Browse Source

Different stats from ciphers & protocols

stats
aeris 3 months ago
parent
commit
3316d1f98a
  1. 3
      .rspec
  2. 5
      Gemfile
  3. 6
      app/lib/matomo.rb
  4. 54
      app/models/analysis.rb
  5. 8
      app/models/stat.rb
  6. 29
      bin/rspec
  7. 118
      bin/stats
  8. 4
      db/migrate/20220326181216_create_stats.rb
  9. 5
      db/schema.rb
  10. 65
      spec/models/stat_spec.rb
  11. 64
      spec/rails_helper.rb
  12. 94
      spec/spec_helper.rb
  13. 0
      test/controllers/.keep
  14. 4
      test/controllers/check_controller_test.rb
  15. 4
      test/controllers/https_controller_test.rb
  16. 4
      test/controllers/site_controller_test.rb
  17. 4
      test/controllers/smtp_controller_test.rb
  18. 4
      test/controllers/ssh_controller_test.rb
  19. 7
      test/controllers/statistics_controller_test.rb
  20. 19
      test/controllers/tls_controller_test.rb
  21. 4
      test/controllers/xmpp_controller_test.rb
  22. 0
      test/fixtures/.keep
  23. 0
      test/helpers/.keep
  24. 0
      test/integration/.keep
  25. 0
      test/mailers/.keep
  26. 0
      test/models/.keep
  27. 3
      test/test_helper.rb

3
.rspec

@ -0,0 +1,3 @@
--require spec_helper
--format progress
--format html --out tmp/rspec.html

5
Gemfile

@ -42,3 +42,8 @@ group :development do
gem 'guard-livereload', require: false
gem 'rack-livereload'
end
group :development, :test do
gem 'rspec-rails'
gem 'pry-byebug'
end

6
app/lib/matomo.rb

@ -10,13 +10,13 @@ class Matomo
cattr_reader :url, :path, :site
def self.load
@@url = ENV.fetch 'MATOMO_URL'
@@site = ENV.fetch 'MATOMO_SITE'
@@url = ENV['MATOMO_URL']
@@site = ENV['MATOMO_SITE']
@@disabled = ENV['MATOMO_DISABLED']
end
def self.enabled?
self.url && self.site && @@disabled.nil?
@@disabled.nil? && self.url && self.site
end
ActionView::Base.include Helpers

54
app/models/analysis.rb

@ -1,36 +1,36 @@
class Analysis < ApplicationRecord
enum service: %i[https smtp xmpp tls ssh].collect { |e| [e, e.to_s] }.to_h
validates :service, presence: true
validates :host, presence: true
enum service: %i[https smtp xmpp tls ssh].collect { |e| [e, e.to_s] }.to_h
validates :service, presence: true
validates :host, presence: true
def self.[](service, host, args)
key = self.key service, host, args
self.find_by key
end
def self.[](service, host, args)
key = self.key service, host, args
self.find_by key
end
def self.pending!(service, host, args)
key = self.key service, host, args
analysis = self.find_or_create_by! key
analysis.pending!
end
def self.pending!(service, host, args)
key = self.key service, host, args
analysis = self.find_or_create_by! key
analysis.pending!
end
def pending!
self.update! pending: true
self
end
def pending!
self.update! pending: true
self
end
def self.post!(service, host, args, result)
analysis = self[service, host, args]
analysis.post! result
end
def self.post!(service, host, args, result)
analysis = self[service, host, args]
analysis.post! result
end
def post!(result)
self.update! pending: false, result: result
end
def post!(result)
self.update! pending: false, result: result
end
private
private
def self.key(service, host, args)
{ service: service, host: host, args: args }
end
def self.key(service, host, args)
{ service: service, host: host, args: args }
end
end

8
app/models/stat.rb

@ -1,2 +1,10 @@
class Stat < ApplicationRecord
def self.create!(name, data, date = Date.today)
self.delete_by name: name, date: date
super name: name, date: date, data: data
end
def self.[](name)
self.where(name: name).order(date: :desc).limit(1).first
end
end

29
bin/rspec

@ -0,0 +1,29 @@
#!/usr/bin/env ruby
# frozen_string_literal: true
#
# This file was generated by Bundler.
#
# The application 'rspec' is installed as part of a gem, and
# this file is here to facilitate running it.
#
require "pathname"
ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
Pathname.new(__FILE__).realpath)
bundle_binstub = File.expand_path("../bundle", __FILE__)
if File.file?(bundle_binstub)
if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
load(bundle_binstub)
else
abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
end
end
require "rubygems"
require "bundler/setup"
load Gem.bin_path("rspec-core", "rspec")

