From 33e84e476201f3365a27a05631165d82bb50b112 Mon Sep 17 00:00:00 2001 From: aeris Date: Sat, 2 Nov 2019 16:12:57 +0100 Subject: [PATCH] Unified runner --- Makefile | 71 +++++++------------------------------- bin/cryptcheck | 25 ++++++++++++++ cryptcheck.gemspec | 1 + lib/cryptcheck/tls/host.rb | 27 +++++++++------ 4 files changed, 55 insertions(+), 69 deletions(-) create mode 100755 bin/cryptcheck diff --git a/Makefile b/Makefile index bc5157b..06e7ff1 100644 --- a/Makefile +++ b/Makefile @@ -5,11 +5,7 @@ OPENSSL_NAME = openssl-$(OPENSSL_VERSION) OPENSSL_DIR = build/$(OPENSSL_NAME) RUBY_MAJOR_VERSION = 2.3 RUBY_VERSION = $(RUBY_MAJOR_VERSION).8 -RUBY_NAME = ruby-$(RUBY_VERSION) -RUBY_DIR = build/$(RUBY_NAME) -RUBY_OPENSSL_EXT_DIR = $(RUBY_DIR)/ext/openssl RBENV_DIR = $(RBENV_ROOT)/versions/$(RUBY_VERSION)-cryptcheck -RUBY_LIB_DIR = $(RBENV_DIR)/lib/ruby/$(RUBY_MAJOR_VERSION).0 RBENV_ROOT ?= ~/.rbenv export LIBRARY_PATH ?= $(PWD)/lib export C_INCLUDE_PATH ?= $(PWD)/build/openssl/include @@ -18,19 +14,14 @@ export LD_LIBRARY_PATH ?= $(PWD)/lib .SECONDARY: .SUFFIXES: -all: libs ext +all: libs rbenv -clean: clean-libs clean-ext +clean: clean-libs clean-libs: [ -d "build/openssl/" ] \ && find "build/openssl/" \( -name "*.o" -o -name "*.so" \) -delete \ || true rm -f lib/libcrypto.so* lib/libssl.so* "build/openssl//Makefile" -clean-ext: - [ -d "$(RUBY_OPENSSL_EXT_DIR)" ] \ - && find "$(RUBY_OPENSSL_EXT_DIR)" \( -name "*.o" -o -name "*.so" \) -delete \ - || true - rm -f lib/openssl.so mr-proper: rm -rf lib/libcrypto.so* lib/libssl.so* lib/openssl.so build @@ -49,20 +40,15 @@ build/openssl/: | $(OPENSSL_DIR)/ $(OPENSSL_DIR)/: build/$(OPENSSL_NAME).tar.gz build/chacha-poly.patch tar -C build -xf "build/$(OPENSSL_NAME).tar.gz" patch -d "$(OPENSSL_DIR)" -p1 < build/chacha-poly.patch - patch -d "$(OPENSSL_DIR)" -p1 < patches/openssl/00_disable_digest_check.patch + for p in patches/openssl/*.patch; do patch -d "$@" -p1 < "$$p"; done build/openssl/Makefile: | build/openssl/ - #cd $(OPENSSL_DIR) && ./Configure enable-ssl2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib enable-rc5 enable-rc2 enable-gost enable-md2 enable-mdc2 enable-shared linux-x86_64 - #cd $(OPENSSL_DIR) && ./config enable-ssl2 enable-ssl3 enable-md2 enable-rc5 enable-weak-ssl-ciphers shared cd build/openssl/ && ./config enable-ssl2 enable-ssl3 enable-ssl3-method enable-md2 enable-rc5 enable-weak-ssl-ciphers enable-shared build/openssl/libssl.so \ build/openssl/libcrypto.so: build/openssl/Makefile $(MAKE) -C build/openssl/ -install-openssl: build/openssl/Makefile - $(MAKE) -C build/openssl/ install - LIBS = lib/libssl.so lib/libcrypto.so lib/libssl.so.$(OPENSSL_LIB_VERSION) lib/libcrypto.so.$(OPENSSL_LIB_VERSION) lib/%.so: build/openssl/%.so cp "$<" "$@" @@ -79,53 +65,22 @@ $(RBENV_ROOT)/plugins/ruby-build/: | $(RBENV_ROOT)/ $(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_VERSION): | $(RBENV_ROOT)/plugins/ruby-build/ build/$(RUBY_VERSION)-cryptcheck: $(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_VERSION) - cp "$<" "$@" + cp $< $@ -install-rbenv: build/$(RUBY_VERSION)-cryptcheck - -install-rbenv-cryptcheck: build/$(RUBY_VERSION)-cryptcheck $(LIBS) | build/openssl/ +rbenv: build/$(RUBY_VERSION)-cryptcheck $(LIBS) | $(OPENSSL_DIR)/ cat patches/ruby/*.patch | \ - RUBY_BUILD_CACHE_PATH="$(PWD)/build" \ - RUBY_BUILD_DEFINITIONS="$(PWD)/build" \ - rbenv install -fp "$(RUBY_VERSION)-cryptcheck" - rbenv local "$(RUBY_VERSION)-cryptcheck" - gem update --system + RUBY_BUILD_CACHE_PATH=$(PWD)/build \ + RUBY_BUILD_DEFINITIONS=$(PWD)/build \ + MAKE_OPTS="-j $(shell nproc)" rbenv install -fp $(RUBY_VERSION)-cryptcheck + # rbenv sequester $(RUBY_VERSION)-cryptcheck + rbenv local $(RUBY_VERSION)-cryptcheck gem install bundler - # bundle install --without test development - -$(RUBY_LIB_DIR)/openssl/ssl.rb: $(RUBY_OPENSSL_EXT_DIR)/lib/openssl/ssl.rb - cp "$<" "$@" - -$(RUBY_LIB_DIR)/x86_64-linux/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/openssl.so - cp "$<" "$@" - -sync-ruby: $(RUBY_LIB_DIR)/openssl/ssl.rb $(RUBY_LIB_DIR)/x86_64-linux/openssl.so - -build/$(RUBY_NAME).tar.xz: | build/ - wget "http://cache.ruby-lang.org/pub/ruby/$(RUBY_MAJOR_VERSION)/$(RUBY_NAME).tar.xz" -O "$@" - -$(RUBY_DIR)/: build/$(RUBY_NAME).tar.xz - tar -C build -xf "$<" - for p in patches/ruby/*.patch; do patch -d "$@" -p1 < $i; done - -$(RUBY_OPENSSL_EXT_DIR)/Makefile: libs | $(RUBY_DIR)/ - cd "$(RUBY_OPENSSL_EXT_DIR)" && ruby extconf.rb - -$(RUBY_OPENSSL_EXT_DIR)/openssl.so: $(LIBS) $(RUBY_OPENSSL_EXT_DIR)/Makefile - top_srcdir=../.. $(MAKE) -C "$(RUBY_OPENSSL_EXT_DIR)" - -lib/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/openssl.so - cp "$<" "$@" - -ext: lib/openssl.so - -install-ruby: $(RUBY_DIR)/ - cd "$(RUBY_DIR)/" && ./configure --enable-shared --disable-install-rdoc && make install + bundle install spec/faketime/libfaketime.so: spec/faketime/faketime.c spec/faketime/faketime.h - $(CC) "$^" -o "$@" -shared -fPIC -ldl -std=c99 -Werror -Wall + $(CC) $^ -o $@ -shared -fPIC -ldl -std=c99 -Werror -Wall lib/libfaketime.so: spec/faketime/libfaketime.so - ln -fs "../$<" "$@" + ln -fs ../$< $@ faketime: lib/libfaketime.so test-material: diff --git a/bin/cryptcheck b/bin/cryptcheck new file mode 100755 index 0000000..5b4c661 --- /dev/null +++ b/bin/cryptcheck @@ -0,0 +1,25 @@ +#!/usr/bin/env ruby +require 'rubygems' +require 'bundler/setup' +require 'thor' +require 'awesome_print' +require 'cryptcheck' + +class CLI < Thor + option :'no-ipv4', type: :boolean, default: false, aliases: :'4' + option :'no-ipv6', type: :boolean, default: false, aliases: :'6' + option :json, type: :boolean, default: false, aliases: :j + option :quiet, type: :boolean, default: false, aliases: :q + + desc 'https HOST [PORT]', 'Analyze HTTPS configuration for HOST:PORT' + + def https(host, port = 443) + ENV['DISABLE_IPv4'] = 'true' if options[:'no-ipv4'] + ENV['DISABLE_IPv6'] = 'true' if options[:'no-ipv6'] + ::CryptCheck::Logger.level = options[:quiet] ? :none : :info + result = ::CryptCheck::Tls::Https.analyze host, port + $stdout.isatty ? ap(result) : puts(JSON.pretty_generate(result)) if options[:json] + end +end + +CLI.start ARGV diff --git a/cryptcheck.gemspec b/cryptcheck.gemspec index 7a870a3..3b58805 100644 --- a/cryptcheck.gemspec +++ b/cryptcheck.gemspec @@ -40,4 +40,5 @@ Gem::Specification.new do |spec| spec.add_dependency 'ruby-progressbar' spec.add_dependency 'colorize' spec.add_dependency 'awesome_print' + spec.add_dependency 'thor' end diff --git a/lib/cryptcheck/tls/host.rb b/lib/cryptcheck/tls/host.rb index ee68b58..8e46f1b 100644 --- a/lib/cryptcheck/tls/host.rb +++ b/lib/cryptcheck/tls/host.rb @@ -78,12 +78,12 @@ module CryptCheck port: port } case server - when Server - host[:handshakes] = server.to_h - host[:states] = server.states - host[:grade] = server.grade - else - host[:error] = server.to_s + when Server + host[:handshakes] = server.to_h + host[:states] = server.states + host[:grade] = server.grade + else + host[:error] = server.to_s end host end @@ -95,12 +95,17 @@ module CryptCheck def resolve begin - ip = IPAddr.new @hostname - return [[nil, ip.to_s, ip.family, @port]] - rescue IPAddr::InvalidAddressError + begin + ip = IPAddr.new @hostname + return [[nil, ip.to_s, ip.family, @port]] + rescue IPAddr::InvalidAddressError + end + ::Addrinfo.getaddrinfo(@hostname, nil, nil, :STREAM) + .collect { |a| [@hostname, a.ip_address, a.afamily, @port] } + end.reject do |family, *_| + (ENV['DISABLE_IPv6'] && family == Socket::AF_INET6) || + (ENV['DISABLE_IPv4'] && family == Socket::AF_INET) end - ::Addrinfo.getaddrinfo(@hostname, nil, nil, :STREAM) - .collect { |a| [@hostname, a.ip_address, a.afamily, @port] } end def server(*args)