']['brief']
+      scope = brief['data']['scope']
+      {
+        name: data['name'],
+        url: program_link,
+        allows_disclosure: !brief['coordinatedDisclosure'],
+        managed_by_bugcrowd: true, # Bugcrowd seems to have removed the flag for this / all programs are managed
+        safe_harbor: data.dig('safeHarborStatus', 'status'),
+        max_payout: scope.select do |scope|
+          scope['inScope'] == true
+        end.map do |scope|
+          scope.dig('rewardRangeData', '1', 'max')
+        end.max,
+        targets: {
+          in_scope: scopes_to_hashes_engagement(scope.select do |scope|
+            scope['inScope'] == true
+          end.flatten),
+          out_of_scope: scopes_to_hashes_engagement(scope.select do |scope|
+            scope['inScope'] == false
+          end.flatten)
+        }
+      }
+    rescue StandardError => ex
+      binding.pry
+      puts 'got error on ' + program_link
+    end
+
     def scopes_to_hashes(uri, groups)
       groups.flat_map do |group|
         targets_uri = uri.clone
@@ -126,5 +158,16 @@ def scopes_to_hashes(uri, groups)
         scope[:target]
       end
     end
+
+    def scopes_to_hashes_engagement(scopes)
+      scopes.flat_map do |targets|
+        targets['targets'].map do |scope|
+          {
+            type: scope['category'],
+            target: scope['uri'] || scope['name'] || scope['ipAddress']
+          }
+        end
+      end
+    end
   end
 end