Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e7fb25e

Browse files
martijnrusschenmartijnrusschen
authored
Merge branch 'master' into changelog-august
2 parents a4528b2 + 1671552 commit e7fb25e

25 files changed

+153
-12
lines changed

docs/changelog/2018/august.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ date: "2018-08"
66

77
### Publishing External Vulnerabilities
88
We now enable hackers to publish their findings from external sources that don't have HackerOne programs. Click [here](/hackers/publishing-external-vulnerabilities.html) to learn more.
9-
![aug-2018-publishing](./images/aug-2018-hacktivity++.png)
9+
![aug-2018-publishing](./images/aug-2018-hacktivity-plus-plus.png)
1010

1111
### Two-Factor Authentication
1212
Hackers now have the ability to set up [two-factor authentication](/hackers/two-factor-authentication.html) to add an extra layer of protection to their accounts.

docs/changelog/2018/images/aug-2018-hacktivity++.png renamed to docs/changelog/2018/images/aug-2018-hacktivity-plus-plus.png

File renamed without changes.

docs/changelog/2018/images/march_2018_controlled launch.png renamed to docs/changelog/2018/images/march_2018_controlled_launch.png

File renamed without changes.

docs/changelog/2018/march.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ Reports in the Needs More Info state that haven’t been responded to within 30
1919

2020
### Self-Controlled Launch
2121
Response Programs in Controlled Launch that meet all of the success criteria are now prompted to publicly launch their own program through following the Setup Guide or through email notification.
22-
![march_2018_controlled_launch](./images/march_2018_controlled%20launch.png)
22+
![march_2018_controlled_launch](./images/march_2018_controlled_launch.png)
2323

2424
### Response SLA Settings
2525
Response SLA settings are now applied to all reports and not just reports created after modification to SLA settings.

docs/changelog/2019/august.md

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,15 @@ path: "/changelog/2019/august"
44
date: "2019-08"
55
---
66

7-
### API enhancements
7+
### API Enhancements
88

9-
We've released a few improvements to [our API](https://api.hackerone.com/docs/v1):
10-
* [Ability to create a report](https://api.hackerone.com/docs/v1#/reports/create). This endpoint helps you to import (known) vulnerabilities into the platform, to use these for duplicate detection or central vulnerability management.
9+
We've released these new endpoints to our [API](https://api.hackerone.com/docs/v1):
10+
* [Ability to create a report](https://api.hackerone.com/docs/v1#/reports/create)
11+
* [Ability to change the weakness on a report](https://api.hackerone.com/docs/v1#/reports/weakness/update)
12+
* [Ability to fetch all weaknesses for a program](https://api.hackerone.com/docs/v1#/programs/weaknesses/index)
13+
* [Ability to update policy of a program](https://api.hackerone.com/docs/v1#/programs/policy/update)
1114
* [Ability to fetch billing information for a program](). This endpoint includes recent financial transactions happening within your program.
1215
* [Ability to fetch the remaining balance for a program](). Showing the remaining balance that's available for bounty payouts.
13-
* [Ability to change the weakness on a report](https://api.hackerone.com/docs/v1#/reports/weakness/update).
14-
* [Ability to fetch all weaknesses for a program](https://api.hackerone.com/docs/v1#/programs/weaknesses/index).
1516

1617
### Program Hover State Profile
1718

docs/hackers/images/security-checks-1.png

310 KB
Loading

docs/hackers/images/security-checks-10.png

27.8 KB
Loading

docs/hackers/images/security-checks-11.png

56.6 KB
Loading

docs/hackers/images/security-checks-2.png

246 KB
Loading

docs/hackers/images/security-checks-3.png

53.1 KB
Loading

docs/hackers/images/security-checks-4.png

279 KB
Loading

docs/hackers/images/security-checks-5.png

88.5 KB
Loading

docs/hackers/images/security-checks-6.png

399 KB
Loading

docs/hackers/images/security-checks-7.png

53.7 KB
Loading

docs/hackers/images/security-checks-8.png

228 KB
Loading

docs/hackers/images/security-checks-9.png

104 KB
Loading

docs/hackers/reputation.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ id: "hackers/reputation"
66

