aeris
/
cryptcheck-rails
1
0
Fork 1
Code Issues Pull Requests Releases Wiki Activity

Please… Help !

Browse Source
sites
aeris 6 years ago
parent 5f144af234
commit 62b9bfb07c
9 changed files with 251 additions and 196 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 38
      app/assets/stylesheets/application.scss
  2. 6
      app/controllers/check_controller.rb
  3. 170
      app/helpers/check_helper.rb
  4. 2
      app/views/check/processing.html.erb
  5. 215
      app/views/check/show.html.erb
  6. 2
      app/views/site/suite.html.erb
  7. BIN
      config/host.dump
  8. 2
      config/locales/en.yml
  9. 12
      config/locales/fr.yml

38
app/assets/stylesheets/application.scss
Unescape View File

@ -49,6 +49,10 @@ td.primary {
background-color: $state-info-bg;
}
.translation_missing {
border: 1px solid red;
}
.progress-bar-default {
background-color: $label-default-bg;
}
@ -62,3 +66,37 @@ td.primary {
#tls_check {
margin-top: 100px;
}
.label-state-critical {
//background-color: #800000;
background-color: #ff0000;
}
.label-state-error {
//background-color: #803300;
background-color: #ff6600;
}
.label-state-warning {
//background-color: #806600;
background-color: #ffcc00;
color: $text-color;
}
.label-state-good {
//background-color: #668000;
background-color: #cbff00;
color: $text-color;
}
.label-state-great {
//background-color: #338000;
background-color: #65ff00;
}
.label-state-best {
//background-color: #008000;
background-color: #00ff00;
}

6
app/controllers/check_controller.rb
Unescape View File

@ -59,6 +59,10 @@ class CheckController < ApplicationController
return false
end
@port = @port.to_i if @port
@result = Datastore.host self.type, @host, @port
# @result = Datastore.host self.type, @host, @port
file = File.join Rails.root, 'config/host.dump'
# open(file, 'wb') { |f| f.write Marshal.dump @result }
@result = Marshal.load File.read file
end
end

