On 19th May, A new parameter
policy_markdown_html been introduced inside the team Graphql query.
Using Graphql query, We can able to determine External program running privately on Hackerone as
policy_markdown_html parameter was able to fetch private internal policy.
[Note: Using this parameter, it was also possible to determine any left private program's policy]
GRAPHQL TEAM QUERY
team(handle:"example") //handle - Program running externally or left private program's handle
"name": "example test",
"policy_markdown_html": "No Technology is perfect and example believes that working with skilled security researchers............"
There were 3 different conditions which I explained in this report:-
Condition 1 - When an external program doesn't have any policy defined,
policy_markdown_html will be
Condition 2- When an external program has defined policy but not running a private program internally,
policy_markdown_html will fetch the same policy on the mentioned front-end page.
Condition 3- When an external program has defined policy but running privately,
policy_markdown_html will fetch internal policy and different from public policy.
On 26th June, patchwork was completed and the report was successfully resolved after doing retest.
I would like to thank Hackerone Team for resolving this issue. :)