77
As hackers submit vulnerability reports through the HackerOne platform, their reputation measures how likely their finding is to be immediately relevant and actionable. Reputation is points gained or lost based on report validity. It's weighted based on the size of the bounty and the criticality of the reported vulnerability. Reputation is based exclusively on your track record as a hacker.
88

9-
There are a number of privileges that are gained by maintaining a high reputation such as, becoming eligible to receive invitations to private bug bounty programs. On the flip side, should your reputation decrease, the system will gradually reduce the number of report submissions allowed in a given time period.
9+
There are a number of privileges that are gained by maintaining a high reputation, such as becoming eligible to receive invitations to private bug bounty programs. On the flip side, should your reputation decrease, the system will gradually reduce the number of report submissions allowed in a given time period.
1010

1111
It's critical to this community that security teams be afforded a high-signal environment so that they can focus on providing a quality response to hackers who submit the best reports.
1212

docs/hackers/security-checks.md

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
---
2+
title: "Security Checks"
3+
path: "/hackers/security-checks.html"
4+
id: "hackers/security-checks"
5+
---
6+
7+
Checklists are a way for organizations to meet compliance requirements by enlisting hackers to check for specific vulnerabilities on the OWASP top 10 list. Organizations that opt-in to using checklists will receive a compliance report that they can submit to certify their status among independent and industry compliance frameworks.
8+
9+
> **Note:** This feature is in beta and only accessible to select hackers.
10+
11+
### How it works
12+
To participate in a security check:
13+
14+
1. Go to a program’s **Security Checks** tab on their security page. The security checks tab is only available if the program has opted into compliance.
15+
16+
![security-check-image 1](./images/security-checks-1.png)
17+
18+
2. Click **View Details** for the task that you’re interested in on the checklist.
19+
3. Review the description, instruction, and scope for the task.
20+
4. Select **Claim this check** if you’re interested in completing the task.
21+
* You can claim 1 check per program at a time. After you've submitted your results, you can claim another check for that same program. Once you’ve claimed a check, you’ll have 72 hours to complete it. For each security check, you must test all assets in scope for the relevant vulnerability type.
22+
23+
![security check image 2](./images/security-checks-2.png)
24+
25+
5. Select **Submit results** on the Security Checks page of the program when you’re ready to submit your findings.
26+
27+
![security check iamge 3](./images/security-checks-3.png)
28+
29+
6. Input your findings in the required fields on the submission form.
30+
31+
![security check image 4](./images/security-checks-4.png)
32+
33+
7. *(Optional)* Submit a report and link it to your results if you find vulnerabilities during your check.
34+
35+
![security check image 5](./images/security-checks-5.png)
36+
37+
8. Click **Submit**.
38+
39+
Once you’ve submitted your results, HackerOne will review your findings. If your findings aren’t approved, your check will be marked as *Rejected*. If your check is rejected, you can reclaim the security check under **Hacker Dashboard > Security Checks**.
40+
41+
![security check image 6](./images/security-checks-6.png)
42+
43+
If your check is approved, you’ll automatically be paid the reward amount.
44+
45+
![security check image 7](./images/security-checks-7.png)
46+
47+
### Managing Security Checks
48+
49+
You can manage your claimed security checks on the Security Checks tab under your Hacker Dashboard.
50+
51+
![security check image 8](./images/security-checks-8.png)
52+
53+
You can also keep track of your Security Check rewards on your Hacker Dashboard.
54+
55+
![security check image 9](./images/security-checks-9.png)
56+
57+
### Releasing a Security Check
58+
If you decide that you no longer want to complete a security check, you can release the check by clicking **Release check** at the bottom of the security check submission page. Keep in mind that once you release the check, other hackers will be able to claim the check and any work you’ve done won’t be saved.
59+
60+
![security check image 10](./images/security-checks-10.png)
61+
62+
![security check image 11](./images/security-checks-11.png)