170
app/helpers/check_helper.rb
Unescape View File

@ -1,12 +1,36 @@
module CheckHelper
private def __label(value, color)
"<span class=\"label label-#{color} %>\">#{value}</span>"
end
def label(value, color)
"<span class=\"label label-#{color} %>\">#{value}</span>".html_safe
__label(value, color).html_safe
end
def cell(value, color)
"<td class=\"#{color}\">#{value}</td>".html_safe
end
def labels(level, states)
states.each_pair.collect do |name, value|
color = if value.nil?
:default
elsif ::CryptCheck::State.bad? level
value ? :danger : :success
else
value ? :success : :danger
end
__label name, color
end.join(' ').html_safe
end
def states(states)
::CryptCheck::State.collect do |level|
states[level].each_pair.select { |_, v| v == true }.collect do |name, _|
__label name, "state-#{level}"
end
end.flatten(1).join(' ').html_safe
end
def rank_color(rank)
case rank
when 'A+' then
@ -30,12 +54,18 @@ module CheckHelper
def progress_color(percentage)
case percentage
when 0...20 then :error
when 20...40 then :danger
when 40...60 then :warning
when 60...80 then :default
when 80...90 then :success
else :primary
when 0...20 then
:error
when 20...40 then
:danger
when 40...60 then
:warning
when 60...80 then
:default
when 80...90 then
:success
else
:primary
end
end
@ -50,9 +80,12 @@ module CheckHelper
def protocol_label(protocol)
color = case protocol.to_s
when 'TLSv1_2' then :success
when 'SSLv3', 'SSLv2' then :error
else :default
when 'TLSv1_2' then
:success
when 'SSLv3', 'SSLv2' then
:error
else
:default
end
label protocol, color
end
@ -63,12 +96,12 @@ module CheckHelper
def key_label(key)
return label('Aucune', :error) unless key
label "#{key.type.upcase} #{key[:size]} bits", key_color(key)
label "#{key[:type].upcase} #{key[:size]} bits", key_color(key)
end
def key_labels(keys)
return label('Aucune', :error) if keys.empty?
keys.sort { |a, b| -1 * (a.rsa_size <=> b.rsa_size) }.collect { |k| key_label k }.join("\n").html_safe
keys.sort { |a, b| -1 * (a[:size] <=> b[:size]) }.collect { |k| key_label k }.join("\n").html_safe
end
def cipher_size_label(cipher)
@ -77,33 +110,48 @@ module CheckHelper
end
def key_color(key)
case key&.rsa_size
when nil then :default
when 0...1024 then :error
when 1024...2048 then :danger
when 2048...4096 then :warning
else :success
case key[:size]
when nil then
:default
when 0...1024 then
:error
when 1024...2048 then
:danger
when 2048...4096 then
:warning
else
:success
end
end
def cipher_color(key)
case key
when nil then :default
when 0...112 then :error
when 112...128 then :danger
when 128...256 then :success
else :primary
when nil then
:default
when 0...128 then
:error
when 112...128 then
:danger
when 128...256 then
:success
else
:primary
end
end
def cipher_name_label(cipher)
state = cipher.state
state = cipher[:state]
color = case
when !state[:error].empty? then :error
when !state[:danger].empty? then :danger
when !state[:warning].empty? then :warning
when !state[:success].empty? then :success
else :default
when !state[:error].empty? then
:error
when !state[:danger].empty? then
:danger
when !state[:warning].empty? then
:warning
when !state[:success].empty? then
:success
else
:default
end
color = :primary if color == :success and cipher.size >= 256
label("&nbsp;", color) + "&nbsp;#{cipher.name}".html_safe
@ -111,17 +159,21 @@ module CheckHelper
def cipher_labels(cipher)
cipher.state.collect { |c, ls| ls.collect { |l| label l.upcase, c } }
.flatten(1).join("\n").html_safe
.flatten(1).join("\n").html_safe
end
def cipher_kex_type_cell(kex)
color = case kex
when :ecdh then :primary
when :dh then :success
when :rsa then :warning
else :error
when :ecdh then
:primary
when :dh then
:success
when :rsa then
:warning
else
:error
end
kex ||= 'None'
kex ||= 'None'
cell kex.to_s.upcase, color
end
@ -132,11 +184,14 @@ module CheckHelper
def cipher_auth_type_cell(auth)
color = case auth
when :ecdsa then :primary
when :rsa then :default
else :error
when :ecdsa then
:primary
when :rsa then
:default
else
:error
end
auth ||= 'None'
auth ||= 'None'
cell auth.to_s.upcase, color
end
@ -147,18 +202,21 @@ module CheckHelper
def cipher_enc_type_cell(enc)
color = case enc
when :chacha20 then :primary
when :aes then :success
when :camellia, :seed, :idea then :default
when :'3des' then :danger
else :error
when :chacha20 then
:primary
when :aes then
:success
when :camellia, :seed then
:default
else
:error
end
enc ||= 'NONE'
enc ||= 'NONE'
cell enc.to_s.upcase, color
end
def cipher_enc_key_size_cell(enc)
enc ||= 0
enc ||= 0
color = cipher_color enc
cell enc, color
end
@ -171,19 +229,25 @@ module CheckHelper
def cipher_enc_mode_cell(enc)
color = case enc
when :gcm, :ccm then :primary
when :cbc then :warning
when :gcm, :ccm then
:primary
when :cbc then
:danger
end
enc ||= ''
enc ||= ''
cell enc.to_s.upcase, color
end
def cipher_mac_type_cell(mac)
color = case mac
when :poly1305 then :primary
when :sha384, :sha256 then :success
when :sha1 then :default
when :md5 then :error
when :poly1305 then
:primary
when :sha384, :sha256 then
:success
when :sha1 then
:warning
when :md5 then
:error
end
cell mac.to_s.upcase, color
end

2
app/views/check/processing.html.erb
Unescape View File

@ -9,7 +9,7 @@
[<%= self.type.to_s.upcase %>] <%= t 'Currently analysing %{host}', host: @host %>
</h1>
<p class="small">
<%= t 'Start of analysis: %{date}', date: l(@result.date) %>
<%= t 'Start of analysis: %{date}', date: l(@result[:date]) %>
</p>
<p class="pull-right">
<%= t('Please wait…') %>

