Pārlūkot izejas kodu

Refactoring for usage on RoR application

master
Nicolas Vinot 3 gadus atpakaļ
vecāks
revīzija
67b2654e22

+ 1
- 0
.gitignore Parādīt failu

@@ -1,4 +1,5 @@
1 1
 *.iml
2
+*.gem
2 3
 Gemfile.lock
3 4
 /.idea/
4 5
 /html/

+ 1
- 20
Gemfile Parādīt failu

@@ -1,21 +1,2 @@
1 1
 source 'https://rubygems.org'
2
-
3
-gem 'rake'
4
-gem 'httparty'
5
-gem 'nokogiri'
6
-gem 'net-ssh', '>= 2.9.2.beta'
7
-gem 'net-scp'
8
-gem 'tcp_timeout'
9
-gem 'parallel'
10
-gem 'ruby-progressbar'
11
-gem 'logging'
12
-#gem 'activerecord'
13
-#gem 'sqlite3'
14
-gem 'colorize'
15
-
16
-group :test do
17
-	gem 'rspec'
18
-	gem 'webmock'
19
-end
20
-
21
-gem 'debase'
2
+gemspec

+ 0
- 1
bin/check_https_alexa.rb Parādīt failu

@@ -2,7 +2,6 @@
2 2
 $:.unshift File.expand_path File.join File.dirname(__FILE__), '../lib'
3 3
 require 'rubygems'
4 4
 require 'bundler/setup'
5
-require 'logging'
6 5
 require 'cryptcheck'
7 6
 
8 7
 GROUP_NAME = 'Top 100 Alexa'

+ 0
- 1
bin/check_smtp.rb Parādīt failu

@@ -2,7 +2,6 @@
2 2
 $:.unshift File.expand_path File.join File.dirname(__FILE__), '../lib'
3 3
 require 'rubygems'
4 4
 require 'bundler/setup'
5
-require 'logging'
6 5
 require 'cryptcheck'
7 6
 
8 7
 name = ARGV[0]

+ 0
- 1
bin/check_xmpp.rb Parādīt failu

@@ -2,7 +2,6 @@
2 2
 $:.unshift File.expand_path File.join File.dirname(__FILE__), '../lib'
3 3
 require 'rubygems'
4 4
 require 'bundler/setup'
5
-require 'logging'
6 5
 require 'cryptcheck'
7 6
 
8 7
 name = ARGV[0]

+ 38
- 0
cryptcheck.gemspec Parādīt failu

@@ -0,0 +1,38 @@
1
+# coding: utf-8
2
+lib = File.expand_path('../lib', __FILE__)
3
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+
5
+Gem::Specification.new do |spec|
6
+	spec.name    = 'cryptcheck'
7
+	spec.version = '1.0.0'
8
+	spec.authors = ['Aeris']
9
+	spec.email   = ['aeris+tls@imirhil.fr']
10
+
11
+	spec.summary     = %q{Check best practices on crypto-stack implementation}
12
+	spec.description = %q{Verify if best practices are well implemented on current crypto-stack (TLS & SSH) protocol (HTTPS, SMTP, XMPP, SSH & VPN)}
13
+	spec.homepage    = 'https://tls.imirhil.fr'
14
+	spec.license     = 'AGPLv3+'
15
+
16
+	if spec.respond_to?(:metadata)
17
+		spec.metadata['allowed_push_host'] = 'TODO: Set to "http://mygemserver.com"'
18
+	else
19
+		raise 'RubyGems 2.0 or newer is required to protect against public gem pushes.'
20
+	end
21
+
22
+	spec.files         = { '*.rb' => %w(lib) }
23
+								 .collect_concat { |e, ds| ds.collect_concat { |d| Dir[File.join d, '**', e] } }
24
+#	spec.bindir        = 'bin'
25
+#	spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
26
+#	spec.test_files    = spec.files.grep(%r{^spec/})
27
+	spec.require_paths = %w(lib)
28
+
29
+	spec.add_development_dependency 'bundler', '~> 1.9', '>= 1.9.8'
30
+	spec.add_development_dependency 'rake', '~> 10.4', '>= 10.4.2'
31
+	spec.add_development_dependency 'rspec', '~> 3.2', '>= 3.2.0'
32
+
33
+	spec.add_dependency 'httparty', '~> 0.13', '>= 0.13.3'
34
+	spec.add_dependency 'nokogiri', '~> 1.6', '>= 1.6.6'
35
+	spec.add_dependency 'parallel', '~> 1.3', '>= 1.3.4'
36
+	spec.add_dependency 'ruby-progressbar', '~> 1.7', '>= 1.7.1'
37
+	spec.add_dependency 'colorize', '~> 0.7', '>= 0.7.7'
38
+end

