diff --git a/Gemfile.lock b/Gemfile.lock index 977766d..7464334 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,10 +1,11 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.8.4) - public_suffix (>= 2.0.2, < 6.0) - ast (2.4.2) - bundler-audit (0.9.1) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) + ast (2.4.3) + bigdecimal (3.3.1) + bundler-audit (0.9.2) bundler (>= 1.2.0, < 3) thor (~> 1.0) byebug (11.1.3) @@ -15,26 +16,35 @@ GEM term-ansicolor (~> 1.3) thor (>= 0.19.4, < 2.0) tins (~> 1.6) - crack (0.4.5) + crack (1.0.1) + bigdecimal rexml - diff-lcs (1.5.0) - docile (1.4.0) - faraday (2.7.4) - faraday-net_http (>= 2.0, < 3.1) - ruby2_keywords (>= 0.0.4) - faraday-net_http (3.0.2) - hashdiff (1.0.1) - json (2.6.3) + diff-lcs (1.6.2) + docile (1.4.1) + faraday (2.14.0) + faraday-net_http (>= 2.0, < 3.5) + json + logger + faraday-net_http (3.4.1) + net-http (>= 0.5.0) + hashdiff (1.2.1) + json (2.15.2) kramdown (2.4.0) rexml - method_source (1.0.0) - mini_portile2 (2.8.8) - nokogiri (1.18.8) + logger (1.7.0) + method_source (1.1.0) + mini_portile2 (2.8.9) + mize (0.6.1) + net-http (0.7.0) + uri + nokogiri (1.18.10) mini_portile2 (~> 2.8.2) racc (~> 1.4) - parallel (1.23.0) - parser (3.2.2.1) + parallel (1.27.0) + parser (3.3.10.0) ast (~> 2.4.1) + racc + prism (1.6.0) pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) @@ -44,8 +54,8 @@ GEM public_suffix (4.0.7) racc (1.8.1) rainbow (3.1.1) - regexp_parser (2.8.0) - rexml (3.3.9) + regexp_parser (2.11.3) + rexml (3.4.4) rspec (3.11.0) rspec-core (~> 3.11.0) rspec-expectations (~> 3.11.0) @@ -69,12 +79,12 @@ GEM rubocop-ast (>= 1.20.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.28.0) - parser (>= 3.2.1.0) + rubocop-ast (1.47.1) + parser (>= 3.3.7.2) + prism (~> 1.4) rubocop-rspec (2.12.1) rubocop (~> 1.31) ruby-progressbar (1.13.0) - ruby2_keywords (0.0.5) sentry-raven (3.1.2) faraday (>= 1.0) simplecov (0.16.1) @@ -84,15 +94,18 @@ GEM simplecov-html (0.10.2) ssrf_filter (1.0.8) sync (0.5.0) - term-ansicolor (1.7.1) - tins (~> 1.0) - thor (1.2.1) - tins (1.32.1) + term-ansicolor (1.11.3) + tins (~> 1) + thor (1.4.0) + tins (1.45.0) + bigdecimal + mize (~> 0.6) sync twingly-url (6.0.4) addressable (~> 2.6) public_suffix (>= 3.0.1, < 5.0) - unicode-display_width (2.4.2) + unicode-display_width (2.6.0) + uri (1.1.1) webmock (3.18.1) addressable (>= 2.8.0) crack (>= 0.3.2) diff --git a/lib/bounty-targets/intigriti.rb b/lib/bounty-targets/intigriti.rb index 8ad204f..328a127 100644 --- a/lib/bounty-targets/intigriti.rb +++ b/lib/bounty-targets/intigriti.rb @@ -112,7 +112,7 @@ def directory_index def program_scopes(program) url = "https://app.intigriti.com/api/core/public/programs/#{encode(program[:company_handle])}/#{encode(program[:handle])}" - targets = (JSON.parse(SsrfFilter.get(url).body)['assets'].max_by do |domains| + targets = (JSON.parse(SsrfFilter.get(url).body)['assetsAndGroups'].max_by do |domains| domains['createdAt'] end)['content'].map do |content| { diff --git a/spec/fixtures/intigriti/scopes.json b/spec/fixtures/intigriti/scopes.json index ae12a54..89563e0 100644 --- a/spec/fixtures/intigriti/scopes.json +++ b/spec/fixtures/intigriti/scopes.json @@ -7,7 +7,7 @@ "handle": "intel", "name": "Intel®", "description": "Intel® Bug Bounty Program\nIntel Corporation believes that forging relationships with security researchers and fostering security research is a crucial part of our Security First Pledge. We encourage security researchers to work with us to mitigate and coordinate the disclosure of potential security vulnerabilities. By submitting your report, you agree to the terms of the Intel® Bug Bounty Program. Intel reserves the right to alter the terms and conditions of this program at its sole discretion.\n", - "assets": [ + "assetsAndGroups": [ { "content": [ {