215
app/views/check/show.html.erb
Unescape View File

@ -6,151 +6,86 @@
</h1>
</div>
<% if Time.now - @result.date >= Rails.configuration.refresh_delay %>
<div class="col-sm-1">
<%= link_to t('Refresh'), {action: :refresh}, class: %i(btn btn-default) %>
</div>
<div class="col-sm-1">
<%= link_to t('Refresh'), { action: :refresh }, class: %i(btn btn-default) %>
</div>
<% end %>
</div>
<%
@result.hosts.each do |host|
if host.error
error, host = host.error, host.host
%>
<div class="row">
<div class="col-sm-12">
<h2><%= host.name %> - <%= host.ip %> : <%= host.port %></h2>
<%= t 'Error during analysis:' %>
<span class="label label-error"><%= error %></span>
</div>
</div>
<%
else
host, grade, handshake = host.host, host.grade, host.handshake
%>
<div class="row">
<div class="col-sm-12">
<h2><%= host.name %> - <%= host.ip %> : <%= host.port %></h2>
<% @result.hosts.each do |host| %>
<div class="row">
<div class="col-sm-12">
<h2>
<%= rank_label host.grade %>
<%= host.ip %> : <%= host.port %>
<span class="small">(<%= host.hostname %>)</span></h2>
</div>
</div>
</div>
<div class="row">
<div class="col-sm-6">
<table class="table table-bordered table-condensed table-striped">
<thead>
<tr>
<th colspan="2">
Scores
<%= rank_label grade.rank %>
</th>
</tr>
</thead>
<tbody>
<%
{ 'Protocol' => 'protocol',
'Key exchange' => 'key_exchange',
'Cipher' => 'cipher_strengths',
'Overall' => 'score'}.each do |name, v| %>
<tr>
<th class="col-sm-4"><%= t name %></th>
<td class="col-sm-8"><%= score_progress grade.details[v] %></td>
</tr>
<div class="row">
<div class="col-sm-12">
<h3><%= t 'Checks' %></h3>
<table class="table table-bordered table-condensed table-striped">
<thead>
<th><%= t 'Severity' %></th>
<td></td>
</thead>
<tbody>
<% ::CryptCheck::State.each do |level| %>
<tr>
<th><%= label level, "state-#{level}" %></th>
<td><%= labels level, host.states[level] %></td>
</tr>
<% end %>
</tbody>
</table>
</tbody>
</table>
</div>
</div>
<div class="col-sm-6">
<table class="table table-bordered table-condensed table-striped">
<tbody>
<tr>
<th class="col-sm-4"><%= t 'Protocols' %></th>
<td class="col-sm-8"><%= protocol_labels handshake.protocols %></td>
</tr>
<tr>
<th><%= t 'Keys' %></th>
<td>
<p><%= t 'Certificates:' %> <%= key_label handshake[:key] %></p>
<p>Diffie Hellman : <%= key_labels handshake.dh %></p>
</td>
</tr>
<% { 'Good practices' => :success,
'Warning' => :warning,
'Critical' => :danger,
'Fatal' => :error }.each do |name, color|
names = grade[color]
next if names.nil? or names.empty?
%>
<tr>
<th><%= t name %></th>
<td>
<% names.each do |name| %>
<span class="label label-<%= color %>"><%= name.upcase %></span>
<div class="row">
<div class="col-sm-12">
<h3><%= t 'Certificates' %></h3>
<table class="table table-bordered table-condensed table-striped">
<thead>
<tr>
<th>
<%= t 'Subject' %>
<span class="small">[<%= t 'Serial' %>]</span>
<div class="small"><%= t 'Fingerprint' %></div>
</th>
<td><%= t 'Issuer' %></td>
<td><%= t 'Not before' %></td>
<td><%= t 'Not after' %></td>
<th></th>
</tr>
</thead>
<tbody>
<% host.handshakes.certs.each do |cert| %>
<tr>
<th>
<%= cert.subject %> [<%= cert.serial %>]
<div class="small"><%= cert.fingerprint %></div>