+ 1
- 0
lib/cryptcheck.rb Parādīt failu

@@ -5,6 +5,7 @@ module CryptCheck
5 5
 	autoload :Logger, 'cryptcheck/logger'
6 6
 	autoload :Tls, 'cryptcheck/tls'
7 7
 	module Tls
8
+		autoload :Cipher, 'cryptcheck/tls/cipher'
8 9
 		autoload :Server, 'cryptcheck/tls/server'
9 10
 		autoload :TcpServer, 'cryptcheck/tls/server'
10 11
 		autoload :UdpServer, 'cryptcheck/tls/server'

+ 7
- 52
lib/cryptcheck/tls.rb Parādīt failu

@@ -1,5 +1,4 @@
1 1
 require 'erb'
2
-require 'logging'
3 2
 require 'parallel'
4 3
 
5 4
 module CryptCheck
@@ -7,33 +6,6 @@ module CryptCheck
7 6
 		MAX_ANALYSIS_DURATION = 600
8 7
 		PARALLEL_ANALYSIS     = 10
9 8
 
10
-		TYPES = {
11
-				md5:       %w(MD5),
12
-				sha1:      %w(SHA),
13
-
14
-				psk:       %w(PSK),
15
-				srp:       %w(SRP),
16
-				anonymous: %w(ADH AECDH),
17
-
18
-				dss:       %w(DSS),
19
-
20
-				null:      %w(NULL),
21
-				export:    %w(EXP),
22
-				des:       %w(DES-CBC),
23
-				rc4:       %w(RC4),
24
-				des3:      %w(3DES DES-CBC3),
25
-
26
-				pfs:       %w(DHE EDH ECDHE ECDH)
27
-		}
28
-
29
-		TYPES.each do |name, ciphers|
30
-			class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
31
-				def self.#{name}?(cipher)
32
-					#{ciphers}.any? { |c| /(^|-)#\{c\}(-|$)/ =~ cipher }
33
-				end
34
-			RUBY_EVAL
35
-		end
36
-
37 9
 		def self.grade(hostname, port, server_class:, grade_class:)
38 10
 			timeout MAX_ANALYSIS_DURATION do
39 11
 				grade_class.new server_class.new hostname, port
@@ -89,20 +61,8 @@ module CryptCheck
89 61
 
90 62
 		def self.colorize(cipher)
91 63
 			colors = case
92
-						 when /^SSL/ =~ cipher,
93
-								 dss?(cipher),
94
-								 anonymous?(cipher),
95
-								 null?(cipher),
96
-								 export?(cipher),
97
-								 md5?(cipher),
98
-								 des?(cipher),
99
-								 rc4?(cipher)
100
-							 { color: :white, background: :red }
101
-						 when des3?(cipher)
102
-							 { color: :yellow }
103
-						 when :TLSv1_2 == cipher,
104
-								 pfs?(cipher)
105
-							 { color: :green }
64
+						 when /^SSL/ =~ cipher then { color: :white, background: :red }
65
+						 when :TLSv1_2 == cipher then { color: :green }
106 66
 					 end
107 67
 			cipher.to_s.colorize colors
108 68
 		end
@@ -110,18 +70,13 @@ module CryptCheck
110 70
 		def self.key_to_s(key)
111 71
 			size       = key.rsa_equivalent_size
112 72
 			type_color = case key.type
113
-							 when :ecc
114
-								 { color: :green }
115
-							 when :dsa
116
-								 { color: :yellow }
73
+							 when :ecc then { color: :green }
74
+							 when :dsa then { color: :yellow }
117 75
 						 end
118 76
 			size_color = case size
119
-							 when 0...1024
120
-								 { color: :white, background: :red }
121
-							 when 1024...2048
122
-								 { color: :yellow }
123
-							 when 4096...::Float::INFINITY
124
-								 { color: :green }
77
+							 when 0...1024 then { color: :white, background: :red }
78
+							 when 1024...2048 then { color: :yellow }
79
+							 when 4096...::Float::INFINITY then { color: :green }
125 80
 						 end
126 81
 			"#{key.type.to_s.upcase.colorize type_color} #{key.size.to_s.colorize size_color} bits"
127 82
 		end