docs/programs/integration-variables.md

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
---
2+
title: "Integration Variables"
3+
path: "/programs/integration-variables.html"
4+
id: "programs/integration-variables"
5+
---
6+
7+
Variable | Description | Example
8+
-------- | ------ |
9+
`{{assignee}}` | The user that's assigned to the report. |
10+
`{{days_after_report(days)}}` | Provides a date based on the report creation date and the provided argument. `{{days_after_report(5)}}` will output a date 5 days after the report was created. |
11+
`{{details_custom_jira}}` | The link, date, reporter, weakness, and description of the vulnerability in the report. These are written in a markdown format customized for Jira. |
12+
`{{details_markdown}}` | The link, date, reporter, weakness, and description of the vulnerability in the report in markdown format. |
13+
`{{details_truncated}}` | The link, date, reporter, weakness, and description of the vulnerability in the report in plain text format. These details are truncated at 4,000 characters.
14+
`{{details}}` | The link, date, reporter, weakness, and description of the vulnerability in the report in plain text format. |
15+
`{{due_date(days_from_now)}}` | Provides a date in the future based on the provided argument. Example: `{{due_date(5)}}` will output a date 5 days from now. |
16+
`{{email_local_part}}` | The local part of the email address of the user creating the Jira issue. *Note: The local part of an email address is the part before the @ symbol.*
17+
`{{email}}` | The email address of the user creating the Jira issue. |
18+
`{{escalation_time}}` | The date and time of when the report was escalated to Jira. |
19+
`{{jira_severity}}` | The severity of the report in Jira mapping. `none` converts to `1` and `critical` converts to `5`. |
20+
`{{report_id}}` | The ID of the report. |
21+
`{{report_link}}` | The URL of the report. |
22+
`{{reporter_link}}` | The URL of the hacker's HackerOne profile. |
23+
`{{reporter_name}}` | The name of the hacker that reported the vulnerability. This will fall back to the username if the hacker didn't provide their name. |
24+
`{{reporter_username}}` | The username of the hacker that reported the vulnerability. |
25+
`{{submission_date_custom_format}}` | The date the report was created in `DD-MM-YYYY` format. |
26+
`{{submission_date_y_m_d}}` | The date the report was created in `YYYY-MM-DD` format. |
27+
`{{submission_date}}` | The date the report was created in `DD/MM/YYYY` format. |
28+
`{{title}}` | The title of the report. |
29+
`{{vulnerability_information}}` | The description of the vulnerability in the report. |
30+
`{{weakness}}` | The CWE weakness of the report. |

docs/programs/jira-faqs.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,5 +8,7 @@ Question | Answer
88
-------- | ------
99
The HackerOne markdown doesn't convert correctly to Jira. How can I convert the markdown correction to Jira? | You can use a Jira optimized template by setting the escalation template to: `{{details_custom_jira}}`.
1010
What fields are supported in the bi-directional Jira integration? | We support all fields that have the type: `string`, `number`, `date`, `Radio Buttons`, or `Select List (single choice)`.
11+
What do the different variables mean? | Please refer to the [Integration variables](integration-variables.html) page to see examples and descriptions of each variable.
1112
I have multiple HackerOne programs. Can I integrate each of these programs to the same Jira instance? | Yes, you can integrate multiple HackerOne programs to the same Jira instance. If you're using Jira Cloud, you must first remove the "HackerOne for Jira" plugin and then follow steps 1-2 below.<br><br>To integrate Jira with multiple HackerOne programs:<ul>1. Follow all of the [Jira Server steps](jira-server-integration.html) for the first program you want to integrate.</ul><ul>2. For each subsequent program you need to add an integration for, only follow steps 12-16 in [the Jira Server article](jira-server-integration.html).<ul><li>You only need to follow steps 12-16 because the application link has already been created when integrating with your first program, and only 1 application link is needed to set up a Jira integration.</li></ul></ul>
12-
My Jira is behind a firewall and is not externally accessible. How can I integrate with Jira? | To use the bi-directional Jira integration, you need to make sure your Jira instance is accessible from the HackerOne system. You can whitelist HackerOne’s IP addresses in your firewall to only open it up to the HackerOne application. Contact your program manager to request our IP addresses to whitelist in your firewall.<br><br>If you don't want to expose your Jira to HackerOne, [contact us](https://support.hackerone.com/hc/en-us/requests/new) to get a work-around that enables you to only escalate to Jira.
13+
My Jira is behind a firewall and is not externally accessible. How can I integrate with Jira? | To use the bi-directional Jira integration, you need to make sure your Jira instance is accessible from the HackerOne system. You can whitelist HackerOne’s IP addresses in your firewall to only open it up to the HackerOne application. Contact your program manager to request our IP addresses to whitelist in your firewall.<br><br>If you don't want to expose your Jira to HackerOne, [contact us](https://support.hackerone.com/hc/en-us/requests/new) to get a work-around that enables you to only escalate to Jira.
14+
I'm getting the following error when creating a Jira issue: `JIRA returned the following error: "You must specify a summary of the issue."` | This means that you didn't specify a value for the `summary` field in your Jira integration settings. Please review the field mapping in your Jira integration settings and make sure values are provided for all required fields.

