aeris
/
cryptcheck
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Refactor some checks

new-scoring
aeris 4 years ago
parent
a8057ce1ec
commit
845626ee45
6 changed files with 51 additions and 30 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +16
    -6
      lib/cryptcheck/status.rb
  2. +9
    -7
      lib/cryptcheck/tls.rb
  3. +4
    -2
      lib/cryptcheck/tls/fixture.rb
  4. +8
    -13
      lib/cryptcheck/tls/grade.rb
  5. +2
    -2
      lib/cryptcheck/tls/server.rb
  6. +12
    -0
      spec/cryptcheck/status_spec.rb

+ 16
- 6
lib/cryptcheck/status.rb View File

@@ -3,24 +3,34 @@ module CryptCheck
LEVELS = %i(critical error warning good perfect best).freeze
PROBLEMS = %i(critical error warning).freeze

extend Enumerable
def self.each(&block)
LEVELS.each &block
end

def self.status(statuses)
statuses = self.collect statuses
self.select LEVELS, statuses
statuses = self.convert statuses
self.min LEVELS, statuses
end

class << self
alias_method :'[]', :status
end

def self.problem(statuses)
statuses = self.collect statuses
self.select PROBLEMS, statuses
statuses = self.convert statuses
self.min PROBLEMS, statuses
end

private
def self.collect(statuses)
def self.convert(statuses)
statuses = [ statuses ] unless statuses.respond_to? :first
first = statuses.first
statuses = statuses.collect &:status if first.respond_to? :status
statuses
end

def self.select(levels, statuses)
def self.min(levels, statuses)
return nil if statuses.empty?
(levels & statuses).first
end


+ 9
- 7
lib/cryptcheck/tls.rb View File

@@ -19,13 +19,15 @@ module CryptCheck

def self.key_to_s(key)
size, color = case key.type
when :ecc
["#{key.group.curve_name} #{key.size}", :good]
when :dh
[key.size, :warning]
when :dsa
[key.size, :critical]
end
when :ecc
["#{key.group.curve_name} #{key.size}", :good]
when :rsa
[key.size, nil]
when :dsa
[key.size, :critical]
when :dh
[key.size, :warning]
end
"#{key.type.to_s.upcase.colorize color} #{size.to_s.colorize key.status} bits"
end
end


+ 4
- 2
lib/cryptcheck/tls/fixture.rb View File

@@ -74,7 +74,8 @@ class ::OpenSSL::PKey::EC
:error
when 192...256
:warning
when 384...::Float::INFINITY
when 256...364
else
:good
end
end
@@ -99,7 +100,8 @@ class ::OpenSSL::PKey::RSA
:critical
when 1024...2048
:error
when 4096...::Float::INFINITY
when 2048...4096
else
:good
end
end


+ 8
- 13
lib/cryptcheck/tls/grade.rb View File

@@ -17,7 +17,7 @@ module CryptCheck
when 'B', 'B+'
:perfect
when 'C', 'C+'
nil
:good
when 'E'
:warning
when 'F'
@@ -30,16 +30,9 @@ module CryptCheck

Logger.info { "Grade : #{self.grade.colorize color }" }
Logger.info { '' }
[
['Critical', :critical],
['Error', :error],
['Warning', :warning],
['Good', :good],
['Perfect', :perfect],
['Best', :best],
].each do |text, color|
Status.each do |color|
states = @states[color]
Logger.info { "#{text} : #{states.collect { |s| s.to_s.colorize color }.join ' '}" } unless states.empty?
Logger.info { "#{color.to_s.capitalize} : #{states.collect { |s| s.to_s.colorize color }.join ' '}" } unless states.empty?
end
end

@@ -78,10 +71,10 @@ module CryptCheck
CHECKS = [
# Keys
[:dss_sign, Proc.new { |s| s.dss_sig? }, :critical],
[:weak_key, Proc.new { |s| %i(critical error warning) & [s.key.status] } ],
[:weak_key, Proc.new { |s| Status.problem s.key_status } ],

# DH
[:weak_dh, Proc.new { |s| (%i(critical error warning) & s.dh.collect(&:status).uniq).first } ],
[:weak_dh, Proc.new { |s| Status.problem s.dh_status } ],

# Certificates
[:md2_sign, Proc.new { |s| s.md2_sig? }, :critical],
@@ -111,6 +104,8 @@ module CryptCheck
[:no_pfs, Proc.new { |s| not s.pfs_only? }, :warning],
[:pfs, Proc.new { |s| s.pfs? }, :good],
[:pfs_only, Proc.new { |s| s.pfs_only? }, :perfect],

[:no_ecdhe, Proc.new { |s| not s.ecdhe? }, :warning],
[:ecdhe, Proc.new { |s| s.ecdhe? }, :good],
[:ecdhe_only, Proc.new { |s| s.ecdhe_only? }, :perfect],