+ 69
- 0
lib/cryptcheck/tls/cipher.rb Parādīt failu

@@ -0,0 +1,69 @@
1
+module CryptCheck
2
+	module Tls
3
+		class Cipher
4
+			TYPES = {
5
+					md5:       %w(MD5),
6
+					sha1:      %w(SHA),
7
+
8
+					psk:       %w(PSK),
9
+					srp:       %w(SRP),
10
+					anonymous: %w(ADH AECDH),
11
+
12
+					dss:       %w(DSS),
13
+
14
+					null:      %w(NULL),
15
+					export:    %w(EXP),
16
+					des:       %w(DES-CBC),
17
+					rc2:       %w(RC2),
18
+					rc4:       %w(RC4),
19
+					des3:      %w(3DES DES-CBC3),
20
+
21
+					pfs:       %w(DHE EDH ECDHE ECDH)
22
+			}
23
+
24
+			attr_reader :protocol, :name, :size, :dh
25
+
26
+			def initialize(protocol, cipher, dh)
27
+				@protocol, @dh  = protocol, dh
28
+				@name, _, @size = cipher
29
+			end
30
+
31
+			TYPES.each do |name, ciphers|
32
+				class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
33
+				def self.#{name}?(cipher)
34
+					#{ciphers}.any? { |c| /(^|-)#\{c\}(-|$)/ =~ cipher }
35
+				end
36
+				def #{name}?
37
+					#{ciphers}.any? { |c| /(^|-)#\{c\}(-|$)/ =~ @name }
38
+				end
39
+				RUBY_EVAL
40
+			end
41
+
42
+			def ssl?
43
+				sslv2? or sslv3?
44
+			end
45
+
46
+			def tls?
47
+				tlsv1? or tlsv1_1? or tlsv1_2?
48
+			end
49
+
50
+			def colorize
51
+				colors = case
52
+							 when dss?,
53
+									 anonymous?,
54
+									 null?,
55
+									 export?,
56
+									 md5?,
57
+									 des?,
58
+									 rc4?
59
+								 { color: :white, background: :red }
60
+							 when des3?
61
+								 { color: :yellow }
62
+							 when pfs?
63
+								 { color: :green }
64
+						 end
65
+				@name.colorize colors
66
+			end
67
+		end
68
+	end
69
+end

+ 3
- 0
lib/cryptcheck/tls/fixture.rb Parādīt failu

@@ -1,3 +1,5 @@
1
+require 'openssl'
2
+
1 3
 class ::OpenSSL::PKey::EC
2 4
 	def type
3 5
 		:ecc
@@ -14,6 +16,7 @@ class ::OpenSSL::PKey::EC
14 16
 			when 256 then 3072
15 17
 			when 384 then 7680
16 18
 			when 521 then 15360
19
+			when 571 then 21000
17 20
 		end
18 21
 	end
19 22
 

+ 26
- 55
lib/cryptcheck/tls/grade.rb Parādīt failu

@@ -21,21 +21,15 @@ module CryptCheck
21 21
 				calculate_warning
22 22
 				calculate_success
23 23
 				calculate_grade
24
-				calculate_perfect
25 24
 			end
26 25
 