docs/programs/jira-server-integration.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ Display URL | https://hackerone.com
4545

4646
![jira-server-12](./images/jira-server-12.png)
4747

48-
10. Enter the following information on the Incoming Authentication section of the Configure HackerOne window:
48+
10. Enter the following information on the **Incoming Authentication** section of the Configure HackerOne window:
4949

5050
Field | Details
5151
----- | --------

gatsby-config.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,8 @@ module.exports = {
3131
head: false,
3232
anonymize: true,
3333
respectDNT: true,
34+
forceSSL: true,
35+
transport: "beacon",
3436
},
3537
},
3638
{

src/components/search/search.js

Lines changed: 42 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,48 @@ import "./search.scss";
44
import "./algolia.css";
55

66
class Search extends React.Component {
7+
constructor(props) {
8+
super(props);
9+
10+
this.state = {
11+
enabled: true
12+
};
13+
}
14+
componentDidMount() {
15+
if (window.docsearch) {
16+
window.docsearch({
17+
// the following information is copied from the gatsby-config.js file
18+
// if you change anything below, make sure to also change it in that
19+
// file. We're duplicating this code to avoid a race condition in the
20+
// MutationObserver logic, where the docsearch script (npm package)
21+
// was loaded *before* this component was loaded.
22+
apiKey: "acfb7def12803db2cd4ac0539b2b571a",
23+
indexName: "hackerone",
24+
inputSelector: "#algolia-doc-search",
25+
transformData: suggestions => {
26+
// ideally, we'd have an `id` or `name` attribute for all headers, so that DocSearch
27+
// properly indexes the anchors. Since we don't have that yet, we've went with this
28+
// temporary workaround to remove the ___gatsby anchor from the URL. This code can be
29+
// removed when the appropriate attributes are added. Ref T19586.
30+
return suggestions.map(suggestion => {
31+
delete suggestion.anchor;
32+
33+
suggestion.url = suggestion.url.replace(/#gatsby-focus-wrapper$/, "");
34+
35+
return suggestion;
36+
});
37+
}
38+
});
39+
} else {
40+
console.warn("Search has failed to load and now is being disabled");
41+
this.setState({ enabled: false });
42+
}
43+
}
44+
745
render() {
8-
return (
46+
const { enabled } = this.state;
47+
48+
return enabled ? (
949
<form className="search">
1050
<input
1151
className="search__input"
@@ -15,7 +55,7 @@ class Search extends React.Component {
1555
aria-label="Search docs"
1656
/>
1757
</form>
18-
);
58+
) : null;
1959
}
2060
}
2161

src/pages/hackers/hackers-nav.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,8 @@
6060
path: /hackers/credentials.html
6161
- title: Retesting
6262
path: /hackers/retesting.html
63+
- title: Security Checks
64+
path: /hackers/security-checks.html
6365
- title: Hacker101
6466
path: /hackers/hacker101.html
6567
- title: 90 Day Leaderboard

src/pages/programs/programs-nav.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,8 @@
149149
items:
150150
- title: Supported Integrations
151151
path: /programs/supported-integrations.html
152+
- title: Integration Variables
153+
path: /programs/integration-variables.html
152154
- title: Email Forwarding
153155
path: /programs/email-forwarding.html
154156
- title: Embedded Submission Form

0 commit comments

Comments
 (0)