ajxchapman/h1_stats.py

## h1_stats.py
import re
import requests
import sys

TOKEN="*x-csrf-token Header*"
COOKIE="*__Host-session Cookie*"
USERNAME="*HackerOne Username*"

bugs = []
pages = 1
page = 1
while page <= pages:
    sys.stderr.write(f"Fetching bugs page {page}...\n")
    r = requests.post("https://hackerone.com/bugs.json",
        params={
            "subject": "user",
            "start_date": "2011-01-01",
            "end_date": "2021-12-31",
            "page": page
        },
        headers={
            "x-csrf-token": TOKEN
        },
        cookies={
            "__Host-session": COOKIE
        }
    )

    try:
        if "pages" in r.json():
            pages = r.json()["pages"]
    except Exception as e:
        sys.stderr.write(f"{r.status_code} - {r.body[:100]}\n")


    for bug in r.json().get("bugs", []):
        bugs.append(bug["id"])
    page += 1

sys.stderr.write(f"Found {len(bugs)} reports. Processing...\n")
for i, bug in enumerate(bugs):
    sys.stderr.write(f"Fetching bug {i + 1}/{len(bugs)} - {bug}...\n")
    r = requests.get(f"https://hackerone.com/reports/{bug}.json",
        headers={
            "x-csrf-token": TOKEN
        },
        cookies={
            "__Host-session": COOKIE
        }
    )
    bug = r.json()

    try:
        platform = "HackerOne"
        program = bug["team"]["profile"]["name"]
        program_type = "Public" if bug["team"].get("state") == "public_mode" else ("LHE" if re.search(r'[Hh]1-[0-9]+', bug["team"]["handle"] + bug["team"]["profile"]["name"]) else "Private")
        report = str(bug["id"])
        report_type = "Reporter" if bug.get("reporter", {}).get("username") == USERNAME else "Collaborator"
        colaboration = bug.get("reporter", {}).get("username") != USERNAME
        disclosed = bug["disclosed_at"] != None
        submitted_date = bug["created_at"].replace("T", " ").split(".")[0]
        triage_date = None
        h1_triage = False
        bounty_date = None
        fixed_date = None
        bounty = 0.0
        bonus = 0.0
        duplicate = bug["substate"] == "duplicate"
        valid = bug["substate"] not in ["informative", "not-applicable", "spam"]
        severity = bug.get("severity", {}).get("score") or {"none": 0.0, "low": 0.1, "medium": 4.0, "high": 7.0, "critical": 9.0}[bug.get("severity", {"rating" : "none"})["rating"]]
        weakness = bug.get("weakness", {}).get("name") or "N/A"
        asset = (bug.get("structured_scope") or {}).get("asset_identifier") or "N/A"
        asset_type = (bug.get("structured_scope") or {}).get("asset_type") or "N/A"

        for activity in bug["activities"]:
            if activity["type"] == "Activities::BountyAwarded":
                if activity.get("collaborator", {}).get("username") == USERNAME:
                    # Record the bounty date as the date of the first awarded bounty to the user
                    if bounty_date is None:
                        bounty_date = activity["created_at"].replace("T", " ").split(".")[0]
                    bounty += float(activity["bounty_amount"])
                    bonus += float(activity["bonus_amount"])
                else:
                    colaboration = True

            elif activity["type"] == "Activities::BugResolved":
                fixed_date = activity["created_at"].replace("T", " ").split(".")[0]

            elif activity["type"] == "Activities::BugTriaged":
                triage_date = activity["created_at"].replace("T", " ").split(".")[0]
                if activity["actor"].get("hackerone_triager") or activity["actor"].get("hackerone_employee"):
                    h1_triage = True
    except Exception as e:
        print(bug)
        raise e

    # Only list reports which the user reported or was awarded a bounty or a bonus as a collaborator
    if report_type == "Reporter" or (bounty + bonus) > 0.0:
        cols = [platform, program, program_type, report, report_type, colaboration, h1_triage, disclosed, submitted_date, triage_date, bounty_date, fixed_date, bounty, bonus, duplicate, valid, severity, weakness, asset, asset_type]
        print(", ".join({int: str, float: str, bool: str, None.__class__: "".format}.get(type(x), lambda y: f"\"{y}\"")(x) for x in cols))
	import re
	import requests
	import sys