27 26
 			def display
28 27
 				color = case self.grade
29
-							when 'A+'
30
-								:blue
31
-							when 'A'
32
-								:green
33
-							when 'B', 'C'
34
-								:yellow
35
-							when 'E', 'F'
36
-								:red
37
-							when 'M', 'T'
38
-								{ color: :white, background: :red }
28
+							when 'A+' then :blue
29
+							when 'A' then :green
30
+							when 'B', 'C' then :yellow
31
+							when 'E', 'F' then :red
32
+							when 'M', 'T' then { color: :white, background: :red }
39 33
 						end
40 34
 
41 35
 				Logger.info { "Grade : #{self.grade.colorize color }" }
@@ -53,18 +47,12 @@ module CryptCheck
53 47
 			private
54 48
 			def calculate_grade
55 49
 				@grade = case @score
56
-							 when 0...20 then
57
-								 'F'
58
-							 when 20...35 then
59
-								 'E'
60
-							 when 35...50 then
61
-								 'D'
62
-							 when 50...65 then
63
-								 'C'
64
-							 when 65...80 then
65
-								 'B'
66
-							 else
67
-								 'A'
50
+							 when 0...20 then 'F'
51
+							 when 20...35 then 'E'
52
+							 when 35...50 then 'D'
53
+							 when 50...65 then 'C'
54
+							 when 65...80 then 'B'
55
+							 else 'A'
68 56
 						 end
69 57
 
70 58
 				@grade = [@grade, 'B'].max if !@server.tlsv1_2? or @server.key_size < 2048
@@ -73,6 +61,8 @@ module CryptCheck
73 61
 
74 62
 				@grade = 'M' unless @server.cert_valid
75 63
 				@grade = 'T' unless @server.cert_trusted
64
+
65
+				@grade = 'A+' if @grade == 'A' and @error.empty? and @warning.empty? and (all_success & @success) == all_success
76 66
 			end
77 67
 
78 68
 			def calculate_error
@@ -108,63 +98,44 @@ module CryptCheck
108 98
 			end
109 99
 
110 100
 			ALL_ERROR = %i(md5_sig md5 anonymous dss null export des rc4)
111
-
112 101
 			def all_error
113 102
 				ALL_ERROR
114 103
 			end
115 104
 
116 105
 			ALL_WARNING = %i(sha1_sig des3)
117
-
118 106
 			def all_warning
119 107
 				ALL_WARNING
120 108
 			end
121 109
 
122 110
 			ALL_SUCCESS = %i(pfs)
123
-
124 111
 			def all_success
125 112
 				ALL_SUCCESS
126 113
 			end
127 114
 
128
-			def calculate_perfect
129
-				@grade = 'A+' if @grade == 'A' and @error.empty? and @warning.empty? and (ALL_SUCCESS & @success) == ALL_SUCCESS
130
-			end
131
-
132
-			METHODS_SCORES = { SSLv2: 0, SSLv3: 10, TLSv1: 50, TLSv1_1: 75, TLSv1_2: 100 }
133
-
115
+			METHODS_SCORES = { SSLv2: 0, SSLv3: 20, TLSv1: 60, TLSv1_1: 80, TLSv1_2: 100 }
134 116
 			def calculate_protocol_score
135
-				methods         = @server.supported_methods
136
-				worst, best     = methods.last, methods.first
137
-				@protocol_score = (METHODS_SCORES[worst] + METHODS_SCORES[best]) / 2
117
+				@protocol_score = @server.supported_protocols.collect { |p| METHODS_SCORES[p] }.min
138 118
 			end
139 119
 
140 120
 			def calculate_key_exchange_score
141 121
 				@key_exchange_score = case @server.key_size
142 122
 										  when 0 then 0
143
-										  when 0...512 then 20
144
-										  when 512...1024 then 40
145
-										  when 1024...2048 then 80
123
+										  when 0...512 then 10
124
+										  when 512...1024 then 20
125
+										  when 1024...2048 then 50
146 126
 										  when 2048...4096 then 90
147
-										  when 4096...::Float::INFINITY then 100
127
+										  else 100
148 128
 									  end
149 129
 			end
150 130
 
