Browse Source

Refactor some checks

new-scoring
aeris 2 years ago
parent
commit
845626ee45

+ 16
- 6
lib/cryptcheck/status.rb View File

@@ -3,24 +3,34 @@ module CryptCheck
3 3
 		LEVELS = %i(critical error warning good perfect best).freeze
4 4
 		PROBLEMS = %i(critical error warning).freeze
5 5
 
6
+		extend Enumerable
7
+		def self.each(&block)
8
+			LEVELS.each &block
9
+		end
10
+
6 11
 		def self.status(statuses)
7
-			statuses = self.collect statuses
8
-			self.select LEVELS, statuses
12
+			statuses = self.convert statuses
13
+			self.min LEVELS, statuses
14
+		end
15
+
16
+		class << self
17
+			alias_method :'[]', :status
9 18
 		end
10 19
 
11 20
 		def self.problem(statuses)
12
-			statuses = self.collect statuses
13
-			self.select PROBLEMS, statuses
21
+			statuses = self.convert statuses
22
+			self.min PROBLEMS, statuses
14 23
 		end
15 24
 
16 25
 		private
17
-		def self.collect(statuses)
26
+		def self.convert(statuses)
27
+			statuses = [ statuses ] unless statuses.respond_to? :first
18 28
 			first = statuses.first
19 29
 			statuses = statuses.collect &:status if first.respond_to? :status
20 30
 			statuses
21 31
 		end
22 32
 
23
-		def self.select(levels, statuses)
33
+		def self.min(levels, statuses)
24 34
 			return nil if statuses.empty?
25 35
 			(levels & statuses).first
26 36
 		end

+ 9
- 7
lib/cryptcheck/tls.rb View File

@@ -19,13 +19,15 @@ module CryptCheck
19 19
 
20 20
 		def self.key_to_s(key)
21 21
 			size, color = case key.type
22
-							 when :ecc
23
-								 ["#{key.group.curve_name} #{key.size}", :good]
24
-							 when :dh
25
-								 [key.size, :warning]
26
-							 when :dsa
27
-								 [key.size, :critical]
28
-						 end
22
+							  when :ecc
23
+								  ["#{key.group.curve_name} #{key.size}", :good]
24
+							  when :rsa
25
+								  [key.size, nil]
26
+							  when :dsa
27
+								  [key.size, :critical]
28
+							  when :dh
29
+								  [key.size, :warning]
30
+						  end
29 31
 			"#{key.type.to_s.upcase.colorize color} #{size.to_s.colorize key.status} bits"
30 32
 		end
31 33
 	end

+ 4
- 2
lib/cryptcheck/tls/fixture.rb View File

@@ -74,7 +74,8 @@ class ::OpenSSL::PKey::EC
74 74
 				:error
75 75
 			when 192...256
76 76
 				:warning
77
-			when 384...::Float::INFINITY
77
+			when 256...364
78
+			else
78 79
 				:good
79 80
 		end
80 81
 	end
@@ -99,7 +100,8 @@ class ::OpenSSL::PKey::RSA
99 100
 				:critical
100 101
 			when 1024...2048
101 102
 				:error
102
-			when 4096...::Float::INFINITY
103
+			when 2048...4096
104
+			else
103 105
 				:good
104 106
 		end
105 107
 	end

+ 8
- 13
lib/cryptcheck/tls/grade.rb View File

@@ -17,7 +17,7 @@ module CryptCheck
17 17
 							when 'B', 'B+'
18 18
 								:perfect
19 19
 							when 'C', 'C+'
20
-								nil
20
+								:good
21 21
 							when 'E'
22 22
 								:warning
23 23
 							when 'F'
@@ -30,16 +30,9 @@ module CryptCheck
30 30
 
31 31
 				Logger.info { "Grade : #{self.grade.colorize color }" }
32 32
 				Logger.info { '' }
33
-				[
34
-						['Critical', :critical],
35
-						['Error', :error],
36
-						['Warning', :warning],
37
-						['Good', :good],
38
-						['Perfect', :perfect],
39
-						['Best', :best],
40
-				].each do |text, color|
33
+				Status.each do |color|
41 34
 					states = @states[color]
42
-					Logger.info { "#{text} : #{states.collect { |s| s.to_s.colorize color }.join ' '}" } unless states.empty?
35
+					Logger.info { "#{color.to_s.capitalize} : #{states.collect { |s| s.to_s.colorize color }.join ' '}" } unless states.empty?
43 36
 				end
44 37
 			end
45 38
 
