aeris
/
cryptcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Refactor some checks

Browse Source
new-scoring
aeris 7 years ago
parent a8057ce1ec
commit 845626ee45
6 changed files with 51 additions and 30 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 22
      lib/cryptcheck/status.rb
  2. 16
      lib/cryptcheck/tls.rb
  3. 6
      lib/cryptcheck/tls/fixture.rb
  4. 21
      lib/cryptcheck/tls/grade.rb
  5. 4
      lib/cryptcheck/tls/server.rb
  6. 12
      spec/cryptcheck/status_spec.rb

22
lib/cryptcheck/status.rb
Unescape View File

@ -3,24 +3,34 @@ module CryptCheck
LEVELS = %i(critical error warning good perfect best).freeze
PROBLEMS = %i(critical error warning).freeze
extend Enumerable
def self.each(&block)
LEVELS.each &block
end
def self.status(statuses)
statuses = self.collect statuses
self.select LEVELS, statuses
statuses = self.convert statuses
self.min LEVELS, statuses
end
class << self
alias_method :'[]', :status
end
def self.problem(statuses)
statuses = self.collect statuses
self.select PROBLEMS, statuses
statuses = self.convert statuses
self.min PROBLEMS, statuses
end
private
def self.collect(statuses)
def self.convert(statuses)
statuses = [ statuses ] unless statuses.respond_to? :first
first = statuses.first
statuses = statuses.collect &:status if first.respond_to? :status
statuses
end
def self.select(levels, statuses)
def self.min(levels, statuses)
return nil if statuses.empty?
(levels & statuses).first
end

16
lib/cryptcheck/tls.rb
Unescape View File

@ -19,13 +19,15 @@ module CryptCheck
def self.key_to_s(key)
size, color = case key.type
when :ecc
["#{key.group.curve_name} #{key.size}", :good]
when :dh
[key.size, :warning]
when :dsa
[key.size, :critical]
end
when :ecc
["#{key.group.curve_name} #{key.size}", :good]
when :rsa
[key.size, nil]
when :dsa
[key.size, :critical]
when :dh
[key.size, :warning]
end
"#{key.type.to_s.upcase.colorize color} #{size.to_s.colorize key.status} bits"
end
end

6
lib/cryptcheck/tls/fixture.rb
Unescape View File

@ -74,7 +74,8 @@ class ::OpenSSL::PKey::EC
:error
when 192...256
:warning
when 384...::Float::INFINITY
when 256...364
else
:good
end
end
@ -99,7 +100,8 @@ class ::OpenSSL::PKey::RSA
:critical
when 1024...2048
:error
when 4096...::Float::INFINITY
when 2048...4096
else
:good
end
end

21
lib/cryptcheck/tls/grade.rb
Unescape View File

@ -17,7 +17,7 @@ module CryptCheck
when 'B', 'B+'
:perfect
when 'C', 'C+'
nil
:good
when 'E'
:warning
when 'F'
@ -30,16 +30,9 @@ module CryptCheck
Logger.info { "Grade : #{self.grade.colorize color }" }
Logger.info { '' }
[
['Critical', :critical],
['Error', :error],
['Warning', :warning],
['Good', :good],
['Perfect', :perfect],
['Best', :best],
].each do |text, color|
Status.each do |color|
states = @states[color]
Logger.info { "#{text} : #{states.collect { |s| s.to_s.colorize color }.join ' '}" } unless states.empty?
Logger.info { "#{color.to_s.capitalize} : #{states.collect { |s| s.to_s.colorize color }.join ' '}" } unless states.empty?
end
end
@ -78,10 +71,10 @@ module CryptCheck
CHECKS = [
# Keys
[:dss_sign, Proc.new { |s| s.dss_sig? }, :critical],
[:weak_key, Proc.new { |s| %i(critical error warning) & [s.key.status] } ],
[:weak_key, Proc.new { |s| Status.problem s.key_status } ],
# DH
[:weak_dh, Proc.new { |s| (%i(critical error warning) & s.dh.collect(&:status).uniq).first } ],
[:weak_dh, Proc.new { |s| Status.problem s.dh_status } ],
# Certificates
[:md2_sign, Proc.new { |s| s.md2_sig? }, :critical],
@ -111,6 +104,8 @@ module CryptCheck
[:no_pfs, Proc.new { |s| not s.pfs_only? }, :warning],
[:pfs, Proc.new { |s| s.pfs? }, :good],
[:pfs_only, Proc.new { |s| s.pfs_only? }, :perfect],
[:no_ecdhe, Proc.new { |s| not s.ecdhe? }, :warning],
[:ecdhe, Proc.new { |s| s.ecdhe? }, :good],
[:ecdhe_only, Proc.new { |s| s.ecdhe_only? }, :perfect],
@ -130,7 +125,7 @@ module CryptCheck
end
def calculate_states
states = { critical: [], error: [], warning: [], good: [], perfect: [], best: [] }
states = Status.collect { |s| [s, []] }.to_h
@checks.each do |name, check, status|
result = check.call @server
if result

