Browse Source

Output JSON

master
aeris 1 month ago
parent
commit
9f4bd567f6

+ 16
- 0
lib/cryptcheck/tls/grade.rb View File

@@ -34,6 +34,22 @@ module CryptCheck
Logger.info { "Best practices : #{self.success.join(' ').colorize :green }" } unless self.success.empty?
end

def to_h
{
rank: self.grade,
details: {
score: self.score,
protocol: self.protocol_score,
key_exchange: self.key_exchange_score,
cipher_strengths: self.cipher_strengths_score
},
error: self.error,
danger: self.danger,
warning: self.warning,
success: self.success
}
end

private
def calculate_grade
@grade = case @score

+ 7
- 2
lib/cryptcheck/tls/https/server.rb View File

@@ -6,7 +6,7 @@ module CryptCheck
class Server < Tls::TcpServer
attr_reader :hsts

def initialize(hostname, family, ip, port=443)
def initialize(hostname, family, ip, port = 443)
super
fetch_hsts
end
@@ -42,10 +42,15 @@ module CryptCheck
!@hsts.nil?
end

LONG_HSTS = 6*30*24*60*60
LONG_HSTS = 6 * 30 * 24 * 60 * 60

def hsts_long?
hsts? and @hsts >= LONG_HSTS
end

def to_h
super.merge hsts: self.hsts
end
end
end
end

+ 33
- 9
lib/cryptcheck/tls/server.rb View File

@@ -6,7 +6,7 @@ module CryptCheck
module Tls
class Server
TCP_TIMEOUT = 10
SSL_TIMEOUT = 2*TCP_TIMEOUT
SSL_TIMEOUT = 2 * TCP_TIMEOUT
EXISTING_METHODS = %i(TLSv1_2 TLSv1_1 TLSv1 SSLv3 SSLv2)
SUPPORTED_METHODS = ::OpenSSL::SSL::SSLContext::METHODS
class TLSException < ::StandardError
@@ -113,7 +113,29 @@ module CryptCheck
supported_ciphers.all? { |c| c.pfs? }
end

def to_h
{
key: key_to_json(self.key),
dh: self.dh.collect { |k| key_to_json k },
protocols: self.supported_protocols,
ciphers: self.supported_ciphers.collect do |c|
{
protocol: c.protocol,
name: c.name,
size: c.size,
dh: key_to_json(c.dh)
}
end

}
end

private

def key_to_json(key)
key.nil? ? nil : { type: key.type, size: key.size, rsa_size: key.rsa_equivalent_size }
end

def name
name = "#@ip:#@port"
name += " [#@hostname]" if @hostname
@@ -161,17 +183,17 @@ module CryptCheck
retry
rescue ::OpenSSL::SSL::SSLError => e
case e
when /state=SSLv2 read server hello A$/,
/state=SSLv3 read server hello A: wrong version number$/
raise MethodNotAvailable, e
when /state=error: no ciphers available$/,
/state=SSLv3 read server hello A: sslv3 alert handshake failure$/
raise CipherNotAvailable, e
when /state=SSLv2 read server hello A$/,
/state=SSLv3 read server hello A: wrong version number$/
raise MethodNotAvailable, e
when /state=error: no ciphers available$/,
/state=SSLv3 read server hello A: sslv3 alert handshake failure$/
raise CipherNotAvailable, e
end
rescue SystemCallError => e
case e
when /^Connection reset by peer$/
raise MethodNotAvailable, e
when /^Connection reset by peer$/
raise MethodNotAvailable, e
end
ensure
ssl_socket.close
@@ -297,6 +319,7 @@ module CryptCheck

class TcpServer < Server
private

def sock_type
::Socket::SOCK_STREAM
end
@@ -304,6 +327,7 @@ module CryptCheck

class UdpServer < Server
private

def sock_type
::Socket::SOCK_DGRAM
end

+ 1
- 0
lib/cryptcheck/tls/xmpp.rb View File

@@ -1,5 +1,6 @@
require 'erb'
require 'parallel'
require 'resolv'

module CryptCheck
module Tls

+ 13
- 9
lib/cryptcheck/tls/xmpp/server.rb View File

@@ -8,14 +8,14 @@ module CryptCheck
class Server < Tls::TcpServer
attr_reader :domain

def initialize(hostname, family, ip, port=nil, domain: nil, type: :s2s)
def initialize(hostname, family, ip, port = nil, domain: nil, type: :s2s)
domain ||= hostname
@type, @domain = type, domain
port = case type
when :s2s
5269
when :c2s
5222
when :s2s
5269
when :c2s
5222
end unless port
super hostname, family, ip, port
Logger.info { '' }
@@ -24,10 +24,10 @@ module CryptCheck

def ssl_connect(socket, context, method, &block)
type = case @type
when :s2s then
'jabber:server'
when :c2s then
'jabber:client'
when :s2s then
'jabber:server'
when :c2s then
'jabber:client'
end
socket.puts "<?xml version='1.0' ?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='#{type}' to='#{@domain}' version='1.0'>"
response = ''
@@ -53,6 +53,10 @@ module CryptCheck
def required?
@required
end

def to_h
super.merge required: self.required?
end
end
end
end

Loading…
Cancel
Save