Fix intigriti (#173)

Co-authored-by: arkadiyt <>

lib/bounty-targets/intigriti.rb

@@ -8,13 +8,21 @@ module BountyTargets
   class Intigriti
     STATUSES = %w[_ wizard draft open suspended closing closed archived].freeze
     CONFIDENTIALITY_LEVELS = %w[_ inviteonly application registered public].freeze
-    TYPES = %w[_ url android ios iprange device other].freeze
+    TYPES = %w[_ url android ios iprange device other wildcard].freeze
+    TIERS = [
+      '',
+      'No Bounty',
+      'Tier 3',
+      'Tier 2',
+      'Tier 1',
+      'Out of scope'
+    ].freeze
 
     def scan
       return @scan_results if instance_variable_defined?(:@scan_results)
 
       @scan_results = directory_index.select do |program|
-        program[:confidentiality_level] == 'public' && program[:status] == 'open'
+        program[:confidentiality_level] == 'public' && program[:status] == 'open' && program[:tacRequired] != true
       end.map do |program|
         program.merge(program_scopes(program))
       end.sort_by do |program|
@@ -26,7 +34,7 @@ def uris
       scan.flat_map do |program|
         program[:targets][:in_scope]
       end.select do |scope|
-        scope[:type] == 'url'
+        %w[url wildcard].include?(scope[:type])
       end.map do |scope|
         scope[:endpoint]
       end
@@ -53,27 +61,32 @@ def directory_index
             encode(program['handle']) + '/detail',
           status: STATUSES[program['status']],
           confidentiality_level: CONFIDENTIALITY_LEVELS[program['confidentialityLevel']],
+          tacRequired: program['tacRequired'],
           min_bounty: program['minBounty'],
           max_bounty: program['maxBounty']
         }
       end
     end
 
     def program_scopes(program)
-      document = ::Nokogiri::HTML(SsrfFilter.get(program[:url]).body)
-      in_scope = document.css('div.domain-container').map do |div|
-        {
-          type: div.css('.domainType').inner_text.strip.downcase,
-          endpoint: div.css('.reference').inner_text.strip,
-          description: div.css('.domain-description p').inner_text.strip,
-          impact: div.css('.impact').inner_text.strip
-        }
+      url = "https://app.intigriti.com/api/core/public/programs/#{encode(program[:company_handle])}/#{encode(program[:handle])}"
+      targets = JSON.parse(SsrfFilter.get(url).body)['domains'].flat_map do |domains|
+        domains['content'].map do |content|
+          {
+            type: TYPES[content['type']],
+            endpoint: content['endpoint'],
+            description: content['description'],
+            impact: TIERS[content['bountyTierId']]
+          }
+        end
+      end.group_by do |scope|
+        scope[:impact] != 'Out of scope'
       end
 
       {
         targets: {
-          in_scope: in_scope,
-          out_of_scope: []
+          in_scope: targets[true] || [],
+          out_of_scope: targets[false] || []
         }
       }
     end

spec/bounty-targets/intigriti_spec.rb

@@ -22,6 +22,7 @@
           handle: 'doccle',
           id: '12715f4b-d10e-415f-a309-6ab042f6158a',
           status: 'open',
+          tacRequired: true,
           url: 'https://www.intigriti.com/programs/doccle/doccle/detail',
           max_bounty: {'currency' => 'EUR', 'value' => 2500},
           min_bounty: {'currency' => 'EUR', 'value' => 0},
@@ -32,6 +33,7 @@
           confidentiality_level: 'application',
           handle: 'e-tracker',
           id: 'a09e497e-fd75-4b56-afa0-7a6689389b76',
+          tacRequired: false,
           max_bounty: {'currency' => 'EUR', 'value' => 0},
           min_bounty: {'currency' => 'EUR', 'value' => 0},
           name: 'e-tracker',
@@ -43,65 +45,17 @@
   end
 
