From 9cfea50107c6538ff19d772c91ecb2c820b6afc1 Mon Sep 17 00:00:00 2001 From: aeris Date: Mon, 10 Apr 2017 10:42:56 +0200 Subject: [PATCH] Change grade to module --- lib/cryptcheck.rb | 8 +--- lib/cryptcheck/ssh.rb | 2 +- lib/cryptcheck/state.rb | 5 --- lib/cryptcheck/tls.rb | 2 +- lib/cryptcheck/tls/grade.rb | 72 +++++++------------------------ lib/cryptcheck/tls/host.rb | 21 +++++---- lib/cryptcheck/tls/https/grade.rb | 16 ------- lib/cryptcheck/tls/https/host.rb | 4 -- lib/cryptcheck/tls/server.rb | 1 + lib/cryptcheck/tls/smtp/grade.rb | 14 ------ lib/cryptcheck/tls/xmpp/grade.rb | 15 ------- 11 files changed, 31 insertions(+), 129 deletions(-) delete mode 100644 lib/cryptcheck/tls/https/grade.rb delete mode 100644 lib/cryptcheck/tls/smtp/grade.rb delete mode 100644 lib/cryptcheck/tls/xmpp/grade.rb diff --git a/lib/cryptcheck.rb b/lib/cryptcheck.rb index 4d8d4fc..f2c07c8 100644 --- a/lib/cryptcheck.rb +++ b/lib/cryptcheck.rb @@ -37,20 +37,17 @@ module CryptCheck autoload :Https, 'cryptcheck/tls/https' module Https autoload :Server, 'cryptcheck/tls/https/server' - autoload :Grade, 'cryptcheck/tls/https/grade' autoload :Host, 'cryptcheck/tls/https/host' end autoload :Xmpp, 'cryptcheck/tls/xmpp' module Xmpp autoload :Server, 'cryptcheck/tls/xmpp/server' - autoload :Grade, 'cryptcheck/tls/xmpp/grade' end autoload :Smtp, 'cryptcheck/tls/smtp' module Smtp autoload :Server, 'cryptcheck/tls/smtp/server' - autoload :Grade, 'cryptcheck/tls/smtp/grade' end end @@ -59,7 +56,6 @@ module CryptCheck autoload :Packet, 'cryptcheck/ssh/packet' autoload :Server, 'cryptcheck/ssh/server' autoload :SshNotSupportedServer, 'cryptcheck/ssh/server' - autoload :Grade, 'cryptcheck/ssh/grade' end private @@ -106,7 +102,7 @@ module CryptCheck end.to_h end - def self.analyze(host, port, server, grade, *args, **kargs) + def self.analyze(host, port, server, *args, **kargs) addresses = begin addresses host rescue ::SocketError => e @@ -115,7 +111,7 @@ module CryptCheck error = AnalysisFailure.new "Unable to resolve #{host}" return { key => error } end - analyze_addresses host, addresses, port, server, grade, *args, **kargs + analyze_addresses host, addresses, port, server, *args, **kargs end def self.analyze_hosts(hosts, template, output, groups: nil, &block) diff --git a/lib/cryptcheck/ssh.rb b/lib/cryptcheck/ssh.rb index 4817bcf..b5850da 100644 --- a/lib/cryptcheck/ssh.rb +++ b/lib/cryptcheck/ssh.rb @@ -1,7 +1,7 @@ module CryptCheck module Ssh def self.analyze(host, port=22) - ::CryptCheck.analyze host, port, Server, Grade + ::CryptCheck.analyze host, port, Server end end end diff --git a/lib/cryptcheck/state.rb b/lib/cryptcheck/state.rb index bbfc3f2..fdc314f 100644 --- a/lib/cryptcheck/state.rb +++ b/lib/cryptcheck/state.rb @@ -61,11 +61,6 @@ module CryptCheck a <=> b end - def performed_checks - self.states # Force internal resolution - @performed_checks - end - protected def checks @checks ||= self.available_checks.collect { |c| perform_check c }.flatten(1) + children.collect(&:checks).flatten(1) diff --git a/lib/cryptcheck/tls.rb b/lib/cryptcheck/tls.rb index 8b17204..c341186 100644 --- a/lib/cryptcheck/tls.rb +++ b/lib/cryptcheck/tls.rb @@ -4,7 +4,7 @@ require 'parallel' module CryptCheck module Tls def self.analyze(host, port) - ::CryptCheck.analyze host, port, TcpServer, Grade + ::CryptCheck.analyze host, port, TcpServer end def self.key_to_s(key) diff --git a/lib/cryptcheck/tls/grade.rb b/lib/cryptcheck/tls/grade.rb index f1fb81b..11865fb 100644 --- a/lib/cryptcheck/tls/grade.rb +++ b/lib/cryptcheck/tls/grade.rb @@ -1,71 +1,31 @@ module CryptCheck module Tls - class Grade - attr_reader :server, :grade - - def initialize(server) - @server = server - @states = @server.states - @checks = @server.performed_checks - Logger.info { '' } - Logger.ap :checks, @checks - Logger.ap :states, @states - @grade = calculate_grade - - color = case @grade - when 'A', 'A+' - :best - when 'B', 'B+' - :great - when 'C', 'C+' - :good - when 'E' - :warning - when 'F' - :error - when 'G' - :critical - when 'T', 'V' - :unknown - end - - Logger.info { "Grade : #{self.grade.colorize color }" } - end - - def to_h - { checks: @checks, states: @states } + module Grade + def grade + @grade ||= calculate_grade end private def calculate_grade - return 'V' unless @server.valid? - return 'T' unless @server.trusted? + return :V unless self.valid? + return :T unless self.trusted? + + states = self.states - case - when !