You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

grade.rb 3.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142
  1. module CryptCheck
  2. module Tls
  3. class TlsNotSupportedGrade
  4. attr_reader :server, :score, :grade
  5. def initialize(server)
  6. @server, @score, @grade = server, -1, 'X'
  7. end
  8. end
  9. class Grade
  10. attr_reader :server, :protocol_score, :key_exchange_score, :cipher_strengths_score, :score, :grade, :error, :warning, :success
  11. def initialize(server)
  12. @server = server
  13. calculate_protocol_score
  14. calculate_key_exchange_score
  15. calculate_cipher_strengths_score
  16. @score = @protocol_score*0.3 + @key_exchange_score*0.3 + @cipher_strengths_score*0.4
  17. calculate_error
  18. calculate_warning
  19. calculate_success
  20. calculate_grade
  21. end
  22. def display
  23. color = case self.grade
  24. when 'A+' then :blue
  25. when 'A' then :green
  26. when 'B', 'C' then :yellow
  27. when 'E', 'F' then :red
  28. when 'M', 'T' then { color: :white, background: :red }
  29. end
  30. Logger.info { "Grade : #{self.grade.colorize color }" }
  31. Logger.info { '' }
  32. Logger.info { "Protocole : #{self.protocol_score} / 100" }
  33. Logger.info { "Key exchange : #{self.key_exchange_score} / 100" }
  34. Logger.info { "Ciphers strength : #{self.cipher_strengths_score} / 100" }
  35. Logger.info { "Overall score : #{self.score} / 100" }
  36. Logger.info { '' }
  37. Logger.info { "Errors : #{self.error.join(' ').colorize :red }" } unless self.error.empty?
  38. Logger.info { "Warnings : #{self.warning.join(' ').colorize :yellow }" } unless self.warning.empty?
  39. Logger.info { "Best practices : #{self.success.join(' ').colorize :green }" } unless self.success.empty?
  40. end
  41. private
  42. def calculate_grade
  43. @grade = case @score
  44. when 0...20 then 'F'
  45. when 20...35 then 'E'
  46. when 35...50 then 'D'
  47. when 50...65 then 'C'
  48. when 65...80 then 'B'
  49. else 'A'
  50. end
  51. @grade = [@grade, 'B'].max if !@server.tlsv1_2? or @server.key_size < 2048
  52. @grade = [@grade, 'C'].max if @server.des3?
  53. @grade = [@grade, 'F'].max unless @error.empty?
  54. @grade = 'M' unless @server.cert_valid
  55. @grade = 'T' unless @server.cert_trusted
  56. @grade = 'A+' if @grade == 'A' and @error.empty? and @warning.empty? and (all_success & @success) == all_success
  57. end
  58. def calculate_error
  59. @error = []
  60. @error << :md5_sig if @server.md5_sig?
  61. @error << :md5 if @server.md5?
  62. @error << :anonymous if @server.anonymous?
  63. @error << :dss if @server.dss?
  64. @error << :null if @server.null?
  65. @error << :export if @server.export?
  66. @error << :des if @server.des?
  67. @error << :rc4 if @server.rc4?
  68. end
  69. def calculate_warning
  70. @warning = []
  71. @warning << :sha1_sig if @server.sha1_sig?
  72. #@warning << :sha1 if @server.sha1?
  73. @warning << :des3 if @server.des3?
  74. end
  75. def calculate_success
  76. @success = []
  77. @success << :pfs if @server.pfs_only?
  78. end
  79. ALL_ERROR = %i(md5_sig md5 anonymous dss null export des rc4)
  80. def all_error
  81. ALL_ERROR
  82. end
  83. ALL_WARNING = %i(sha1_sig des3)
  84. def all_warning
  85. ALL_WARNING
  86. end
  87. ALL_SUCCESS = %i(pfs)
  88. def all_success
  89. ALL_SUCCESS
  90. end
  91. METHODS_SCORES = { SSLv2: 0, SSLv3: 20, TLSv1: 60, TLSv1_1: 80, TLSv1_2: 100 }
  92. def calculate_protocol_score
  93. @protocol_score = @server.supported_protocols.collect { |p| METHODS_SCORES[p] }.min
  94. end
  95. def calculate_key_exchange_score
  96. @key_exchange_score = case @server.key_size
  97. when 0 then 0
  98. when 0...512 then 10
  99. when 512...1024 then 20
  100. when 1024...2048 then 50
  101. when 2048...4096 then 90
  102. else 100
  103. end
  104. end
  105. def calculate_cipher_strengths_score
  106. @cipher_strengths_score = case @server.cipher_size
  107. when 0 then 0
  108. when 0...112 then 10
  109. when 112...128 then 50
  110. when 128...256 then 90
  111. else 100
  112. end
  113. end
  114. end
  115. end
  116. end