4
lib/cryptcheck/tls/server.rb
Unescape View File

@ -9,6 +9,7 @@ module CryptCheck
SSL_TIMEOUT = 2*TCP_TIMEOUT
EXISTING_METHODS = %i(TLSv1_2 TLSv1_1 TLSv1 SSLv3 SSLv2)
SUPPORTED_METHODS = ::OpenSSL::SSL::SSLContext::METHODS
class TLSException < ::StandardError
end
class TLSNotAvailableException < TLSException
@ -360,13 +361,12 @@ module CryptCheck
end
end
end
Logger.info { '' } unless supported_ciphers.empty?
@supported_ciphers[method] = supported_ciphers
end
end
def check_fallback_scsv
Logger.info { '' }
@fallback_scsv = false
methods = @prefered_ciphers.reject { |_, v| v.nil? }.keys

12
spec/cryptcheck/status_spec.rb
Unescape View File

@ -11,6 +11,7 @@ describe CryptCheck::Status do
[:critical, :critical] => :critical,
[:critical, :error] => :critical,
[:critical, :warning] => :critical,
[:critical, nil] => :critical,
[:critical, :good] => :critical,
[:critical, :perfect] => :critical,
[:critical, :best] => :critical,
@ -18,6 +19,7 @@ describe CryptCheck::Status do
[:error, :critical] => :critical,
[:error, :error] => :error,
[:error, :warning] => :error,
[:error, nil] => :error,
[:error, :good] => :error,
[:error, :perfect] => :error,
[:error, :best] => :error,
@ -25,6 +27,7 @@ describe CryptCheck::Status do
[:warning, :critical] => :critical,
[:warning, :error] => :error,
[:warning, :warning] => :warning,
[:warning, nil] => :warning,
[:warning, :good] => :warning,
[:warning, :perfect] => :warning,
[:warning, :best] => :warning,
@ -32,6 +35,7 @@ describe CryptCheck::Status do
[:good, :critical] => :critical,
[:good, :error] => :error,
[:good, :warning] => :warning,
[:good, nil] => :good,
[:good, :good] => :good,
[:good, :perfect] => :good,
[:good, :best] => :good,
@ -39,6 +43,7 @@ describe CryptCheck::Status do
[:perfect, :critical] => :critical,
[:perfect, :error] => :error,
[:perfect, :warning] => :warning,
[:perfect, nil] => :perfect,
[:perfect, :good] => :good,
[:perfect, :perfect] => :perfect,
[:perfect, :best] => :perfect,
@ -46,6 +51,7 @@ describe CryptCheck::Status do
[:best, :critical] => :critical,
[:best, :error] => :error,
[:best, :warning] => :warning,
[:best, nil] => :best,
[:best, :good] => :good,
[:best, :perfect] => :perfect,
[:best, :best] => :best
@ -68,6 +74,7 @@ describe CryptCheck::Status do
[:critical, :critical] => :critical,
[:critical, :error] => :critical,
[:critical, :warning] => :critical,
[:critical, nil] => :critical,
[:critical, :good] => :critical,
[:critical, :perfect] => :critical,
[:critical, :best] => :critical,
@ -75,6 +82,7 @@ describe CryptCheck::Status do
[:error, :critical] => :critical,
[:error, :error] => :error,
[:error, :warning] => :error,
[:error, nil] => :error,
[:error, :good] => :error,
[:error, :perfect] => :error,
[:error, :best] => :error,
@ -82,6 +90,7 @@ describe CryptCheck::Status do
[:warning, :critical] => :critical,
[:warning, :error] => :error,
[:warning, :warning] => :warning,
[:warning, nil] => :warning,
[:warning, :good] => :warning,
[:warning, :perfect] => :warning,
[:warning, :best] => :warning,
@ -89,6 +98,7 @@ describe CryptCheck::Status do
[:good, :critical] => :critical,
[:good, :error] => :error,
[:good, :warning] => :warning,
[:good, nil] => nil,
[:good, :good] => nil,
[:good, :perfect] => nil,
[:good, :best] => nil,
@ -96,6 +106,7 @@ describe CryptCheck::Status do
[:perfect, :critical] => :critical,
[:perfect, :error] => :error,
[:perfect, :warning] => :warning,
[:perfect, nil] => nil,
[:perfect, :good] => nil,
[:perfect, :perfect] => nil,
[:perfect, :best] => nil,
@ -103,6 +114,7 @@ describe CryptCheck::Status do
[:best, :critical] => :critical,
[:best, :error] => :error,
[:best, :warning] => :warning,
[:best, nil] => nil,
[:best, :good] => nil,
[:best, :perfect] => nil,
[:best, :best] => nil

Write Preview
Loading…
Cancel
Save