Browse Source

New version

new-scoring
aeris 1 year ago
parent
commit
5955667df0

+ 1
- 0
.ruby-version View File

@@ -0,0 +1 @@
1
+2.3.3-cryptcheck

+ 6
- 1
Guardfile View File

@@ -1,4 +1,4 @@
1
-guard 'livereload' do
1
+guard :livereload do
2 2
 	watch(%r{app/views/.+\.(erb|haml|slim)$})
3 3
 	watch(%r{app/helpers/.+\.rb})
4 4
 	watch(%r{public/.+\.(css|js|html)})
@@ -6,3 +6,8 @@ guard 'livereload' do
6 6
 	# Rails Assets Pipeline
7 7
 	watch(%r{(app|vendor)(/assets/\w+/(.+\.(css|js|html|png|jpg|coffee|scss))).*}) { |m| "/assets/#{m[3]}" }
8 8
 end
9
+
10
+#guard :rails do
11
+#	watch('Gemfile.lock')
12
+#	watch(%r{^(config|lib)/.*})
13
+#end

+ 38
- 21
app/assets/stylesheets/application.scss View File

@@ -1,6 +1,5 @@
1 1
 //= require_tree .
2 2
 //= require_self
3
-
4 3
 @import 'bootstrap-sprockets';
5 4
 @import 'bootstrap';
6 5
 @import 'bootstrap/variables';
@@ -21,7 +20,6 @@
21 20
 @import 'bootstrap/alerts';
22 21
 @import 'bootstrap/utilities';
23 22
 @import 'bootstrap/responsive-utilities';
24
-
25 23
 @import 'font-awesome-sprockets';
26 24
 @import 'font-awesome';
27 25
 
@@ -67,36 +65,55 @@ td.primary {
67 65
 	margin-top: 100px;
68 66
 }
69 67
 
68
+$color-critical: #d9534f;
69
+$color-error: #e4804e;
70
+$color-warning: #f0ad4e;
71
+$color-good: #beb052;
72
+$color-best: #8db457;
73
+$color-great: #5cb85c;
74
+
70 75
 .label-state-critical {
71
-  //background-color: #800000;
72
-  background-color: #ff0000;
76
+	background-color: $color-critical;
73 77
 }
74
-
75 78
 .label-state-error {
76
-  //background-color: #803300;
77
-  background-color: #ff6600;
79
+	background-color: $color-error;
78 80
 }
79
-
80 81
 .label-state-warning {
81
-  //background-color: #806600;
82
-  background-color: #ffcc00;
83
-  color: $text-color;
82
+	background-color: $color-warning;
83
+	color: $text-color;
84 84
 }
85
-
86 85
 .label-state-good {
87
-  //background-color: #668000;
88
-  background-color: #cbff00;
89
-  color: $text-color;
86
+	background-color: $color-good;
87
+	color: $text-color;
88
+}
89
+.label-state-best {
90
+	background-color: $color-best;
90 91
 }
91
-
92 92
 .label-state-great {
93
-  //background-color: #338000;
94
-  background-color: #65ff00;
93
+	background-color: $color-great;
95 94
 }
96 95
 
97
-.label-state-best {
98
-  //background-color: #008000;
99
-  background-color: #00ff00;
96
+.label-state-default {
97
+	//background-color: #008000;
98
+	background-color: $label-default-bg;
99
+}
100
+.label-state-success {
101
+	background-color: $label-success-bg;
100 102
 }
101 103
 
104
+.alert-critical, .alert-error {
105
+	background-color: $alert-danger-bg;
106
+	color: $alert-danger-text;
107
+	border-color: $alert-danger-border
108
+}
109
+.alert-warning {
110
+	background-color: $alert-warning-bg;
111
+	color: $alert-warning-text;
112
+	border-color: $alert-warning-border
113
+}
114
+.alert-good, .alert-great, .alert-best {
115
+	background-color: $alert-success-bg;
116
+	color: $alert-success-text;
117
+	border-color: $alert-success-border
118
+}
102 119
 

+ 7
- 3
app/controllers/check_controller.rb View File

@@ -41,18 +41,22 @@ class CheckController < ApplicationController
41 41
 		@id = params[:id]
42 42
 
43 43
 		if @id.end_with? '.json'
44
-			@id = @id.sub /\.json$/, ''
44
+			@id            = @id.sub /\.json$/, ''
45 45
 			request.format = :json
46 46
 		end
47 47
 
