mirror of https://github.com/nextcloud/hackerone_bot.git synced 2025-10-26 18:08:22 +01:00

No description

Find a file

Joas Schilling 4f26695da0 feat: Allow pinging the triage person Signed-off-by: Joas Schilling <coding@schilljs.com>		2025-05-21 12:50:45 +02:00
.gitignore	feat: Initial commit	2024-01-19 17:07:22 +01:00
hackerone.php	feat: Allow pinging the triage person	2025-05-21 12:50:45 +02:00
hackerone.sample.json	feat: Allow pinging the triage person	2025-05-21 12:50:45 +02:00
LICENSE	feat: Initial commit	2024-01-19 17:07:22 +01:00
README.md	feat: Initial commit	2024-01-19 17:07:22 +01:00

README.md

HackerOne Nextcloud Talk bot

A bot that posts HackerOne reports into a Nextcloud Talk chat room.

Setup

Create the conversation for your security team
Deploy hackerone.php inside the webroot on a server
Deploy hackerone.sample.json renamed to hackerone.json outside of the webroot on a server
- Use the parent directory or
- Adjust the line $configData = file_get_contents('../hackerone.json'); in hackerone.php
Populate hackerone.json:
1. Generate a 64 character long secrets and store as:nextcloud-secret
2. Generate a 64 character long different secrets and store as:hackerone-secret
3. Add your Nextcloud server URL as server
4. Add your conversation token from step 1. as conversation
Navigate to your HackerOne program webhooks: https://hackerone.com/nextcloud/webhooks
Configure a webhook:
1. Webhook name: Talk bot
2. Payload URL: Pointing to the hackerone.php from step 2.
3. Secret: hackerone-secret from step 4.2
4. Which events should trigger this webhook? - Select:
  - Report created
  - Report new

Install the bot:

occ talk:bot:install \
    --no-setup \
    --feature=response \
    'HackerOne' \
    '<nextcloud-secret from step 4.1>' \
    '<Payloard URL from step 5.2>'

Find out the bot ID:
```
occ talk:bot:list
```

Configure the bot for your conversation from step 1.:

occ talk:bot:setup \
    '<id from step 8.>' \
    '<token from step 4.4>'