</th>
<td><%= cert.issuer %></td>
<td><%= l cert.lifetime.not_before %></td>
<td><%= l cert.lifetime.not_after %></td>
<td><%= states cert.states %></td>
</tr>
<% cert.chain.each do |cert| %>
<tr>
<th>
<%= cert.subject %> [<%= cert.serial %>]
<div class="small"><%= cert.fingerprint %></div>
</th>
<td><%= cert.issuer %></td>
<td><%= l cert.lifetime.not_before %></td>
<td><%= l cert.lifetime.not_after %></td>
</tr>
<% end %>
</td>
</tr>
<% end %>
</tbody>
</table>
<% end %>
</tbody>
</table>
</div>
</div>
</div>
<div class="row">
<div class="col-sm-12">
<table class="table table-bordered table-condensed table-striped center">
<thead>
<tr>
<th rowspan="2"><%= t 'Name' %></th>
<th colspan="2"><%= t 'Key exchange' %></th>
<th colspan="2"><%= t 'Authentication' %></th>
<th colspan="4"><%= t 'Encryption' %></th>
<th colspan="2"><%= t 'MAC' %></th>
<th rowspan="2"><%= t 'PFS' %></th>
</tr>
<tr>
<th><%= t 'Type' %></th>
<th><%= t 'Key size' %></th>
<th><%= t 'Type' %></th>
<th><%= t 'Key size' %></th>
<th><%= t 'Type' %></th>
<th><%= t 'Key size' %></th>
<th><%= t 'Block size' %></th>
<th><%= t 'Mode' %></th>
<th><%= t 'Type' %></th>
<th><%= t 'Size' %></th>
</tr>
</thead>
<tbody>
<% CryptCheck::Tls::Server::EXISTING_METHODS.each do |protocol|
ciphers = CryptCheck::Tls::Cipher.sort(handshake.ciphers.select { |c| c.protocol == protocol.to_s }
.collect { |c| CryptCheck::Tls::Cipher.new protocol, [c.name, nil, c[:size]], c.dh, handshake[:key] })
unless ciphers.empty? %>
<tr>
<th colspan="12"><%= protocol_label protocol %></th>
</tr>
<% ciphers.each do |cipher|
params = cipher.params
kex = params[:kex]
auth = params[:auth]
enc = params[:enc]
mac = params[:mac]
pfs = params[:pfs]
%>
<tr>
<th><%= cipher_name_label cipher %></th>
<%= cipher_kex_type_cell kex&.first %>
<%= cipher_kex_size_cell kex&.last %>
<%= cipher_auth_type_cell auth&.first %>
<%= cipher_auth_size_cell auth&.last %>
<%= cipher_enc_type_cell enc&.first %>
<%= cipher_enc_key_size_cell enc&.[] 1 %>
<%= cipher_enc_block_size_cell enc&.[] 2 %>
<%= cipher_enc_mode_cell enc&.last %>
<%= cipher_mac_type_cell mac&.first %>
<%= cipher_mac_size_cell mac&.last %>
<%= cipher_pfs_cell pfs %>
</tr>
<% end end end %>
</tbody>
</table>
</div>
</div>
<% end
end %>
<% end %>
</div>

2
app/views/site/suite.html.erb
Unescape View File

@ -54,7 +54,7 @@
<%= cipher_mac_size_cell mac&.last %>
<%= cipher_pfs_cell pfs %>
<% else %>
<td colspan="10"><%= label('Non supporté', :error) %></td>
<td colspan="10"><%= label t('Not supported'), :error %></td>
<% end %>
</tr>
<% end %>

BIN
config/host.dump
View File

Binary file not shown.

2
config/locales/en.yml
Unescape View File

@ -44,3 +44,5 @@ en:
Size: Size
Not supported: Not supported
"Serial: %{serial}": "Serial: %{serial}"

12
config/locales/fr.yml
Unescape View File

@ -45,6 +45,18 @@ fr:
Not supported: Non supporté
Checks: Vérifications
Severity: Sévèrité
Certificates: Certificats
Subject: Sujet
Serial: Numéro de série
Issuer: Émetteur
Not before: Pas avant
Not after: Pas après
Fingerprint: Empreinte
"Fingerprint: %{fingerprint}": "Empreinte : %{fingerprint}"
date:
abbr_day_names:
- dim

Write Preview
Loading…
Cancel
Save