48 48
 		@host, @port = @id.split ':'
49
-		@host = SimpleIDN.to_ascii @host.downcase
49
+		@host        = SimpleIDN.to_ascii @host.downcase
50 50
 		if /[^a-zA-Z0-9.-]/ =~ @host
51 51
 			flash[:danger] = "Hôte #{@host} invalide"
52 52
 			redirect_to action: :index
53 53
 			return false
54 54
 		end
55
-		@port = @port.to_i if @port
55
+		if @port
56
+			@port = @port.to_i
57
+		else
58
+			@port = self.default_port
59
+		end
56 60
 
57 61
 		@result = Analysis[self.type, @host, @port]
58 62
 		# file = File.join Rails.root, 'config/host.yml'

+ 4
- 0
app/controllers/https_controller.rb View File

@@ -11,4 +11,8 @@ class HttpsController < CheckController
11 11
 	def tls_type
12 12
 		'HTTPS'
13 13
 	end
14
+
15
+	def default_port
16
+		443
17
+	end
14 18
 end

+ 4
- 0
app/controllers/smtp_controller.rb View File

@@ -11,4 +11,8 @@ class SmtpController < CheckController
11 11
 	def tls_type
12 12
 		'STARTTLS'
13 13
 	end
14
+
15
+	def default_port
16
+		25
17
+	end
14 18
 end

+ 4
- 0
app/controllers/ssh_controller.rb View File

@@ -11,4 +11,8 @@ class SshController < CheckController
11 11
 	def tls_type
12 12
 		'SSH'
13 13
 	end
14
+
15
+	def default_port
16
+		22
17
+	end
14 18
 end

+ 62
- 78
app/helpers/check_helper.rb View File

@@ -1,16 +1,19 @@
1 1
 module CheckHelper
2
-	private def __label(value, color)
3
-		"<span class=\"label label-#{color} %>\">#{value}</span>"
2
+	private def __label(value, color, state=true)
3
+		color = :default unless color
4
+		color = "state-#{color}" if state
5
+		"<span class=\"label label-#{color}\">#{value}</span>"
4 6
 	end
5
-	def label(value, color)
6
-		__label(value, color).html_safe
7
+
8
+	def label(value, color, state=true)
9
+		__label(value, color, state).html_safe
7 10
 	end
8 11
 
9
-	def cell(value, color)
10
-		"<td class=\"#{color}\">#{value}</td>".html_safe
12
+	def cell(value, color, state=true)
13
+		"<td class=\"label-state-#{color}\">#{value}</td>".html_safe
11 14
 	end
12 15
 
13
-	def labels(level, states)
16
+	def labels(level, states, state=true)
14 17
 		states.each_pair.collect do |name, value|
15 18
 			color = if value.nil?
16 19
 						:default
@@ -19,32 +22,32 @@ module CheckHelper
19 22
 					else
20 23
 						value ? :success : :danger
21 24
 					end
22
-			__label name, color
25
+			__label name, color, state
23 26
 		end.join(' ').html_safe
24 27
 	end
25 28
 
26 29
 	def states(states)
27 30
 		::CryptCheck::State.collect do |level|
28
-			states[level].each_pair.select { |_, v| v == true }.collect do |name, _|
29
-				__label name, "state-#{level}"
30
-			end
31
+			states[level].each_pair
32
+					.select { |_, v| v == true }
33
+					.collect { |name, _| __label name, level }
31 34
 		end.flatten(1).join(' ').html_safe
32 35
 	end
33 36
 
34 37
 	def rank_color(rank)
35 38
 		case rank
36
-			when 'A+' then
37
-				:primary
38
-			when 'A' then
39
-				:success
40
-			when 'B' then
41
-				:default
42
-			when 'C', 'D' then
39
+			when :'A+' then
40
+				:great
41
+			when :A then
42
+				:best
43
+			when :B then
44
+				:good
45
+			when :C, :D then
43 46
 				:warning
44
-			when 'E', 'F' then
45
-				:danger
46
-			else
47
+			when :E, :F then
47 48
 				:error
49
+			else
50
+				:critical
48 51
 		end
49 52
 	end
50 53
 
@@ -79,15 +82,7 @@ module CheckHelper
79 82
 	end
80 83
 
81 84
 	def protocol_label(protocol)
82
-		color = case protocol.to_s
83
-					when 'TLSv1_2' then
84
-						:success
85
-					when 'SSLv3', 'SSLv2' then
86
-						:error
87
-					else
88
-						:default
89
-				end
90
-		label protocol, color
85
+		label protocol.to_sym, protocol.status
91 86
 	end
92 87
 
93 88
 	def protocol_labels(protocols)
@@ -140,21 +135,9 @@ module CheckHelper
140 135
 	end
141 136
 
