Browse Source

Better to not duplicate checks

new-scoring
aeris 2 years ago
parent
commit
c25c9f1636
4 changed files with 27 additions and 47 deletions
  1. 17
    2
      lib/cryptcheck/state.rb
  2. 1
    1
      lib/cryptcheck/tls/cert.rb
  3. 8
    0
      lib/cryptcheck/tls/curve.rb
  4. 1
    44
      lib/cryptcheck/tls/grade.rb

+ 17
- 2
lib/cryptcheck/state.rb View File

@@ -43,6 +43,11 @@ module CryptCheck
LEVELS.find_index(a.status) <=> LEVELS.find_index(b.status)
end

def performed_checks
self.states # Force internal resolution
@performed_checks
end

private
def self.convert(status)
status = [status] unless status.respond_to? :first
@@ -77,12 +82,22 @@ module CryptCheck
end

def personal_states
states = State.empty
checks.each do |check|
states = State.empty
performed_checks = checks
performed_checks.each do |check|
level, name = perform_check check
next unless level
states[level] << name
end

performed_checks = [
performed_checks
.collect { |n, _, l| [l, n] }
.group_by(&:first)
.map { |k, v| [k, v.collect(&:last)] }.to_h
] + children.collect(&:performed_checks)
@performed_checks = State.merge *performed_checks

states
end


+ 1
- 1
lib/cryptcheck/tls/cert.rb View File

@@ -107,7 +107,7 @@ module CryptCheck
@cert.issuer
end

include ::CryptCheck::State
include State

CHECKS = WEAK_SIGN.collect do |level, hashes|
hashes.collect do |hash|

+ 8
- 0
lib/cryptcheck/tls/curve.rb View File

@@ -39,6 +39,14 @@ module CryptCheck
@name == other.name
end
end

include State

CHECKS = [].freeze

def checks
CHECKS
end
end
end
end

+ 1
- 44
lib/cryptcheck/tls/grade.rb View File

@@ -5,8 +5,8 @@ module CryptCheck

def initialize(server)
@server = server
@checks = checks
@states = @server.states
@checks = @server.performed_checks
Logger.info { '' }
Logger.ap :checks, @checks
Logger.ap :states, @states
@@ -33,42 +33,6 @@ module CryptCheck
end

private
CHECKS = {
best: %i(

),
perfect: %i(
tlsv1_2_only
pfs_only
ecdhe_only
),
good: %i(
tlsv1_2
pfs
ecdhe
aead
),
warning: %i(
weak_key
weak_dh
dhe
),
error: %i(
weak_key
weak_dh
),
critical: %i(
mdc2_sign md2_sign md4_sign md5_sign sha_sign sha1_sign
weak_key
weak_dh
sslv2 sslv3
),
}.freeze

def checks
CHECKS
end

def calculate_grade
return 'V' unless @server.valid?
return 'T' unless @server.trusted?
@@ -94,13 +58,6 @@ module CryptCheck
Logger.info { "Missing #{type} : #{missed}" }
return score2
end

# I'm not error prone. The code yes.
additional = available - expected
unless additional.empty?
Logger.fatal { "Developper missed #{type} : #{additional}".colorize :critical }
exit -1
end
end
end


Loading…
Cancel
Save