@@ -130,7 +125,7 @@ module CryptCheck
end

def calculate_states
states = { critical: [], error: [], warning: [], good: [], perfect: [], best: [] }
states = Status.collect { |s| [s, []] }.to_h
@checks.each do |name, check, status|
result = check.call @server
if result


+ 2
- 2
lib/cryptcheck/tls/server.rb View File

@@ -9,6 +9,7 @@ module CryptCheck
SSL_TIMEOUT = 2*TCP_TIMEOUT
EXISTING_METHODS = %i(TLSv1_2 TLSv1_1 TLSv1 SSLv3 SSLv2)
SUPPORTED_METHODS = ::OpenSSL::SSL::SSLContext::METHODS

class TLSException < ::StandardError
end
class TLSNotAvailableException < TLSException
@@ -360,13 +361,12 @@ module CryptCheck
end
end
end

Logger.info { '' } unless supported_ciphers.empty?
@supported_ciphers[method] = supported_ciphers
end
end

def check_fallback_scsv
Logger.info { '' }
@fallback_scsv = false

methods = @prefered_ciphers.reject { |_, v| v.nil? }.keys


+ 12
- 0
spec/cryptcheck/status_spec.rb View File

@@ -11,6 +11,7 @@ describe CryptCheck::Status do
[:critical, :critical] => :critical,
[:critical, :error] => :critical,
[:critical, :warning] => :critical,
[:critical, nil] => :critical,
[:critical, :good] => :critical,
[:critical, :perfect] => :critical,
[:critical, :best] => :critical,
@@ -18,6 +19,7 @@ describe CryptCheck::Status do
[:error, :critical] => :critical,
[:error, :error] => :error,
[:error, :warning] => :error,
[:error, nil] => :error,
[:error, :good] => :error,
[:error, :perfect] => :error,
[:error, :best] => :error,
@@ -25,6 +27,7 @@ describe CryptCheck::Status do
[:warning, :critical] => :critical,
[:warning, :error] => :error,
[:warning, :warning] => :warning,
[:warning, nil] => :warning,
[:warning, :good] => :warning,
[:warning, :perfect] => :warning,
[:warning, :best] => :warning,
@@ -32,6 +35,7 @@ describe CryptCheck::Status do
[:good, :critical] => :critical,
[:good, :error] => :error,
[:good, :warning] => :warning,
[:good, nil] => :good,
[:good, :good] => :good,
[:good, :perfect] => :good,
[:good, :best] => :good,
@@ -39,6 +43,7 @@ describe CryptCheck::Status do
[:perfect, :critical] => :critical,
[:perfect, :error] => :error,
[:perfect, :warning] => :warning,
[:perfect, nil] => :perfect,
[:perfect, :good] => :good,
[:perfect, :perfect] => :perfect,
[:perfect, :best] => :perfect,
@@ -46,6 +51,7 @@ describe CryptCheck::Status do
[:best, :critical] => :critical,
[:best, :error] => :error,
[:best, :warning] => :warning,
[:best, nil] => :best,
[:best, :good] => :good,
[:best, :perfect] => :perfect,
[:best, :best] => :best
@@ -68,6 +74,7 @@ describe CryptCheck::Status do
[:critical, :critical] => :critical,
[:critical, :error] => :critical,
[:critical, :warning] => :critical,
[:critical, nil] => :critical,
[:critical, :good] => :critical,
[:critical, :perfect] => :critical,
[:critical, :best] => :critical,
@@ -75,6 +82,7 @@ describe CryptCheck::Status do
[:error, :critical] => :critical,
[:error, :error] => :error,
[:error, :warning] => :error,
[:error, nil] => :error,
[:error, :good] => :error,
[:error, :perfect] => :error,
[:error, :best] => :error,
@@ -82,6 +90,7 @@ describe CryptCheck::Status do
[:warning, :critical] => :critical,
[:warning, :error] => :error,
[:warning, :warning] => :warning,
[:warning, nil] => :warning,
[:warning, :good] => :warning,
[:warning, :perfect] => :warning,
[:warning, :best] => :warning,
@@ -89,6 +98,7 @@ describe CryptCheck::Status do
[:good, :critical] => :critical,
[:good, :error] => :error,
[:good, :warning] => :warning,
[:good, nil] => nil,
[:good, :good] => nil,
[:good, :perfect] => nil,
[:good, :best] => nil,
@@ -96,6 +106,7 @@ describe CryptCheck::Status do
[:perfect, :critical] => :critical,
[:perfect, :error] => :error,
[:perfect, :warning] => :warning,
[:perfect, nil] => nil,
[:perfect, :good] => nil,
[:perfect, :perfect] => nil,
[:perfect, :best] => nil,
@@ -103,6 +114,7 @@ describe CryptCheck::Status do
[:best, :critical] => :critical,
[:best, :error] => :error,
[:best, :warning] => :warning,
[:best, nil] => nil,
[:best, :good] => nil,
[:best, :perfect] => nil,
[:best, :best] => nil


Write Preview
Loading…
Cancel
Save