142 137
 	def cipher_name_label(cipher)
143
-		state = cipher[:state]
144
-		color = case
145
-					when !state[:error].empty? then
146
-						:error
147
-					when !state[:danger].empty? then
148
-						:danger
149
-					when !state[:warning].empty? then
150
-						:warning
151
-					when !state[:success].empty? then
152
-						:success
153
-					else
154
-						:default
155
-				end
156
-		color = :primary if color == :success and cipher.size >= 256
157
-		label("&nbsp;", color) + "&nbsp;#{cipher.name}".html_safe
138
+		status = cipher.status
139
+		status = :success if status == :good
140
+		label("&nbsp;", status) + "&nbsp;#{cipher.name}".html_safe
158 141
 	end
159 142
 
160 143
 	def cipher_labels(cipher)
@@ -165,13 +148,13 @@ module CheckHelper
165 148
 	def cipher_kex_type_cell(kex)
166 149
 		color = case kex
167 150
 					when :ecdh then
168
-						:primary
151
+						nil
169 152
 					when :dh then
170
-						:success
171
-					when :rsa then
172 153
 						:warning
173
-					else
154
+					when :rsa then
174 155
 						:error
156
+					else
157
+						:critical
175 158
 				end
176 159
 		kex   ||= 'None'
177 160
 		cell kex.to_s.upcase, color
@@ -184,12 +167,10 @@ module CheckHelper
184 167
 
185 168
 	def cipher_auth_type_cell(auth)
186 169
 		color = case auth
187
-					when :ecdsa then
188
-						:primary
189
-					when :rsa then
190
-						:default
170
+					when :ecdsa, :rsa then
171
+						nil
191 172
 					else
192
-						:error
173
+						:critical
193 174
 				end
194 175
 		auth  ||= 'None'
195 176
 		cell auth.to_s.upcase, color
@@ -202,52 +183,55 @@ module CheckHelper
202 183
 
203 184
 	def cipher_enc_type_cell(enc)
204 185
 		color = case enc
205
-					when :chacha20 then
206
-						:primary
207
-					when :aes then
186
+					when :chacha20
208 187
 						:success
209
-					when :camellia, :seed then
210
-						:default
211
-					else
212
-						:error
188
+					when nil, :rc4
189
+						:critical
213 190
 				end
214 191
 		enc   ||= 'NONE'
215 192
 		cell enc.to_s.upcase, color
216 193
 	end
217 194
 
218
-	def cipher_enc_key_size_cell(enc)
219
-		enc   ||= 0
220
-		color = cipher_color enc
195
+	def cipher_enc_block_size_cell(enc)
196
+		color = case
197
+					when enc.nil?
198
+						nil
199
+					when enc <= 64
200
+						:critical
201
+					when enc < 128
202
+						:error
203
+				end
221 204
 		cell enc, color
222 205
 	end
223 206
 
224
-	def cipher_enc_block_size_cell(enc)
225
-		return cell '', :default unless enc
226
-		color = cipher_color enc
207
+	def cipher_enc_key_size_cell(enc)
208
+		color = case
209
+					when enc.nil?
210
+						nil
211
+					when enc < 128
212
+						:critical
213
+				end
227 214
 		cell enc, color
228 215
 	end
229 216
 
230 217
 	def cipher_enc_mode_cell(enc)
231 218
 		color = case enc
232
-					when :gcm, :ccm then
233
-						:primary
234
-					when :cbc then
235
-						:danger
219
+					when :gcm, :ccm, :aead
220
+						:success
236 221
 				end
237
-		enc   ||= ''
238 222
 		cell enc.to_s.upcase, color
239 223
 	end
240 224
 
241 225
 	def cipher_mac_type_cell(mac)
242 226
 		color = case mac
243 227
 					when :poly1305 then
244
-						:primary
245
-					when :sha384, :sha256 then
246 228
 						:success
229
+					when :sha384, :sha256 then
230
+						nil
247 231
 					when :sha1 then
248 232
 						:warning
249
-					when :md5 then
250
-						:error
233
+					else
234
+						:critical
251 235
 				end
252 236
 		cell mac.to_s.upcase, color
253 237
 	end
@@ -257,7 +241,7 @@ module CheckHelper
257 241
 	end
258 242
 
259 243
 	def cipher_pfs_cell(pfs)
260
-		return cell 'PFS', :success if pfs
261
-		cell 'No PFS', :warning
244
+		return cell 'PFS', nil if pfs
245
+		cell 'No PFS', :error
262 246
 	end
263 247
 end