@states[:critical].empty? - return 'G' - when !@states[:error].empty? - return 'F' - when !@states[:warning].empty? - return 'E' + { critical: :G, error: :F, warning: :E }.each do |type, grade| + return grade if states[type].any? { |s| s == true } end - [[:good, 'D', 'C'], - [:great, 'C', 'B'], - [:best, 'B', 'A']].each do |type, score1, score2| - expected = @checks[type] - unless expected.empty? - available = @states[type] - return score1 if available.empty? - missed = expected - available - unless missed.empty? - Logger.info { "Missing #{type} : #{missed}" } - return score2 - end + {good: %i(D C), great: %i(C B), best: %i(B A)}.each do |type, scores| + state = states[type] + return scores.first if state.all? { |s| s != false } + if state.any? { |s| s == false } + Logger.info { "Missing #{type} : #{states[type].select { |s| s == false }.collect &:key}" } + return scores.last end end - 'A+' + :'A+' end end end diff --git a/lib/cryptcheck/tls/host.rb b/lib/cryptcheck/tls/host.rb index 6ac28ea..0887ffa 100644 --- a/lib/cryptcheck/tls/host.rb +++ b/lib/cryptcheck/tls/host.rb @@ -36,7 +36,9 @@ module CryptCheck server = ::Timeout.timeout MAX_ANALYSIS_DURATION do server(*args) end - grade server + Logger.info '' + Logger.info { "Grade : #{server.grade.to_s.colorize server.status}" } + server rescue Engine::TLSException, Engine::ConnectionError, Engine::Timeout => e AnalysisFailure.new e rescue ::Timeout::Error @@ -57,19 +59,20 @@ module CryptCheck if @error target[:error] = @error else - target[:hosts] = @servers.collect do |host, grade| + target[:hosts] = @servers.collect do |host, server| hostname, ip, port = host host = { hostname: hostname, ip: ip, port: port } - case grade - when Grade - host[:analysis] = grade.server.to_h - host[:status] = grade.to_h + case server + when Server + host[:handshakes] = server.to_h + host[:states] = server.states + host[:grade] = server.grade else - host[:error] = grade.message + host[:error] = server.message end host end @@ -91,10 +94,6 @@ module CryptCheck def server(*args) TcpServer.new *args end - - def grade(server) - Grade.new server - end end end end diff --git a/lib/cryptcheck/tls/https/grade.rb b/lib/cryptcheck/tls/https/grade.rb deleted file mode 100644 index fc1af5f..0000000 --- a/lib/cryptcheck/tls/https/grade.rb +++ /dev/null @@ -1,16 +0,0 @@ -module CryptCheck - module Tls - module Https - class Grade < Tls::Grade - CHECKS = { - good: %i(hsts), - perfect: %i(hsts_long) - } - - def checks - State.merge super, CHECKS - end - end - end - end -end diff --git a/lib/cryptcheck/tls/https/host.rb b/lib/cryptcheck/tls/https/host.rb index 284b612..1701de8 100644 --- a/lib/cryptcheck/tls/https/host.rb +++ b/lib/cryptcheck/tls/https/host.rb @@ -6,10 +6,6 @@ module CryptCheck def server(*args) Https::Server.new *args end - - def grade(server) - Https::Grade.new server - end end end end diff --git a/lib/cryptcheck/tls/server.rb b/lib/cryptcheck/tls/server.rb index d0fa19c..b534d7e 100644 --- a/lib/cryptcheck/tls/server.rb +++ b/lib/cryptcheck/tls/server.rb @@ -85,6 +85,7 @@ module CryptCheck end include Engine + include Grade end class TcpServer < Server diff --git a/lib/cryptcheck/tls/smtp/grade.rb b/lib/cryptcheck/tls/smtp/grade.rb deleted file mode 100644 index 737aafa..0000000 --- a/lib/cryptcheck/tls/smtp/grade.rb +++ /dev/null @@ -1,14 +0,0 @@ -module CryptCheck - module Tls - module Smtp - class Grade < Tls::Grade - CHECKS = { - } - - def checks - State.merge super, CHECKS - end - end - end - end -end diff --git a/lib/cryptcheck/tls/xmpp/grade.rb b/lib/cryptcheck/tls/xmpp/grade.rb deleted file mode 100644 index b345e3a..0000000 --- a/lib/cryptcheck/tls/xmpp/grade.rb +++ /dev/null @@ -1,15 +0,0 @@ -module CryptCheck - module Tls - module Xmpp - class Grade < Tls::Grade - CHECKS = { - good: %i(required) - } - - def checks - State.merge super, CHECKS - end - end - end - end -end