	TOKEN="x-csrf-token Header"
	COOKIE="__Host-session Cookie"
	USERNAME="HackerOne Username"

	bugs = []
	pages = 1
	page = 1
	while page <= pages:
	sys.stderr.write(f"Fetching bugs page {page}...\n")
	r = requests.post("https://hackerone.com/bugs.json",
	params={
	"subject": "user",
	"start_date": "2011-01-01",
	"end_date": "2021-12-31",
	"page": page
	},
	headers={
	"x-csrf-token": TOKEN
	},
	cookies={
	"__Host-session": COOKIE
	}
	)

	try:
	if "pages" in r.json():
	pages = r.json()["pages"]
	except Exception as e:
	sys.stderr.write(f"{r.status_code} - {r.body[:100]}\n")


	for bug in r.json().get("bugs", []):
	bugs.append(bug["id"])
	page += 1

	sys.stderr.write(f"Found {len(bugs)} reports. Processing...\n")
	for i, bug in enumerate(bugs):
	sys.stderr.write(f"Fetching bug {i + 1}/{len(bugs)} - {bug}...\n")
	r = requests.get(f"https://hackerone.com/reports/{bug}.json",
	headers={
	"x-csrf-token": TOKEN
	},
	cookies={
	"__Host-session": COOKIE
	}
	)
	bug = r.json()

	try:
	platform = "HackerOne"
	program = bug["team"]["profile"]["name"]
	program_type = "Public" if bug["team"].get("state") == "public_mode" else ("LHE" if re.search(r'[Hh]1-[0-9]+', bug["team"]["handle"] + bug["team"]["profile"]["name"]) else "Private")
	report = str(bug["id"])
	report_type = "Reporter" if bug.get("reporter", {}).get("username") == USERNAME else "Collaborator"
	colaboration = bug.get("reporter", {}).get("username") != USERNAME
	disclosed = bug["disclosed_at"] != None
	submitted_date = bug["created_at"].replace("T", " ").split(".")[0]
	triage_date = None
	h1_triage = False
	bounty_date = None
	fixed_date = None
	bounty = 0.0
	bonus = 0.0
	duplicate = bug["substate"] == "duplicate"
	valid = bug["substate"] not in ["informative", "not-applicable", "spam"]
	severity = bug.get("severity", {}).get("score") or {"none": 0.0, "low": 0.1, "medium": 4.0, "high": 7.0, "critical": 9.0}[bug.get("severity", {"rating" : "none"})["rating"]]
	weakness = bug.get("weakness", {}).get("name") or "N/A"
	asset = (bug.get("structured_scope") or {}).get("asset_identifier") or "N/A"
	asset_type = (bug.get("structured_scope") or {}).get("asset_type") or "N/A"

	for activity in bug["activities"]:
	if activity["type"] == "Activities::BountyAwarded":
	if activity.get("collaborator", {}).get("username") == USERNAME:
	# Record the bounty date as the date of the first awarded bounty to the user
	if bounty_date is None:
	bounty_date = activity["created_at"].replace("T", " ").split(".")[0]
	bounty += float(activity["bounty_amount"])
	bonus += float(activity["bonus_amount"])
	else:
	colaboration = True

	elif activity["type"] == "Activities::BugResolved":
	fixed_date = activity["created_at"].replace("T", " ").split(".")[0]

	elif activity["type"] == "Activities::BugTriaged":
	triage_date = activity["created_at"].replace("T", " ").split(".")[0]
	if activity["actor"].get("hackerone_triager") or activity["actor"].get("hackerone_employee"):
	h1_triage = True
	except Exception as e:
	print(bug)
	raise e

	# Only list reports which the user reported or was awarded a bounty or a bonus as a collaborator
	if report_type == "Reporter" or (bounty + bonus) > 0.0:
	cols = [platform, program, program_type, report, report_type, colaboration, h1_triage, disclosed, submitted_date, triage_date, bounty_date, fixed_date, bounty, bonus, duplicate, valid, severity, weakness, asset, asset_type]
	print(", ".join({int: str, float: str, bool: str, None.__class__: "".format}.get(type(x), lambda y: f"\"{y}\"")(x) for x in cols))