+ 118
- 37
app/views/check/show.html.erb View File

@@ -12,77 +12,158 @@
12 12
 		<% end %>
13 13
 	</div>
14 14
 
15
-	<% @result.hosts.each do |host| %>
15
+	<% @result.result.each do |host| %>
16 16
 		<div class="row">
17 17
 			<div class="col-sm-12">
18 18
 				<h2>
19
-					<%= rank_label host.grade %>
20
-					<%= host.ip %> : <%= host.port %>
21
-					<span class="small">(<%= host.hostname %>)</span></h2>
19
+					<%= rank_label host[:grade] %>
20
+					<%= host[:ip] %> : <%= host[:port] %>
21
+					<span class="small">(<%= host[:hostname] %>)</span></h2>
22 22
 			</div>
23 23
 		</div>
24 24
 
25 25
 		<div class="row">
26 26
 			<div class="col-sm-12">
27
+				<% ::CryptCheck::State.each do |level|
28
+					host[:states][level].each do |state, value|
29
+						next unless value
30
+				%>
31
+					<div class="alert alert-<%= level %>"><%= t "alert.#{level}.#{state}" %></div>
32
+				<% end
33
+				end %>
34
+				<!--
27 35
 				<h3><%= t 'Checks' %></h3>
28 36
 				<table class="table table-bordered table-condensed table-striped">
29 37
 					<thead>
30 38
 					<th><%= t 'Severity' %></th>
31
-					<td></td>
39
+					<td>
40
+						<%= t 'Checks' %>
41
+						(
42
+						<%= label 'OK', :success, false %>
43
+						<%= label 'KO', :danger, false %>
44
+						<%= label 'N/A', :default, false %>
45
+						)
46
+					</td>
32 47
 					</thead>
33 48
 					<tbody>
34 49
 					<% ::CryptCheck::State.each do |level| %>
35 50
 						<tr>
36
-							<th><%= label level, "state-#{level}" %></th>
37
-							<td><%= labels level, host.states[level] %></td>
51
+							<th><%= label level, "state-#{level}", false %></th>
52
+							<td><%= labels level, host[:states][level], false %></td>
38 53
 						</tr>
39 54
 					<% end %>
40 55
 					</tbody>
41 56
 				</table>
57
+				-->
42 58
 			</div>
43 59
 		</div>
44 60
 
