aeris
/
cryptcheck
Наблюдаван 1
Харесван 0
Разклонения 0
Код Задачи 0 Заявки за сливане 0 Версии 0 Уики Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16 Ревизии
2 Клонове
ИН на ревизия: 4fa9497a0d
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от '4fa9497a0d'
${ noResults }
cryptcheck/lib/cryptcheck/tls/grade.rb

grade.rb 4.3KB
Директен файл Blame История

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175 
  1. module CryptCheck

  2. 	module Tls

  3. 		class TlsNotSupportedGrade

  4. 			attr_reader :server, :score, :grade

  5. 

  6. 			def initialize(server)

  7. 				@server, @score, @grade = server, -1, 'X'

  8. 			end

  9. 		end

  10. 

  11. 		class Grade

  12. 			attr_reader :server, :protocol_score, :key_exchange_score, :cipher_strengths_score, :score, :grade, :error, :warning, :success

  13. 

  14. 			def initialize(server)

  15. 				@server = server

  16. 				calculate_protocol_score

  17. 				calculate_key_exchange_score

  18. 				calculate_cipher_strengths_score

  19. 				@score = @protocol_score*0.3 + @key_exchange_score*0.3 + @cipher_strengths_score*0.4

  20. 				calculate_error

  21. 				calculate_warning

  22. 				calculate_success

  23. 				calculate_grade

  24. 				calculate_perfect

  25. 			end

  26. 

  27. 			def display

  28. 				color = case self.grade

  29. 							when 'A+'

  30. 								:blue

  31. 							when 'A'

  32. 								:green

  33. 							when 'B', 'C'

  34. 								:yellow

  35. 							when 'E', 'F'

  36. 								:red

  37. 							when 'M', 'T'

  38. 								{ color: :white, background: :red }

  39. 						end

  40. 

  41. 				Logger.info { "Grade : #{self.grade.colorize color }" }

  42. 				Logger.info { '' }

  43. 				Logger.info { "Protocole : #{self.protocol_score} / 100" }

  44. 				Logger.info { "Key exchange : #{self.key_exchange_score} / 100" }

  45. 				Logger.info { "Ciphers strength : #{self.cipher_strengths_score} / 100" }

  46. 				Logger.info { "Overall score : #{self.score} / 100" }

  47. 				Logger.info { '' }

  48. 				Logger.info { "Errors : #{self.error.join(' ').colorize :red }" } unless self.error.empty?

  49. 				Logger.info { "Warnings : #{self.warning.join(' ').colorize :yellow }" } unless self.warning.empty?

  50. 				Logger.info { "Best practices : #{self.success.join(' ').colorize :green }" } unless self.success.empty?

  51. 			end

  52. 

  53. 			private

  54. 			def calculate_grade

  55. 				@grade = case @score

  56. 							 when 0...20 then

  57. 								 'F'

  58. 							 when 20...35 then

  59. 								 'E'

  60. 							 when 35...50 then

  61. 								 'D'

  62. 							 when 50...65 then

  63. 								 'C'

  64. 							 when 65...80 then

  65. 								 'B'

  66. 							 else

  67. 								 'A'

  68. 						 end

  69. 

  70. 				@grade = [@grade, 'B'].max if !@server.tlsv1_2? or @server.key_size < 2048

  71. 				@grade = [@grade, 'C'].max if @server.des3?

  72. 				@grade = [@grade, 'F'].max unless @error.empty?

  73. 

  74. 				@grade = 'M' unless @server.cert_valid

  75. 				@grade = 'T' unless @server.cert_trusted

  76. 			end

  77. 

  78. 			def calculate_error

  79. 				@error = []

  80. 

  81. 				@error << :md5_sig if @server.md5_sig?

  82. 

  83. 				@error << :md5 if @server.md5?

  84. 

  85. 				@error << :anonymous if @server.anonymous?

  86. 

  87. 				@error << :dss if @server.dss?

  88. 

  89. 				@error << :null if @server.null?

  90. 				@error << :export if @server.export?

  91. 				@error << :des if @server.des?

  92. 				@error << :rc4 if @server.rc4?

  93. 			end

  94. 

  95. 			def calculate_warning

  96. 				@warning = []

  97. 

  98. 				@warning << :sha1_sig if @server.sha1_sig?

  99. 

  100. 				#@warning << :sha1 if @server.sha1?

  101. 

  102. 				@warning << :des3 if @server.des3?

  103. 			end

  104. 

  105. 			def calculate_success

  106. 				@success = []

  107. 				@success << :pfs if @server.pfs_only?

  108. 			end

  109. 

  110. 			ALL_ERROR   = %i(md5_sig md5 anonymous dss null export des rc4)

  111. 			ALL_WARNING = %i(sha1_sig des3)

  112. 			ALL_SUCCESS = %i(pfs)

  113. 

  114. 			def all_error

  115. 				ALL_ERROR

  116. 			end

  117. 

  118. 			def all_warning

  119. 				ALL_WARNING

  120. 			end

  121. 

  122. 			def all_success

  123. 				ALL_SUCCESS

  124. 			end

  125. 

  126. 			def calculate_perfect

  127. 				@grade = 'A+' if @grade == 'A' and @error.empty? and @warning.empty? and (ALL_SUCCESS & @success) == ALL_SUCCESS

  128. 			end

  129. 

  130. 			METHODS_SCORES = { SSLv2: 0, SSLv3: 80, TLSv1: 90, TLSv1_1: 95, TLSv1_2: 100 }

  131. 

  132. 			def calculate_protocol_score

  133. 				methods         = @server.supported_methods

  134. 				worst, best     = methods[:worst], methods[:best]

  135. 				@protocol_score = (METHODS_SCORES[worst] + METHODS_SCORES[best]) / 2

  136. 			end

  137. 

  138. 			def calculate_key_exchange_score

  139. 				@key_exchange_score = case @server.key_size

  140. 										  when 0 then

  141. 											  0

  142. 										  when 0...512 then

  143. 											  20

  144. 										  when 512...1024 then

  145. 											  40

  146. 										  when 1024...2048 then

  147. 											  80

  148. 										  when 2048...4096 then

  149. 											  90

  150. 										  else

  151. 											  100

  152. 									  end

  153. 			end

  154. 

  155. 			def calculate_cipher_strength_score(cipher_strength)

  156. 				case cipher_strength

  157. 					when 0 then

  158. 						0

  159. 					when 0...128 then

  160. 						20

  161. 					when 128...256 then

  162. 						80

  163. 					else

  164. 						100

  165. 				end

  166. 			end

  167. 

  168. 			def calculate_cipher_strengths_score

  169. 				strength                = @server.cipher_size

  170. 				worst, best             = strength[:min], strength[:max]

  171. 				@cipher_strengths_score = (calculate_cipher_strength_score(worst) + calculate_cipher_strength_score(best)) / 2

  172. 			end

  173. 		end

  174. 	end

  175. end