   it 'fetches program scopes' do
-    scopes = File.read('spec/fixtures/intigriti/scopes.html')
-    stub_request(:get, %r{/programs/Uphold/upholdcom/detail})
+    scopes = File.read('spec/fixtures/intigriti/scopes.json')
+    stub_request(:get, %r{/api/core/public/programs/intel/intel})
       .with(headers: {host: 'app.intigriti.com'}).to_return(status: 200, body: scopes)
-    expect(client.program_scopes(url: 'https://app.intigriti.com/programs/Uphold/upholdcom/detail')).to eq(
+    expect(client.program_scopes(company_handle: 'intel', handle: 'intel')).to eq(
     targets: {
       in_scope: [
         {
-          description: 'iOS application. This is currently installable on Jailbroken devices, ' \
-                       'please read the out-of-scope findings.',
-          endpoint: '1101145849',
+          description: nil,
+          endpoint: "(Hardware)\tProcessor (inclusive of micro-code ROM + updates)",
           impact: 'Tier 1',
-          type: 'ios'
-        },
-        {
-          description: 'Production WebWallet Application. Do not test service degradation attacks ' \
-                       'or horizontal privilege here.On the business app side, we allow you to create ' \
-                       "apps in sandbox, but you shouldn't be able to create them in Production.",
-          endpoint: 'api.uphold.com',
-          impact: 'Tier 1',
-          type: 'url'
-        },
-        {
-          description: 'Android application. This is currently installable on Jailbroken devices, please ' \
-                       'read the out-of-scope findings.',
-          endpoint: 'com.uphold.wallet',
-          impact: 'Tier 1',
-          type: 'android'
-        },
-        {
-          description: 'Production WebWallet Application. Do not test service degradation ' \
-                       'attacks or horizontal privilege here.',
-          endpoint: 'uphold.com/dashboard',
-          impact: 'Tier 1',
-          type: 'url'
-        },
-        {
-          description: 'Use this environment for financial transaction testing, degradation attacks, ' \
-                       'or horizontal privilege attacks. Fund with Crypto Testnet Faucet (e.g. ' \
-                       'https://coinfaucet.eu/en/btc-testnet/ for Bitcoin).On the business app side, we ' \
-                       "allow you to create apps in sandbox, but you shouldn't be able to create them in Production.",
-          endpoint: 'api-sandbox.uphold.com',
-          impact: 'Tier 2',
-          type: 'url'
-        },
-        {
-          description: 'Use this environment for financial transaction testing, degradation attacks, ' \
-                       'or horizontal privilege attacks. Fund with Crypto Testnet Faucet (e.g. ' \
-                       'https://coinfaucet.eu/en/btc-testnet/ for Bitcoin)',
-          endpoint: 'sandbox.uphold.com/dashboard',
-          impact: 'Tier 2',
-          type: 'url'
-        },
-        {
-          description: 'We are willing to give bonuses on anything you find and we agree is impactful, ' \
-                       'in the rest of our domain. Please note that third party services are out of scope ' \
-                       'unless the issue is caused due to a misconfiguration by Uphold',
-          endpoint: '*.uphold.com',
-          impact: 'Tier 3',
-          type: 'url'
+          type: 'other'
         }
       ],
       out_of_scope: []

spec/fixtures/intigriti/programs.json

@@ -11,10 +11,10 @@
         "confidentialityLevel": 2,
         "companyHandle": "doccle",
         "companyName": "Doccle",
-        "tacRequired": false,
         "companySustainable": true,
         "handle": "doccle",
         "name": "Doccle",
+        "tacRequired": true,
         "description": "Doccle, founded in 2014, is a Belgian company that hosts an online platform where you can receive, pay, share and store your administration in one place. You can add several suppliers to your Doccle account in a few mouse clicks. This way, you will receive all documents in one place. You can also pay, sign or share them via Doccle. All your documents are securely stored in your digital archive. The more companies you add, the more documents you will receive.",
         "minBounty": {
           "value": 0,