151
-			def calculate_cipher_strength_score(cipher_strength)
152
-				case cipher_strength
153
-					when 0 then
154
-						0
155
-					when 0...128 then
156
-						20
157
-					when 128...256 then
158
-						80
159
-					else
160
-						100
161
-				end
162
-			end
163
-
164 131
 			def calculate_cipher_strengths_score
165
-				strength                = @server.cipher_size
166
-				worst, best             = strength[:min], strength[:max]
167
-				@cipher_strengths_score = (calculate_cipher_strength_score(worst) + calculate_cipher_strength_score(best)) / 2
132
+				@cipher_strengths_score = case @server.cipher_size
133
+					when 0 then 0
134
+					when 0...112 then 10
135
+					when 112...128 then 50
136
+					when 128...256 then 90
137
+					else 100
138
+				end
168 139
 			end
169 140
 		end
170 141
 	end

+ 10
- 7
lib/cryptcheck/tls/https/server.rb Parādīt failu

@@ -14,14 +14,17 @@ module CryptCheck
14 14
 				def fetch_hsts
15 15
 					port = @port == 443 ? '' : ":#{@port}"
16 16
 
17
-					response = ::HTTParty.head "https://#{@hostname}#{port}/", { follow_redirects: false, verify: false, timeout: SSL_TIMEOUT }
18
-					if header = response.headers['strict-transport-security']
19
-						name, value = header.split '='
20
-						if name == 'max-age'
21
-							@hsts = value.to_i
22
-							Logger.info { "HSTS : #{@hsts.to_s.colorize hsts_long? ? :green : nil}" }
23
-							return
17
+					begin
18
+						response = ::HTTParty.head "https://#{@hostname}#{port}/", { follow_redirects: false, verify: false, timeout: SSL_TIMEOUT }
19
+						if header = response.headers['strict-transport-security']
20
+							name, value = header.split '='
21
+							if name == 'max-age'
22
+								@hsts = value.to_i
23
+								Logger.info { "HSTS : #{@hsts.to_s.colorize hsts_long? ? :green : nil}" }
24
+								return
25
+							end
24 26
 						end
27
+					rescue ::Net::OpenTimeout
25 28
 					end
26 29
 
27 30
 					Logger.info { 'No HSTS'.colorize :yellow }

+ 46
- 25
lib/cryptcheck/tls/server.rb Parādīt failu

@@ -32,7 +32,7 @@ module CryptCheck
32 32
 			class ConnectionError < TLSException
33 33
 			end
34 34
 
35
-			attr_reader :hostname, :port, :prefered_ciphers, :cert, :cert_valid, :cert_trusted
35
+			attr_reader :hostname, :port, :prefered_ciphers, :cert, :cert_valid, :cert_trusted, :dh
36 36
 
37 37
 			def initialize(hostname, port)
38 38
 				@hostname, @port = hostname, port
@@ -40,19 +40,30 @@ module CryptCheck
40 40
 				Logger.info { "#{hostname}:#{port}".colorize :blue }
41 41
 				extract_cert
42 42
 				Logger.info { '' }
43
-				Logger.info { "Key : #{Tls.key_to_s @cert.public_key}" }
43
+				Logger.info { "Key : #{Tls.key_to_s self.key}" }
44 44
 				fetch_prefered_ciphers
45 45
 				check_supported_cipher
46
+				uniq_dh
46 47
 			end
47 48
 
48
-			def supported_methods
49
-				EXISTING_METHODS.select { |m| !@prefered_ciphers[m].nil? }
49
+			def key
50
+				@cert.public_key
50 51
 			end
51 52
 
52 53
 			def cipher_size
53
-				cipher_strengths = supported_ciphers.collect { |c| c[2] }.uniq.sort
54
-				worst, best      = cipher_strengths.first, cipher_strengths.last
55
-				{ worst: worst, best: best }
54
+				supported_ciphers.collect { |c| c.size }.sort.last
55
+			end
56
+
57
+			def supported_protocols
58
+				@supported_ciphers.keys
59
+			end
60
+
61
+			def supported_ciphers
62
+				@supported_ciphers.values.flatten 1
63
+			end
64
+
65
+			def supported_ciphers_by_protocol(protocol)
66
+				@supported_ciphers[protocol]
56 67
 			end
57 68
 