118
bin/stats

@ -1,37 +1,97 @@
#!./bin/rails runner
TODAY = Date.today
# general stat
stat_name = "request_per_service"
services = Analysis.group(:service).order(service: :asc).count
json = {
labels: services.keys,
dataset: services.values
}
Stat.delete_by name: stat_name, date: TODAY
Stat.create!(
name: stat_name,
date: TODAY,
dataset: json
)
# Profit from open class to add stats methods only on this script
class Analysis
def grade
return if self.pending
grades = self.result.collect { _1['grade'] }.compact
CryptCheck::Grade.worst grades
end
def tls
return if self.pending
return unless (result = self.result)
protocols = result.collect { |r| r.dig('handshakes', 'protocols')
&.collect { |p| p['protocol'].to_sym } }
.compact.flatten.uniq
return :ssl if %i[SSLv2 SSLv3].any? { protocols.include? _1 }
return :tls unless protocols.include? :TLSv1_2
return :tls1_2 unless protocols == %i[TLSv1_2]
return :tls1_2_only
end
def ciphers
return if self.pending
return unless (result = self.result)
status = result.collect do |r|
r.dig('handshakes', 'ciphers')&.collect do |c|
s = CryptCheck::Tls::Cipher
.new(nil, c.fetch('name')).status
CryptCheck::State.good_or_bad s
end
end.compact.flatten.uniq
return :bad unless status.include? :bad
:good
end
def pfs
return if self.pending
return unless (result = self.result)
ciphers = result.collect do |r|
r.dig('handshakes', 'ciphers')&.collect do |c|
CryptCheck::Tls::Cipher
.new(nil, c.fetch('name'))
.pfs?
end
end.compact.flatten.uniq
return :no_pfs unless ciphers.include? true
return :pfs unless ciphers == [true]
return :pfs_only
end
end
services = Analysis.group(:service).count
Stat.create! :request_per_service, services
# grade per service for https, smtp, tls and xmpp
%i[https smtp tls xmpp].each do |service_name|
stat_name = "grades_for_" + service_name.to_s
services = Analysis.where(service: service_name, pending: false)
%i[https smtp tls xmpp].each do |service|
services = Analysis.where service: service, pending: false
grades = Hash.new 0
tls = %i[tls1_2_only tls1_2 tls ssl].to_h { [_1, 0] }
ciphers = %i[good bad].to_h { [_1, 0] }
pfs = %i[pfs_only pfs no_pfs].to_h { [_1, 0] }
grades = %w[A+ A B+ B C+ C D E F G].collect { |g| [g, 0] }.to_h
services.each do |service|
next unless (result = service.result)
result.each do |r|
next unless (grade = r['grade'])
grades[grade] += 1 if grades.has_key?(grade)
if (g = service.grade)
grades[g] += 1
end
if (t = service.tls)
tls[t] += 1
end
if (c = service.ciphers)
ciphers[c] += 1
end
if (p = service.pfs)
pfs[p] += 1
end
end
Stat.delete_by name: stat_name, date: TODAY
Stat.create!(
name: stat_name,
date: TODAY,
dataset: grades
)
end
ap "grades_for_#{service}" => grades
Stat.create! "grades_for_#{service}", grades
ap "tls_for_#{service}" => tls
Stat.create! "tls_for_#{service}", tls
ap "ciphers_for_#{service}" => ciphers
Stat.create! "ciphers_for_#{service}", ciphers
ap "pfs_for_#{service}" => pfs
Stat.create! "pfs_for_#{service}", pfs
end

4
db/migrate/20220326181216_create_stats.rb

@ -3,7 +3,9 @@ class CreateStats < ActiveRecord::Migration[7.0]
create_table :stats, id: :uuid do |t|
t.string :name
t.date :date
t.jsonb :dataset
t.jsonb :data
end
add_index :stats, %i[name]
end
end

5
db/schema.rb

@ -15,7 +15,7 @@ ActiveRecord::Schema[7.0].define(version: 2022_03_26_181216) do
enable_extension "pgcrypto"
enable_extension "plpgsql"
create_table "analyses", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
create_table "analyses", id: :uuid, default: -> { "public.gen_random_uuid()" }, force: :cascade do |t|
t.string "service", null: false
t.string "host", null: false
t.boolean "pending", default: true, null: false
@ -29,7 +29,8 @@ ActiveRecord::Schema[7.0].define(version: 2022_03_26_181216) do
create_table "stats", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
t.string "name"
t.date "date"
t.jsonb "dataset"
t.jsonb "data"
t.index ["name", "date"], name: "index_stats_on_name_and_date", unique: true
end
end