45
-		<div class="row">
61
+		<!--div class="row">
46 62
 			<div class="col-sm-12">
47 63
 				<h3><%= t 'Certificates' %></h3>
48 64
 				<table class="table table-bordered table-condensed table-striped">
49 65
 					<thead>
50
-						<tr>
51
-							<th>
52
-								<%= t 'Subject' %>
53
-								<span class="small">[<%= t 'Serial' %>]</span>
54
-								<div class="small"><%= t 'Fingerprint' %></div>
55
-							</th>
56
-							<td><%= t 'Issuer' %></td>
57
-							<td><%= t 'Not before' %></td>
58
-							<td><%= t 'Not after' %></td>
59
-							<th></th>
60
-						</tr>
66
+					<tr>
67
+						<th>
68
+							<%= t 'Subject' %>
69
+							<span class="small">[<%= t 'Serial' %>]</span>
70
+							<div class="small"><%= t 'Fingerprint' %></div>
71
+						</th>
72
+						<td><%= t 'Issuer' %></td>
73
+						<td><%= t 'Not before' %></td>
74
+						<td><%= t 'Not after' %></td>
75
+						<th></th>
76
+					</tr>
61 77
 					</thead>
62 78
 					<tbody>
63
-						<% host.handshakes.certs.each do |cert| %>
79
+					<% host[:handshakes][:certs].each do |cert| %>
64 80
 						<tr>
65 81
 							<th>
66
-								<%= cert.subject %> [<%= cert.serial %>]
67
-								<div class="small"><%= cert.fingerprint %></div>
82
+								<%= cert[:subject] %> [<%= cert[:serial] %>]
83
+								<div class="small"><%= cert[:fingerprint] %></div>
68 84
 							</th>
69
-							<td><%= cert.issuer %></td>
70
-							<td><%= l cert.lifetime.not_before %></td>
71
-							<td><%= l cert.lifetime.not_after %></td>
72
-							<td><%= states cert.states %></td>
85
+							<td><%= cert[:issuer] %></td>
86
+							<td><%= l cert[:lifetime][:not_before] %></td>
87
+							<td><%= l cert[:lifetime][:not_after] %></td>
88
+							<td><%= states cert[:states] %></td>
73 89
 						</tr>
74
-							<% cert.chain.each do |cert| %>
75
-						<tr>
76
-							<th>
77
-								<%= cert.subject %> [<%= cert.serial %>]
78
-								<div class="small"><%= cert.fingerprint %></div>
79
-							</th>
80
-							<td><%= cert.issuer %></td>
81
-							<td><%= l cert.lifetime.not_before %></td>
82
-							<td><%= l cert.lifetime.not_after %></td>
83
-						</tr>
84
-							<% end %>
90
+						<% cert[:chain].each do |cert| %>
91
+							<tr>
92
+								<th>
93
+									<%= cert[:subject] %> [<%= cert[:serial] %>]
94
+									<div class="small"><%= cert[:fingerprint] %></div>
95
+								</th>
96
+								<td><%= cert[:issuer] %></td>
97
+								<td><%= l cert[:lifetime][:not_before] %></td>
98
+								<td><%= l cert[:lifetime][:not_after] %></td>
99
+							</tr>
85 100
 						<% end %>
101
+					<% end %>
102
+					</tbody>
103
+				</table>
104
+			</div>
105
+		</div-->
106
+
107
+		<div class="row">
108
+			<div class="col-sm-12">
109
+				<table class="table table-bordered table-condensed table-striped center">
110
+					<thead>
111
+					<tr>
112
+						<th rowspan="2"><%= t 'Name' %></th>
113
+						<th colspan="2"><%= t 'Key exchange' %></th>
114
+						<th colspan="2"><%= t 'Authentication' %></th>
115
+						<th colspan="4"><%= t 'Encryption' %></th>
116
+						<th colspan="2"><%= t 'MAC' %></th>
117
+						<th rowspan="2"><%= t 'PFS' %></th>
118
+					</tr>
119
+					<tr>
120
+						<th><%= t 'Type' %></th>
121
+						<th><%= t 'Key size' %></th>
122
+						<th><%= t 'Type' %></th>
123
+						<th><%= t 'Key size' %></th>
124
+						<th><%= t 'Type' %></th>
125
+						<th><%= t 'Key size' %></th>
126
+						<th><%= t 'Block size' %></th>
127
+						<th><%= t 'Mode' %></th>
128
+						<th><%= t 'Type' %></th>
129
+						<th><%= t 'Size' %></th>
130
+					</tr>
131
+					</thead>
132
+					<tbody>
133
+					<%
134
+						handshakes = host[:handshakes]
135
+						all_ciphers = handshakes[:ciphers].group_by { |c| c[:protocol] }
136
+						CryptCheck::Tls::Method.each do |protocol|
137
+							ciphers = all_ciphers.fetch(protocol, [])
138
+									.collect { |c| CryptCheck::Tls::Cipher.new protocol, c[:name] }.sort
139
+							unless ciphers.empty? %>
140
+							<tr>
141
+								<th colspan="12"><%= protocol_label protocol %></th>
142
+							</tr>
143
+							<% ciphers.each do |cipher|
144
+								kex    = cipher.kex
145
+								auth   = cipher.auth
146
+								enc    = cipher.encryption
147
+								mac    = cipher.hmac
148
+								pfs    = cipher.pfs?
149
+							%>
150
+								<tr>
151
+									<th><%= cipher_name_label cipher %></th>
152
+									<%= cipher_kex_type_cell kex %>
153
+									<th/>
154
+									<%#= cipher_kex_size_cell kex&.last %>
155
+									<%= cipher_auth_type_cell auth %>
156
+									<th/>
157
+									<%#= cipher_auth_size_cell auth&.last %>
158
+									<%= cipher_enc_type_cell enc[0] %>
159
+									<%= cipher_enc_key_size_cell enc[1] %>
160
+									<%= cipher_enc_block_size_cell enc[2] %>
161
+									<%= cipher_enc_mode_cell enc[3] %>
162
+									<%= cipher_mac_type_cell mac[0] %>
163
+									<%= cipher_mac_size_cell mac[1] %>
164
+									<%= cipher_pfs_cell pfs %>
165
+								</tr>
166
+							<% end end end %>
86 167
 					</tbody>
87 168
 				</table>
88 169
 			</div>