58 69
 			EXISTING_METHODS.each do |method|
@@ -75,10 +86,10 @@ module CryptCheck
75 86
 				RUBY_EVAL
76 87
 			end
77 88
 
78
-			Tls::TYPES.each do |type, _|
89
+			Cipher::TYPES.each do |type, _|
79 90
 				class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
80 91
 					def #{type}?
81
-						supported_ciphers.any? { |s| Tls.#{type}? s.first  }
92
+						supported_ciphers.any? { |c| c.#{type}? }
82 93
 					end
83 94
 				RUBY_EVAL
84 95
 			end
@@ -100,15 +111,11 @@ module CryptCheck
100 111
 			end
101 112
 
102 113
 			def pfs?
103
-				supported_ciphers.any? { |c| Tls.pfs? c.first }
114
+				supported_ciphers.any? { |c| c.pfs? }
104 115
 			end
105 116
 
106 117
 			def pfs_only?
107
-				supported_ciphers.all? { |c| Tls.pfs? c.first }
108
-			end
109
-
110
-			def supported_ciphers
111
-				@supported_ciphers.values.flatten(1).uniq
118
+				supported_ciphers.all? { |c| c.pfs? }
112 119
 			end
113 120
 
114 121
 			private
@@ -221,8 +228,8 @@ module CryptCheck
221 228
 			end
222 229
 
223 230
 			def prefered_cipher(method)
224
-				cipher = ssl_client(method, 'ALL:COMPLEMENTOFALL') { |s| s.cipher }
225
-				Logger.info { "Prefered cipher for #{Tls.colorize method} : #{Tls.colorize cipher.first}" }
231
+				cipher = ssl_client(method, 'ALL:COMPLEMENTOFALL') { |s| Cipher.new method, s.cipher, s.tmp_key }
232
+				Logger.info { "Prefered cipher for #{Tls.colorize method} : #{cipher.colorize}" }
226 233
 				cipher
227 234
 			rescue TLSException => e
228 235
 				Logger.debug { "Method #{Tls.colorize method} not supported : #{e}" }
@@ -246,12 +253,14 @@ module CryptCheck
246 253
 
247 254
 			def supported_cipher?(method, cipher)
248 255
 				dh = ssl_client method, [cipher] { |s| s.tmp_key }
256
+				@dh << dh if dh
257
+				cipher = Cipher.new method, cipher, dh
249 258
 				dh = dh ? " (#{'DH'.colorize :green} : #{Tls.key_to_s dh})" : ''
250
-				Logger.info { "#{Tls.colorize method} / #{Tls.colorize cipher[0]} : Supported#{dh}" }
251
-				true
259
+				Logger.info { "#{Tls.colorize method} / #{cipher.colorize} : Supported#{dh}" }
260
+				cipher
252 261
 			rescue TLSException => e
253
-				Logger.debug { "#{Tls.colorize method} / #{Tls.colorize cipher[0]} : Not supported (#{e})" }
254
-				false
262
+				Logger.debug { "#{Tls.colorize method} / #{cipher.colorize} : Not supported (#{e})" }
263
+				nil
255 264
 			end
256 265
 
257 266
 			def check_supported_cipher
@@ -259,9 +268,9 @@ module CryptCheck
259 268
 				@supported_ciphers = {}
260 269
 				EXISTING_METHODS.each do |method|
261 270
 					next unless SUPPORTED_METHODS.include? method and @prefered_ciphers[method]
262
-					ciphers = available_ciphers(method).select { |cipher| supported_cipher? method, cipher }
263
-					@supported_ciphers[method] = ciphers
264
-					Logger.info { '' } unless ciphers.empty?
271
+					supported_ciphers = available_ciphers(method).collect { |c| supported_cipher? method, c }.reject { |c| c.nil? }
272
+					Logger.info { '' } unless supported_ciphers.empty?
273
+					@supported_ciphers[method] = supported_ciphers
265 274
 				end
266 275
 			end
267 276
 
@@ -270,7 +279,7 @@ module CryptCheck
270 279
 				store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
271 280
 				store.set_default_paths
272 281
 
