Fix bugcrowd (#76)

Co-authored-by: bounty-targets <>
arkadiyt · Feb 17, 2021 · 0c33ecc · 0c33ecc
1 parent bf5be18
commit 0c33ecc
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 12 deletions.
diff --git a/Gemfile b/Gemfile
@@ -6,7 +6,7 @@ ruby '2.6.6'
 
 gem 'graphql-client', '~> 0.16.0'
 gem 'kramdown', '~> 2.3.0'
-gem 'nokogiri', '~> 1.11.0'
+gem 'nokogiri', '~> 1.11.1'
 gem 'sentry-raven', '~> 2.11.0'
 gem 'ssrf_filter', '~> 1.0.6'
 gem 'twingly-url', '~> 6.0.1'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -43,7 +43,7 @@ GEM
     mini_portile2 (2.5.0)
     minitest (5.14.1)
     multipart-post (2.1.1)
-    nokogiri (1.11.0)
+    nokogiri (1.11.1)
       mini_portile2 (~> 2.5.0)
       racc (~> 1.4)
     parallel (1.19.2)
@@ -116,7 +116,7 @@ DEPENDENCIES
   coveralls (~> 0.8.23)
   graphql-client (~> 0.16.0)
   kramdown (~> 2.3.0)
-  nokogiri (~> 1.11.0)
+  nokogiri (~> 1.11.1)
   pry-byebug (~> 3.9.0)
   rspec (~> 3.8.0)
   rubocop (~> 0.74.0)

diff --git a/lib/bounty-targets/bugcrowd.rb b/lib/bounty-targets/bugcrowd.rb
@@ -17,7 +17,7 @@ def uris
       scan.flat_map do |program|
         program[:targets][:in_scope]
       end.select do |scope|
-        ['api testing', 'other', 'website testing'].include?(scope[:type])
+        %w[api other website].include?(scope[:type])
       end.map do |scope|
         scope[:target]
       end
@@ -86,6 +86,8 @@ def parse_program(program_link)
         max_payout_amount[1].gsub(',', '').to_i
       end
 
+      value = document.css('div[data-react-class=ResearcherTargetGroups]').first.attributes['data-react-props'].value
+      content = JSON.parse(value)
       {
         name: name,
         url: program_link,
@@ -94,20 +96,19 @@ def parse_program(program_link)
         safe_harbor: safe_harbor_value,
         max_payout: max_payout_amount,
         targets: {
-          in_scope: scopes_to_hashes(document.css('#user-guides__bounty-brief__in-scope + div > table')),
-          out_of_scope: scopes_to_hashes(document.css('#user-guides__bounty-brief__out-of-scope + div > table'))
+          in_scope: scopes_to_hashes(content['groups'].find { |group| group['in_scope'] == true }),
+          out_of_scope: scopes_to_hashes(content['groups'].find { |group| group['in_scope'] == false })
         }
       }
     end
 
-    def scopes_to_hashes(nodes)
-      nodes.css('tbody > tr').map do |node|
-        target, type = node.css('td').map { |td| td.inner_text.strip }
-        raise StandardError, 'Error parsing bugcrowd target' if target.nil? || target.empty?
+    def scopes_to_hashes(group)
+      return [] if group.nil?
 
+      group['targets'].map do |target|
         {
-          type: (type || '').downcase,
-          target: target
+          type: (target['category'] || '').downcase,
+          target: target['name']
         }
       end.sort_by do |scope|
         scope[:target]