+ 156
- 0
app/views/check/show.html.erb.bak View File

@@ -0,0 +1,156 @@
1
+<div class="container">
2
+	<div class="row">
3
+		<div class="col-sm-11">
4
+			<h1>
5
+				[<%= self.type.to_s.upcase %>] <%= @host %> <span class="small">(<%= l @result.date %>)</span>
6
+			</h1>
7
+		</div>
8
+		<% if Time.now - @result.date >= Rails.configuration.refresh_delay %>
9
+		<div class="col-sm-1">
10
+			<%= link_to t('Refresh'), {action: :refresh}, class: %i(btn btn-default) %>
11
+		</div>
12
+		<% end %>
13
+	</div>
14
+	<%
15
+		@result.hosts.each do |host|
16
+			if host.error
17
+				error, host = host.error, host.host
18
+	%>
19
+	<div class="row">
20
+		<div class="col-sm-12">
21
+			<h2><%= host.name %> - <%= host.ip %> : <%= host.port %></h2>
22
+			<%= t 'Error during analysis:' %>
23
+			<span class="label label-error"><%= error %></span>
24
+		</div>
25
+	</div>
26
+	<%
27
+			else
28
+				host, grade, handshake = host.host, host.grade, host.handshake
29
+	%>
30
+	<div class="row">
31
+		<div class="col-sm-12">
32
+			<h2><%= host.name %> - <%= host.ip %> : <%= host.port %></h2>
33
+		</div>
34
+	</div>
35
+	<div class="row">
36
+		<div class="col-sm-6">
37
+			<table class="table table-bordered table-condensed table-striped">
38
+				<thead>
39
+					<tr>
40
+						<th colspan="2">
41
+							Scores
42
+							<%= rank_label grade.rank %>
43
+						</th>
44
+					</tr>
45
+				</thead>
46
+				<tbody>
47
+					<%
48
+					   { 'Protocol' => 'protocol',
49
+						 'Key exchange' => 'key_exchange',
50
+						 'Cipher' => 'cipher_strengths',
51
+						 'Overall' => 'score'}.each do |name, v| %>
52
+					<tr>
53
+						<th class="col-sm-4"><%= t name %></th>
54
+						<td class="col-sm-8"><%= score_progress grade.details[v] %></td>
55
+					</tr>
56
+					<% end %>
57
+				</tbody>
58
+			</table>
59
+		</div>
60
+		<div class="col-sm-6">
61
+			<table class="table table-bordered table-condensed table-striped">
62
+				<tbody>
63
+					<tr>
64
+						<th class="col-sm-4"><%= t 'Protocols' %></th>
65
+						<td class="col-sm-8"><%= protocol_labels handshake.protocols %></td>
66
+					</tr>
67
+					<tr>
68
+						<th><%= t 'Keys' %></th>
69
+						<td>
70
+							<p><%= t 'Certificates:' %> <%= key_label handshake[:key] %></p>
71
+							<p>Diffie Hellman : <%= key_labels handshake.dh %></p>
72
+						</td>
73
+					</tr>
74
+					<% { 'Good practices' => :success,
75
+					 'Warning' => :warning,
76
+					 'Critical' => :danger,
77
+					 'Fatal' => :error }.each do |name, color|
78
+						names = grade[color]
79
+						next if names.nil? or names.empty?
80
+					%>
81
+					<tr>
82
+						<th><%= t name %></th>
83
+						<td>
84
+							<% names.each do |name| %>
85
+							<span class="label label-<%= color %>"><%= name.upcase %></span>
86
+							<% end %>
87
+						</td>
88
+					</tr>
89
+				<% end %>
90
+				</tbody>
91
+			</table>
92
+		</div>
93
+	</div>
94
+	<div class="row">
95
+		<div class="col-sm-12">
96
+			<table class="table table-bordered table-condensed table-striped center">
97
+				<thead>
98
+					<tr>
99
+						<th rowspan="2"><%= t 'Name' %></th>
100
+						<th colspan="2"><%= t 'Key exchange' %></th>
101
+						<th colspan="2"><%= t 'Authentication' %></th>
102
+						<th colspan="4"><%= t 'Encryption' %></th>
103
+						<th colspan="2"><%= t 'MAC' %></th>
104
+						<th rowspan="2"><%= t 'PFS' %></th>
105
+					</tr>
106
+					<tr>
107
+						<th><%= t 'Type' %></th>
108
+						<th><%= t 'Key size' %></th>
109
+						<th><%= t 'Type' %></th>
110
+						<th><%= t 'Key size' %></th>
111
+						<th><%= t 'Type' %></th>
112
+						<th><%= t 'Key size' %></th>
113
+						<th><%= t 'Block size' %></th>
114
+						<th><%= t 'Mode' %></th>
115
+						<th><%= t 'Type' %></th>
116
+						<th><%= t 'Size' %></th>
117
+					</tr>
118
+				</thead>
119
+				<tbody>
120
+					<% CryptCheck::Tls::Server::EXISTING_METHODS.each do |protocol|
121
+						ciphers = CryptCheck::Tls::Cipher.sort(handshake.ciphers.select { |c| c.protocol == protocol.to_s }
122
+								.collect { |c| CryptCheck::Tls::Cipher.new protocol, [c.name, nil, c[:size]], c.dh, handshake[:key] })
123
+						unless ciphers.empty? %>
124
+					<tr>
125
+						<th colspan="12"><%= protocol_label protocol %></th>
126
+					</tr>
127
+						<% ciphers.each do |cipher|
128
+							params = cipher.params
129
+							kex = params[:kex]
130
+							auth = params[:auth]
131
+							enc = params[:enc]
132
+							mac = params[:mac]
133
+							pfs = params[:pfs]
134
+						%>
135
+					<tr>
136
+						<th><%= cipher_name_label cipher %></th>
137
+						<%= cipher_kex_type_cell kex&.first %>
138
+						<%= cipher_kex_size_cell kex&.last %>
139
+						<%= cipher_auth_type_cell auth&.first %>
140
+						<%= cipher_auth_size_cell auth&.last %>
141
+						<%= cipher_enc_type_cell enc&.first %>
142
+						<%= cipher_enc_key_size_cell enc&.[] 1 %>
143
+						<%= cipher_enc_block_size_cell enc&.[] 2 %>
144
+						<%= cipher_enc_mode_cell enc&.last %>
145
+						<%= cipher_mac_type_cell mac&.first %>
146
+						<%= cipher_mac_size_cell mac&.last %>
147
+						<%= cipher_pfs_cell pfs %>
148
+					</tr>
149
+					<% 	end end end %>
150
+				</tbody>
151
+			</table>
152
+		</div>
153
+	</div>
154
+	<% end
155
+	   end %>
156
+</div>