273
-				%w(cacert).each do |directory|
282
+				%w(cacert mozilla).each do |directory|
274 283
 					::Dir.glob(::File.join '/usr/share/ca-certificates', directory, '*').each do |file|
275 284
 						cert = ::OpenSSL::X509::Certificate.new ::File.read file
276 285
 						begin
@@ -289,6 +298,18 @@ module CryptCheck
289 298
 				p store.error_string unless trusted
290 299
 				trusted
291 300
 			end
301
+
302
+			def uniq_dh
303
+				dh, find = [], []
304
+				@dh.each do |k|
305
+					f = [k.type, k.size]
306
+					unless find.include? f
307
+						dh << k
308
+						find << f
309
+					end
310
+				end
311
+				@dh = dh
312
+			end
292 313
 		end
293 314
 
294 315
 		class TcpServer < Server

+ 0
- 2
lib/cryptcheck/tls/xmpp.rb Parādīt failu

@@ -1,5 +1,4 @@
1 1
 require 'erb'
2
-require 'logging'
3 2
 require 'parallel'
4 3
 
5 4
 module CryptCheck
@@ -7,7 +6,6 @@ module CryptCheck
7 6
 		module Xmpp
8 7
 			MAX_ANALYSIS_DURATION = 600
9 8
 			PARALLEL_ANALYSIS = 10
10
-			Logger = ::Logging.logger[Xmpp]
11 9
 
12 10
 			def self.grade(hostname, type=:s2s)
13 11
 				timeout MAX_ANALYSIS_DURATION do

+ 7
- 8
output/https.erb Parādīt failu

@@ -97,10 +97,10 @@
97 97
 									<%= n.grade %>
98 98
 								</td>
99 99
 
100
-								<td class="<%= s.key_size < 2048 ? :danger : s.key_size < 4096 ? :warning : :success %>">
101
-									<% type, size = s.key %>
102
-									<%= "#{size} (#{type.to_s.upcase})" %>
103
-									<span class="sr-only">(<%= s.key_size < 2048 ? '☹' : '☺' %>)</span>
100
+								<% key = s.key %>
101
+								<td class="<%= key.rsa_equivalent_size < 2048 ? :danger : key.rsa_equivalent_size < 4096 ? :warning : :success %>">
102
+									<%= "#{key.size} (#{key.type.to_s.upcase})" %>
103
+									<span class="sr-only">(<%= key.size < 2048 ? '☹' : '☺' %>)</span>
104 104
 								</td>
105 105
 								<td class="<%= s.sha1_sig? ? :warning : :success %>">
106 106
 									<%= s.sha1_sig? ? '✓' : '✗' %>
@@ -124,10 +124,9 @@
124 124
 									<span class="sr-only">(<%= s.tls? ? '☺' : '☹' %>)</span>
125 125
 								</td>
126 126
 
127
-								<% cipher_size = s.cipher_size[:worst] %>
128
-								<td class="<%= cipher_size < 112 ? :danger : cipher_size < 128 ? :warning : :success %>">
129
-									<%= cipher_size %>
130
-									<span class="sr-only">(<%= cipher_size < 128 ? '☹' : '☺' %>)</span>
127
+								<td class="<%= s.cipher_size < 112 ? :danger : s.cipher_size < 128 ? :warning : :success %>">
128
+									<%= s.cipher_size %>
129
+									<span class="sr-only">(<%= s.cipher_size < 128 ? '☹' : '☺' %>)</span>
131 130
 								</td>
132 131
 								<td class="<%= s.md5? ? :critical : :success %>">
133 132
 									<%= s.md5? ? '✓' : '✗' %>

+ 1
- 0
output/porn.yml Parādīt failu

@@ -623,6 +623,7 @@
623 623
   - www.xartmodels.com
624 624
   - www.yourdirtymind.com
625 625
   - your-daily-girl.com
626
+  - blog.onahole.eu
626 627
 - description: Erotic Stories
627 628
   hostnames:
628 629
   - literotica.com