65
spec/models/stat_spec.rb

@ -0,0 +1,65 @@
require 'rails_helper'
describe Stat do
before do
Stat.delete_all
end
describe '#create!' do
it 'must create stats if not existing' do
name = 'foo'
today = Date.today
data = { 'bar' => 'baz' }
expect { Stat.create! name, data }
.to change { Stat.count }.from(0).to(1)
stat = Stat.first
expect(stat.name).to eq name
expect(stat.date).to eq today
expect(stat.data).to eq data
end
it 'must delete existing date if exist' do
name = 'foo'
today = Date.today
data = { 'bar' => 'baz' }
expect { Stat.create! name, data }
.to change { Stat.count }.from(0).to(1)
data = { 'bar' => 'qux' }
expect { Stat.create! name, data }
.to_not change { Stat.count }
stat = Stat.first
expect(stat.name).to eq name
expect(stat.date).to eq today
expect(stat.data).to eq data
end
end
describe '#[]' do
it 'must retrieve the youngest data' do
name = 'foo'
stat = Stat[name]
expect(stat).to be_nil
data = { 'bar' => 'baz' }
date = Date.new 1970, 1, 1
Stat.create! name, data, date
stat = Stat[name]
expect(stat).to_not be_nil
expect(stat.date).to eq date
expect(stat.data).to eq data
data = { 'bar' => 'qux' }
date = Date.new 1970, 1, 2
Stat.create! name, data, date
stat = Stat[name]
expect(stat).to_not be_nil
expect(stat.date).to eq date
expect(stat.data).to eq data
end
end
end

64
spec/rails_helper.rb

@ -0,0 +1,64 @@
# This file is copied to spec/ when you run 'rails generate rspec:install'
require 'spec_helper'
ENV['RAILS_ENV'] ||= 'test'
require_relative '../config/environment'
# Prevent database truncation if the environment is production
abort("The Rails environment is running in production mode!") if Rails.env.production?
require 'rspec/rails'
# Add additional requires below this line. Rails is not loaded until this point!
# Requires supporting ruby files with custom matchers and macros, etc, in
# spec/support/ and its subdirectories. Files matching `spec/**/*_spec.rb` are
# run as spec files by default. This means that files in spec/support that end
# in _spec.rb will both be required and run as specs, causing the specs to be
# run twice. It is recommended that you do not name files matching this glob to
# end with _spec.rb. You can configure this pattern with the --pattern
# option on the command line or in ~/.rspec, .rspec or `.rspec-local`.
#
# The following line is provided for convenience purposes. It has the downside
# of increasing the boot-up time by auto-requiring all files in the support
# directory. Alternatively, in the individual `*_spec.rb` files, manually
# require only the support files necessary.
#
# Dir[Rails.root.join('spec', 'support', '**', '*.rb')].sort.each { |f| require f }
# Checks for pending migrations and applies them before tests are run.
# If you are not using ActiveRecord, you can remove these lines.
begin
ActiveRecord::Migration.maintain_test_schema!
rescue ActiveRecord::PendingMigrationError => e
puts e.to_s.strip
exit 1
end
RSpec.configure do |config|
# Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
config.fixture_path = "#{::Rails.root}/spec/fixtures"
# If you're not using ActiveRecord, or you'd prefer not to run each of your
# examples within a transaction, remove the following line or assign false
# instead of true.
config.use_transactional_fixtures = true
# You can uncomment this line to turn off ActiveRecord support entirely.
# config.use_active_record = false
# RSpec Rails can automatically mix in different behaviours to your tests
# based on their file location, for example enabling you to call `get` and
# `post` in specs under `spec/controllers`.
#
# You can disable this behaviour by removing the line below, and instead
# explicitly tag your specs with their type, e.g.:
#
# RSpec.describe UsersController, type: :controller do
# # ...
# end
#
# The different available types are documented in the features, such as in
# https://relishapp.com/rspec/rspec-rails/docs
config.infer_spec_type_from_file_location!
# Filter lines from Rails gems in backtraces.
config.filter_rails_from_backtrace!
# arbitrary gems may also be filtered via:
# config.filter_gems_from_backtrace("gem name")
end