@@ -78,10 +71,10 @@ module CryptCheck
78 71
 			CHECKS = [
79 72
 					# Keys
80 73
 					[:dss_sign, Proc.new { |s| s.dss_sig? }, :critical],
81
-					[:weak_key, Proc.new { |s| %i(critical error warning) & [s.key.status] } ],
74
+					[:weak_key, Proc.new { |s| Status.problem s.key_status } ],
82 75
 
83 76
 					# DH
84
-					[:weak_dh, Proc.new { |s| (%i(critical error warning) & s.dh.collect(&:status).uniq).first } ],
77
+					[:weak_dh, Proc.new { |s| Status.problem s.dh_status } ],
85 78
 
86 79
 					# Certificates
87 80
 					[:md2_sign, Proc.new { |s| s.md2_sig? }, :critical],
@@ -111,6 +104,8 @@ module CryptCheck
111 104
 					[:no_pfs, Proc.new { |s| not s.pfs_only? }, :warning],
112 105
 					[:pfs, Proc.new { |s| s.pfs? }, :good],
113 106
 					[:pfs_only, Proc.new { |s| s.pfs_only? }, :perfect],
107
+
108
+					[:no_ecdhe, Proc.new { |s| not s.ecdhe? }, :warning],
114 109
 					[:ecdhe, Proc.new { |s| s.ecdhe? }, :good],
115 110
 					[:ecdhe_only, Proc.new { |s| s.ecdhe_only? }, :perfect],
116 111
 
@@ -130,7 +125,7 @@ module CryptCheck
130 125
 			end
131 126
 
132 127
 			def calculate_states
133
-				states = { critical: [], error: [], warning: [], good: [], perfect: [], best: [] }
128
+				states = Status.collect { |s| [s, []] }.to_h
134 129
 				@checks.each do |name, check, status|
135 130
 					result = check.call @server
136 131
 					if result

+ 2
- 2
lib/cryptcheck/tls/server.rb View File

@@ -9,6 +9,7 @@ module CryptCheck
9 9
 			SSL_TIMEOUT       = 2*TCP_TIMEOUT
10 10
 			EXISTING_METHODS  = %i(TLSv1_2 TLSv1_1 TLSv1 SSLv3 SSLv2)
11 11
 			SUPPORTED_METHODS = ::OpenSSL::SSL::SSLContext::METHODS
12
+
12 13
 			class TLSException < ::StandardError
13 14
 			end
14 15
 			class TLSNotAvailableException < TLSException
@@ -360,13 +361,12 @@ module CryptCheck
360 361
 							end
361 362
 						end
362 363
 					end
363
-
364
-					Logger.info { '' } unless supported_ciphers.empty?
365 364
 					@supported_ciphers[method] = supported_ciphers
366 365
 				end
367 366
 			end
368 367
 
369 368
 			def check_fallback_scsv
369
+				Logger.info { '' }
370 370
 				@fallback_scsv = false
371 371
 