+ 12
- 13
app/views/site/ciphers.html.erb View File

@@ -4,37 +4,36 @@
4 4
 			<thead>
5 5
 				<tr>
6 6
 					<th rowspan="2"><%= t 'Name' %></th>
7
-					<th rowspan="2"><%= t 'Key exchange' %></th>
8 7
 					<th rowspan="2"><%= t 'Authentication' %></th>
8
+					<th rowspan="2"><%= t 'Key exchange' %></th>
9 9
 					<th colspan="4"><%= t 'Encryption' %></th>
10 10
 					<th colspan="2"><%= t 'MAC' %></th>
11 11
 					<th rowspan="2"><%= t 'PFS' %></th>
12 12
 				</tr>
13 13
 				<tr>
14 14
 					<th><%= t 'Type' %></th>
15
-					<th><%= t 'Key size' %></th>
16 15
 					<th><%= t 'Block size' %></th>
16
+					<th><%= t 'Key size' %></th>
17 17
 					<th><%= t 'Mode' %></th>
18 18
 					<th><%= t 'Type' %></th>
19 19
 					<th><%= t 'Size' %></th>
20 20
 				</tr>
21 21
 			</thead>
22 22
 			<tbody>
23
-				<% CryptCheck::Tls::Cipher.list.each do |cipher|
24
-					params = cipher.params
25
-					kex = params[:kex]
26
-					auth = params[:auth]
27
-					enc = params[:enc]
28
-					mac = params[:mac]
29
-					pfs = params[:pfs]
23
+				<% CryptCheck::Tls::Cipher[:TLSv1_2].each do |cipher|
24
+					kex    = cipher.kex
25
+					auth   = cipher.auth
26
+					enc    = cipher.encryption
27
+					mac    = cipher.hmac
28
+					pfs    = cipher.pfs?
30 29
 				%>
31 30
 				<tr>
32 31
 					<th><%= cipher_name_label cipher %></th>
33
-					<%= cipher_kex_type_cell kex&.first %>
34
-					<%= cipher_auth_type_cell auth&.first %>
32
+					<%= cipher_auth_type_cell auth %>
33
+					<%= cipher_kex_type_cell kex %>
35 34
 					<%= cipher_enc_type_cell enc&.first %>
36
-					<%= cipher_enc_key_size_cell enc&.[] 1 %>
37
-					<%= cipher_enc_block_size_cell enc&.[] 2 %>
35
+					<%= cipher_enc_block_size_cell enc&.[] 1 %>
36
+					<%= cipher_enc_key_size_cell enc&.[] 2 %>
38 37
 					<%= cipher_enc_mode_cell enc&.last %>
39 38
 					<%= cipher_mac_type_cell mac&.first %>
40 39
 					<%= cipher_mac_size_cell mac&.last %>

+ 1
- 1
app/workers/https_worker.rb View File

@@ -3,7 +3,7 @@ class HTTPSWorker < CheckWorker
3 3
 
4 4
 	protected
5 5
 	def analyze(host, port=443)
6
-		CryptCheck::Tls::Https::Host.new host, port
6
+		CryptCheck::Tls::Https.analyze host, port
7 7
 	end
8 8
 