+ 7
- 8
output/smtp.erb Parādīt failu

@@ -97,10 +97,10 @@
97 97
 									<%= n.grade %>
98 98
 								</td>
99 99
 
100
-								<td class="<%= s.key_size < 2048 ? :danger : s.key_size < 4096 ? :warning : :success %>">
101
-									<% type, size = s.key %>
102
-									<%= "#{size} (#{type.to_s.upcase})" %>
103
-									<span class="sr-only">(<%= s.key_size < 2048 ? '☹' : '☺' %>)</span>
100
+								<% key = s.key %>
101
+								<td class="<%= key.rsa_equivalent_size < 2048 ? :danger : key.rsa_equivalent_size < 4096 ? :warning : :success %>">
102
+									<%= "#{key.size} (#{key.type.to_s.upcase})" %>
103
+									<span class="sr-only">(<%= key.size < 2048 ? '☹' : '☺' %>)</span>
104 104
 								</td>
105 105
 								<td class="<%= s.sha1_sig? ? :warning : :success %>">
106 106
 									<%= s.sha1_sig? ? '✓' : '✗' %>
@@ -124,10 +124,9 @@
124 124
 									<span class="sr-only">(<%= s.tls? ? '☺' : '☹' %>)</span>
125 125
 								</td>
126 126
 
127
-								<% cipher_size = s.cipher_size[:worst] %>
128
-								<td class="<%= cipher_size < 112 ? :danger : cipher_size < 128 ? :warning : :success %>">
129
-									<%= cipher_size %>
130
-									<span class="sr-only">(<%= cipher_size < 128 ? '☹' : '☺' %>)</span>
127
+								<td class="<%= s.cipher_size < 112 ? :danger : s.cipher_size < 128 ? :warning : :success %>">
128
+									<%= s.cipher_size %>
129
+									<span class="sr-only">(<%= s.cipher_size < 128 ? '☹' : '☺' %>)</span>
131 130
 								</td>
132 131
 								<td class="<%= s.md5? ? :critical : :success %>">
133 132
 									<%= s.md5? ? '✓' : '✗' %>

+ 7
- 8
output/xmpp.erb Parādīt failu

@@ -110,10 +110,10 @@
110 110
 									<%= n.grade %>
111 111
 								</td>
112 112
 
113
-								<td class="<%= s.key_size < 2048 ? :danger : s.key_size < 4096 ? :warning : :success %>">
114
-									<% type, size = s.key %>
115
-									<%= "#{size} (#{type.to_s.upcase})" %>
116
-									<span class="sr-only">(<%= s.key_size < 2048 ? '☹' : '☺' %>)</span>
113
+								<% key = s.key %>
114
+								<td class="<%= key.rsa_equivalent_size < 2048 ? :danger : key.rsa_equivalent_size < 4096 ? :warning : :success %>">
115
+									<%= "#{key.size} (#{key.type.to_s.upcase})" %>
116
+									<span class="sr-only">(<%= key.size < 2048 ? '☹' : '☺' %>)</span>
117 117
 								</td>
118 118
 								<td class="<%= s.sha1_sig? ? :warning : :success %>">
119 119
 									<%= s.sha1_sig? ? '✓' : '✗' %>
@@ -137,10 +137,9 @@
137 137
 									<span class="sr-only">(<%= s.tls? ? '☺' : '☹' %>)</span>
138 138
 								</td>
139 139
 
140
-								<% cipher_size = s.cipher_size[:worst] %>
141
-								<td class="<%= cipher_size < 112 ? :danger : cipher_size < 128 ? :warning : :success %>">
142
-									<%= cipher_size %>
143
-									<span class="sr-only">(<%= cipher_size < 128 ? '☹' : '☺' %>)</span>
140
+								<td class="<%= s.cipher_size < 112 ? :danger : s.cipher_size < 128 ? :warning : :success %>">
141
+									<%= s.cipher_size %>
142
+									<span class="sr-only">(<%= s.cipher_size < 128 ? '☹' : '☺' %>)</span>
144 143
 								</td>
145 144
 								<td class="<%= s.md5? ? :critical : :success %>">
146 145
 									<%= s.md5? ? '✓' : '✗' %>

Notiek ielāde…
Atcelt
Saglabāt