Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.

143 wiersze
3.8KB

  1. module CryptCheck
  2. module Tls
  3. class TlsNotSupportedGrade
  4. attr_reader :server, :score, :grade
  5. def initialize(server)
  6. @server, @score, @grade = server, -1, 'X'
  7. end
  8. end
  9. class Grade
  10. attr_reader :server, :protocol_score, :key_exchange_score, :cipher_strengths_score, :score, :grade, :error, :warning, :success
  11. def initialize(server)
  12. @server = server
  13. calculate_protocol_score
  14. calculate_key_exchange_score
  15. calculate_cipher_strengths_score
  16. @score = @protocol_score*0.3 + @key_exchange_score*0.3 + @cipher_strengths_score*0.4
  17. calculate_error
  18. calculate_warning
  19. calculate_success
  20. calculate_grade
  21. end
  22. def display
  23. color = case self.grade
  24. when 'A+' then :blue
  25. when 'A' then :green
  26. when 'B', 'C' then :yellow
  27. when 'E', 'F' then :red
  28. when 'M', 'T' then { color: :white, background: :red }
  29. end
  30. Logger.info { "Grade : #{self.grade.colorize color }" }
  31. Logger.info { '' }
  32. Logger.info { "Protocole : #{self.protocol_score} / 100" }
  33. Logger.info { "Key exchange : #{self.key_exchange_score} / 100" }
  34. Logger.info { "Ciphers strength : #{self.cipher_strengths_score} / 100" }
  35. Logger.info { "Overall score : #{self.score} / 100" }
  36. Logger.info { '' }
  37. Logger.info { "Errors : #{self.error.join(' ').colorize :red }" } unless self.error.empty?
  38. Logger.info { "Warnings : #{self.warning.join(' ').colorize :yellow }" } unless self.warning.empty?
  39. Logger.info { "Best practices : #{self.success.join(' ').colorize :green }" } unless self.success.empty?
  40. end
  41. private
  42. def calculate_grade
  43. @grade = case @score
  44. when 0...20 then 'F'
  45. when 20...35 then 'E'
  46. when 35...50 then 'D'
  47. when 50...65 then 'C'
  48. when 65...80 then 'B'
  49. else 'A'
  50. end
  51. @grade = [@grade, 'B'].max if !@server.tlsv1_2? or @server.key_size < 2048
  52. @grade = [@grade, 'C'].max if @server.des3?
  53. @grade = [@grade, 'F'].max unless @error.empty?
  54. @grade = 'M' unless @server.cert_valid
  55. @grade = 'T' unless @server.cert_trusted
  56. @grade = 'A+' if @grade == 'A' and @error.empty? and @warning.empty? and (all_success & @success) == all_success
  57. end
  58. def calculate_error
  59. @error = []
  60. @error << :md5_sig if @server.md5_sig?
  61. @error << :sslv2 if @server.sslv2?
  62. @error << :sslv3 if @server.sslv3?
  63. @error << :md5 if @server.md5?
  64. @error << :anonymous if @server.anonymous?
  65. @error << :dss if @server.dss?
  66. @error << :null if @server.null?
  67. @error << :export if @server.export?
  68. @error << :des if @server.des?
  69. @error << :rc4 if @server.rc4?
  70. end
  71. def calculate_warning
  72. @warning = []
  73. @warning << :sha1_sig if @server.sha1_sig?
  74. #@warning << :sha1 if @server.sha1?
  75. @warning << :des3 if @server.des3?
  76. end
  77. def calculate_success
  78. @success = []
  79. @success << :pfs if @server.pfs_only?
  80. end
  81. ALL_ERROR = %i(md5_sig md5 anonymous dss null export des rc4)
  82. def all_error
  83. ALL_ERROR
  84. end
  85. ALL_WARNING = %i(sha1_sig des3)
  86. def all_warning
  87. ALL_WARNING
  88. end
  89. ALL_SUCCESS = %i(pfs)
  90. def all_success
  91. ALL_SUCCESS
  92. end
  93. METHODS_SCORES = { SSLv2: 0, SSLv3: 20, TLSv1: 60, TLSv1_1: 80, TLSv1_2: 100 }
  94. def calculate_protocol_score
  95. @protocol_score = @server.supported_protocols.collect { |p| METHODS_SCORES[p] }.min
  96. end
  97. def calculate_key_exchange_score
  98. @key_exchange_score = case @server.key_size
  99. when 0 then 0
  100. when 0...512 then 10
  101. when 512...1024 then 20
  102. when 1024...2048 then 50
  103. when 2048...4096 then 90
  104. else 100
  105. end
  106. end
  107. def calculate_cipher_strengths_score
  108. @cipher_strengths_score = case @server.cipher_size
  109. when 0 then 0
  110. when 0...112 then 10
  111. when 112...128 then 50
  112. when 128...256 then 90
  113. else 100
  114. end
  115. end
  116. end
  117. end
  118. end