94
spec/spec_helper.rb

@ -0,0 +1,94 @@
# This file was generated by the `rails generate rspec:install` command. Conventionally, all
# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
# The generated `.rspec` file contains `--require spec_helper` which will cause
# this file to always be loaded, without a need to explicitly require it in any
# files.
#
# Given that it is always loaded, you are encouraged to keep this file as
# light-weight as possible. Requiring heavyweight dependencies from this file
# will add to the boot time of your test suite on EVERY test run, even for an
# individual file that may not need all of that loaded. Instead, consider making
# a separate helper file that requires the additional dependencies and performs
# the additional setup, and require it from the spec files that actually need
# it.
#
# See https://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
RSpec.configure do |config|
# rspec-expectations config goes here. You can use an alternate
# assertion/expectation library such as wrong or the stdlib/minitest
# assertions if you prefer.
config.expect_with :rspec do |expectations|
# This option will default to `true` in RSpec 4. It makes the `description`
# and `failure_message` of custom matchers include text for helper methods
# defined using `chain`, e.g.:
# be_bigger_than(2).and_smaller_than(4).description
# # => "be bigger than 2 and smaller than 4"
# ...rather than:
# # => "be bigger than 2"
expectations.include_chain_clauses_in_custom_matcher_descriptions = true
end
# rspec-mocks config goes here. You can use an alternate test double
# library (such as bogus or mocha) by changing the `mock_with` option here.
config.mock_with :rspec do |mocks|
# Prevents you from mocking or stubbing a method that does not exist on
# a real object. This is generally recommended, and will default to
# `true` in RSpec 4.
mocks.verify_partial_doubles = true
end
# This option will default to `:apply_to_host_groups` in RSpec 4 (and will
# have no way to turn it off -- the option exists only for backwards
# compatibility in RSpec 3). It causes shared context metadata to be
# inherited by the metadata hash of host groups and examples, rather than
# triggering implicit auto-inclusion in groups with matching metadata.
config.shared_context_metadata_behavior = :apply_to_host_groups
# The settings below are suggested to provide a good initial experience
# with RSpec, but feel free to customize to your heart's content.
=begin
# This allows you to limit a spec run to individual examples or groups
# you care about by tagging them with `:focus` metadata. When nothing
# is tagged with `:focus`, all examples get run. RSpec also provides
# aliases for `it`, `describe`, and `context` that include `:focus`
# metadata: `fit`, `fdescribe` and `fcontext`, respectively.
config.filter_run_when_matching :focus
# Allows RSpec to persist some state between runs in order to support
# the `--only-failures` and `--next-failure` CLI options. We recommend
# you configure your source control system to ignore this file.
config.example_status_persistence_file_path = "spec/examples.txt"
# Limits the available syntax to the non-monkey patched syntax that is
# recommended. For more details, see:
# https://relishapp.com/rspec/rspec-core/docs/configuration/zero-monkey-patching-mode
config.disable_monkey_patching!
# Many RSpec users commonly either run the entire suite or an individual
# file, and it's useful to allow more verbose output when running an
# individual spec file.
if config.files_to_run.one?
# Use the documentation formatter for detailed output,
# unless a formatter has already been configured
# (e.g. via a command-line flag).
config.default_formatter = "doc"
end
# Print the 10 slowest examples and example groups at the
# end of the spec run, to help surface which specs are running
# particularly slow.
config.profile_examples = 10
# Run specs in random order to surface order dependencies. If you find an
# order dependency and want to debug it, you can fix the order by providing
# the seed, which is printed after each run.
# --seed 1234
config.order = :random
# Seed global randomization in this process using the `--seed` CLI option.
# Setting this allows you to use `--seed` to deterministically reproduce
# test failures related to randomization by passing the same `--seed` value
# as the one that triggered the failure.
Kernel.srand config.seed
=end
end

0
test/controllers/.keep

4
test/controllers/check_controller_test.rb

@ -1,4 +0,0 @@
require 'test_helper'
class CheckControllerTest < ActionController::TestCase
end

4
test/controllers/https_controller_test.rb

@ -1,4 +0,0 @@
require 'test_helper'
class HttpsControllerTest < ActionController::TestCase
end

4
test/controllers/site_controller_test.rb

@ -1,4 +0,0 @@
require 'test_helper'
class SiteControllerTest < ActionController::TestCase
end

4
test/controllers/smtp_controller_test.rb

@ -1,4 +0,0 @@
require 'test_helper'
class SmtpControllerTest < ActionController::TestCase
end

4
test/controllers/ssh_controller_test.rb

@ -1,4 +0,0 @@
require 'test_helper'
class SshControllerTest < ActionController::TestCase
end

7
test/controllers/statistics_controller_test.rb

@ -1,7 +0,0 @@
require "test_helper"
class StatisticsControllerTest < ActionDispatch::IntegrationTest
# test "the truth" do
# assert true
# end
end

19
test/controllers/tls_controller_test.rb

@ -1,19 +0,0 @@
require 'test_helper'
class TlsControllerTest < ActionController::TestCase
test "should get index" do
get :index
assert_response :success
end
test "should get show" do
get :show
assert_response :success
end
test "should get refresh" do
get :refresh
assert_response :success
end
end

4
test/controllers/xmpp_controller_test.rb

@ -1,4 +0,0 @@
require 'test_helper'
class XmppControllerTest < ActionController::TestCase
end

0
test/fixtures/.keep

0
test/helpers/.keep

0
test/integration/.keep

0
test/mailers/.keep

0
test/models/.keep

3
test/test_helper.rb

@ -1,3 +0,0 @@
ENV['RAILS_ENV'] ||= 'test'
require File.expand_path('../../config/environment', __FILE__)
require 'rails/test_help'
Loading…
Cancel
Save