372 372
 				methods = @prefered_ciphers.reject { |_, v| v.nil? }.keys

+ 12
- 0
spec/cryptcheck/status_spec.rb View File

@@ -11,6 +11,7 @@ describe CryptCheck::Status do
11 11
 					[:critical, :critical] => :critical,
12 12
 					[:critical, :error]    => :critical,
13 13
 					[:critical, :warning]  => :critical,
14
+					[:critical, nil]       => :critical,
14 15
 					[:critical, :good]     => :critical,
15 16
 					[:critical, :perfect]  => :critical,
16 17
 					[:critical, :best]     => :critical,
@@ -18,6 +19,7 @@ describe CryptCheck::Status do
18 19
 					[:error, :critical]    => :critical,
19 20
 					[:error, :error]       => :error,
20 21
 					[:error, :warning]     => :error,
22
+					[:error, nil]          => :error,
21 23
 					[:error, :good]        => :error,
22 24
 					[:error, :perfect]     => :error,
23 25
 					[:error, :best]        => :error,
@@ -25,6 +27,7 @@ describe CryptCheck::Status do
25 27
 					[:warning, :critical]  => :critical,
26 28
 					[:warning, :error]     => :error,
27 29
 					[:warning, :warning]   => :warning,
30
+					[:warning, nil]        => :warning,
28 31
 					[:warning, :good]      => :warning,
29 32
 					[:warning, :perfect]   => :warning,
30 33
 					[:warning, :best]      => :warning,
@@ -32,6 +35,7 @@ describe CryptCheck::Status do
32 35
 					[:good, :critical]     => :critical,
33 36
 					[:good, :error]        => :error,
34 37
 					[:good, :warning]      => :warning,
38
+					[:good, nil]           => :good,
35 39
 					[:good, :good]         => :good,
36 40
 					[:good, :perfect]      => :good,
37 41
 					[:good, :best]         => :good,
@@ -39,6 +43,7 @@ describe CryptCheck::Status do
39 43
 					[:perfect, :critical]  => :critical,
40 44
 					[:perfect, :error]     => :error,
41 45
 					[:perfect, :warning]   => :warning,
46
+					[:perfect, nil]        => :perfect,
42 47
 					[:perfect, :good]      => :good,
43 48
 					[:perfect, :perfect]   => :perfect,
44 49
 					[:perfect, :best]      => :perfect,
@@ -46,6 +51,7 @@ describe CryptCheck::Status do
46 51
 					[:best, :critical]     => :critical,
47 52
 					[:best, :error]        => :error,
48 53
 					[:best, :warning]      => :warning,
54
+					[:best, nil]           => :best,
49 55
 					[:best, :good]         => :good,
50 56
 					[:best, :perfect]      => :perfect,
51 57
 					[:best, :best]         => :best
@@ -68,6 +74,7 @@ describe CryptCheck::Status do
68 74
 					[:critical, :critical] => :critical,
69 75
 					[:critical, :error]    => :critical,
70 76
 					[:critical, :warning]  => :critical,
77
+					[:critical, nil]       => :critical,
71 78
 					[:critical, :good]     => :critical,
72 79
 					[:critical, :perfect]  => :critical,
73 80
 					[:critical, :best]     => :critical,
@@ -75,6 +82,7 @@ describe CryptCheck::Status do
75 82
 					[:error, :critical]    => :critical,
76 83
 					[:error, :error]       => :error,
77 84
 					[:error, :warning]     => :error,
85
+					[:error, nil]          => :error,
78 86
 					[:error, :good]        => :error,
79 87
 					[:error, :perfect]     => :error,
80 88
 					[:error, :best]        => :error,
@@ -82,6 +90,7 @@ describe CryptCheck::Status do
82 90
 					[:warning, :critical]  => :critical,
83 91
 					[:warning, :error]     => :error,
84 92
 					[:warning, :warning]   => :warning,
93
+					[:warning, nil]        => :warning,
85 94
 					[:warning, :good]      => :warning,
86 95
 					[:warning, :perfect]   => :warning,
87 96
 					[:warning, :best]      => :warning,
@@ -89,6 +98,7 @@ describe CryptCheck::Status do
89 98
 					[:good, :critical]     => :critical,
90 99
 					[:good, :error]        => :error,
91 100
 					[:good, :warning]      => :warning,
101
+					[:good, nil]           => nil,
92 102
 					[:good, :good]         => nil,
93 103
 					[:good, :perfect]      => nil,
94 104
 					[:good, :best]         => nil,
@@ -96,6 +106,7 @@ describe CryptCheck::Status do
96 106
 					[:perfect, :critical]  => :critical,
97 107
 					[:perfect, :error]     => :error,
98 108
 					[:perfect, :warning]   => :warning,
109
+					[:perfect, nil]        => nil,
99 110
 					[:perfect, :good]      => nil,
100 111
 					[:perfect, :perfect]   => nil,
101 112
 					[:perfect, :best]      => nil,
@@ -103,6 +114,7 @@ describe CryptCheck::Status do
103 114
 					[:best, :critical]     => :critical,
104 115
 					[:best, :error]        => :error,
105 116
 					[:best, :warning]      => :warning,
117
+					[:best, nil]           => nil,
106 118
 					[:best, :good]         => nil,
107 119
 					[:best, :perfect]      => nil,
108 120
 					[:best, :best]         => nil

Loading…
Cancel
Save