9 9
 	def type

+ 4
- 6
bin/enqueue.rb View File

@@ -11,12 +11,10 @@ if ENV['RAILS_ENV'] == 'development'
11 11
 end
12 12
 
13 13
 require 'sidekiq'
14
-options      = {
15
-		url:       ENV['REDIS_URL'],
16
-		namespace: :cryptcheck
17
-}
18
-client       = Sidekiq::Client.new Sidekiq::RedisConnection.create options
14
+redis = ENV['REDIS_URL']
15
+Sidekiq.configure_server { |c| c.redis = { url: redis } }
16
+Sidekiq.configure_client { |c| c.redis = { url: redis } }
19 17
 
20 18
 clazz, *args = ARGV
21 19
 clazz        += 'Worker'
22
-client.push({ 'class' => clazz, 'args' => args })
20
+Sidekiq::Client.push({ 'class' => clazz, 'args' => args, 'retry' => false })

+ 3
- 2
bin/runner View File

@@ -1,3 +1,4 @@
1 1
 #!/bin/bash
2
-DIR="$(readlink -m "$(dirname "$0")")"
3
-LD_LIBRARY_PATH="${DIR}/../../cryptcheck/lib" "${0}.rb" $*
2
+DIR="$(readlink -e "$(dirname "${0}")")"
3
+export LD_LIBRARY_PATH="$(readlink -e "${DIR}/../../cryptcheck/lib")"
4
+"${0}.rb" $*

+ 3
- 2
config/application.rb View File

@@ -35,8 +35,9 @@ module CryptcheckRails
35 35
 
36 36
 		# The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
37 37
 		# config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
38
-		config.i18n.default_locale = :fr
39
-		config.i18n.available_locales = %w(en fr de)
38
+		config.i18n.default_locale = :en
39
+		config.i18n.available_locales = %i[en fr de]
40
+		config.i18n.fallbacks = true
40 41
 		config.action_controller.include_all_helpers = false
41 42
 
42 43
 		config.refresh_delay = 1.hour

+ 33
- 3
config/locales/en.yml View File

@@ -4,9 +4,9 @@ en:
4 4
   Cipher suite: Cipher suite
5 5
   "Cipher suite:": "Cipher suite:"
6 6
 
7
-  Check your domain: Check your domain
8
-  Check your SSH server: Check your SSH server
9
-  Check your SMTP server: Check your SMTP server
7
+  Check This domain: Check This domain
8
+  Check This SSH server: Check This SSH server
9
+  Check This SMTP server: Check This SMTP server
10 10
   Test me!: Test me!
11 11
 
12 12
   Currently analysing %{host}: Currently analysing %{host}
@@ -43,6 +43,36 @@ en:
43 43
   Block size: Block size
44 44
   Size: Size
45 45
 
46
+  Status: Status
46 47
   Not supported: Not supported
47 48
 
48 49
   "Serial: %{serial}": "Serial: %{serial}"
50
+
51
+  alert:
52
+    critical:
53
+      sslv2: This server supports SSLv2
54
+      sslv3: This server supports SSLv3
55
+      dh: This server supports very weak DH parameters
56
+      anonymous: This server supports anonymous ciphers
57
+      "null": This server supports NULL ciphers
58
+      export: This server supports EXPORT ciphers
59
+      des: This server supports DES ciphers
60
+      md5: This server supports MD5 ciphers
61
+      rc4: This server supports RC4 ciphers
62
+      sweet32: This server is vulnerable to Sweet32 attack
63
+    error:
64
+      dh: This server supports weak DH parameters
65
+      tlsv1_0: This server supports TLSv1.0
66
+      pfs: This server supports no-PFS ciphers
67
+    warning:
68
+      tlsv1_1: This server supports TLSv1.1
69
+      dhe: This server supports DHE ciphers
70
+      hsts: This server doesn't support HSTS
71
+    good:
72
+      hsts: This server supports HSTS
73
+      fallback_scsv: This server supports SCSV fallback
74
+      aead: This server supports AEAD ciphers
75
+    best:
76
+    great:
77
+      hsts: This server supports HSTS with long duration
78
+

+ 1
- 0
config/locales/fr.yml View File

@@ -48,6 +48,7 @@ fr:
48 48
   Checks: Vérifications
49 49
   Severity: Sévèrité
50 50
 
51
+
51 52
   Certificates: Certificats
52 53
   Subject: Sujet
53 54
   Serial: Numéro de série

Loading…
Cancel
Save