ruby-sslyze 0.2.1 → 1.0.0

data/spec/xml/http_headers/http_public_key_pinning_spec.rb

@@ -0,0 +1,73 @@
+require 'spec_helper'
+require 'xml_examples'
+require 'sslyze/xml/http_headers/http_public_key_pinning'
+
+describe SSLyze::XML::HTTPHeaders::HTTPPublicKeyPinning do
+  include_examples "XML specs"
+
+  let(:xpath) { '/document/results/target/http_headers/httpPublicKeyPinning' }
+
+  subject do
+    described_class.new(xml.at(xpath))
+  end
+
+  describe "#include_sub_domains?" do
+    context "when the 'includeSubDomains' attribute is present" do
+      let(:xpath) { "#{super()}[@includeSubDomains]" }
+
+      context "and it is 'True'" do
+        let(:xpath) { "#{super()}[@includeSubDomains='True']" }
+
+        it do
+          pending "find domain where includeSubDomains='True'"
+
+          expect(subject.include_sub_domains?).to be(true)
+        end
+      end
+
+      context "but it is 'False'" do
+        let(:xpath) { "#{super()}[@includeSubDomains='False']" }
+
+        it do
+          expect(subject.include_sub_domains?).to be(false)
+        end
+      end
+    end
+
+    context "when the 'includeSubDomains' attribute is not present" do
+      let(:xpath) { "#{super()}[not(@includeSubDomains)]" }
+
+      it { expect(subject.include_sub_domains?).to be nil }
+    end
+  end
+
+  describe "#is_supported?" do
+    context "when the 'isSupported' attribute is 'True'" do
+      let(:xpath) { "#{super()}[@isSupported='True']" }
+
+      it { expect(subject.is_supported?).to be true }
+    end
+
+    context "when the 'isSupported' attribute is 'False'" do
+      let(:xpath) { "#{super()}[@isSupported='False']" }
+
+      it { expect(subject.is_supported?).to be false }
+    end
+  end
+
+  describe "#max_age" do
+    context "when the 'maxAge' attribute is present" do
+      let(:xpath) { "#{super()}[@maxAge]" }
+
+      it "should return the 'maxAge' attribute" do
+        expect(subject.max_age).to be > 0
+      end
+    end
+
+    context "when the 'maxAge' attribute is not present" do
+      let(:xpath) { "#{super()}[not(@maxAge)]" }
+
+      it { expect(subject.max_age).to be nil }
+    end
+  end
+end

data/spec/xml/http_headers/http_strict_transport_security_spec.rb

@@ -0,0 +1,107 @@
+require 'spec_helper'
+require 'xml_examples'
+require 'sslyze/xml/http_headers/http_strict_transport_security'
+
+describe SSLyze::XML::HTTPHeaders::HTTPStrictTransportSecurity do
+  include_examples "XML specs"
+
+  let(:xpath) { '/document/results/target/http_headers/httpStrictTransportSecurity' }
+
+  subject do
+    described_class.new(xml.at(xpath))
+  end
+
+  describe "#include_sub_domains?" do
+    context "when the 'includeSubDomains' attribute is present" do
+      subject do
+        described_class.new(xml.at("#{xpath}[@includeSubDomains]"))
+      end
+
+      it "should return a Boolean value" do
+        expect(subject.include_sub_domains?).to be(true).or(be(false))
+      end
+    end
+
+    context "when the 'includeSubDomains' attribute is not present" do
+      subject do
+        described_class.new(xml.at("#{xpath}[not(@includeSubDomains)]"))
+      end
+
+      it do
+        pending "need an example with no 'includeSubDomains' attribute"
+
+        expect(subject.include_sub_domains?).to be nil
+      end
+    end
+  end
+
+  describe "#is_supported?" do
+    context "when the 'isSupported' attribute is 'True'" do
+      subject do
+        described_class.new(xml.at("#{xpath}[@isSupported=\"True\"]"))
+      end
+
+      it { expect(subject.is_supported?).to be true }
+    end
+
+    context "when the 'isSupported' attribute is 'False'" do
+      subject do
+        described_class.new(xml.at("#{xpath}[@isSupported=\"False\"]"))
+      end
+
+      it do
+        pending "need an example where 'isSupported' is 'False'"
+
+        expect(subject.is_supported?).to be false
+      end
+    end
+  end
+
+  describe "#max_age" do
+    context "when the 'maxAge' attribute is present" do
+      subject do
+        described_class.new(xml.at("#{xpath}[@maxAge]"))
+      end
+
+      it "should return the 'maxAge' attribute" do
+        expect(subject.max_age).to be > 0
+      end
+    end
+
+    context "when the 'maxAge' attribute is not present" do
+      subject do
+        described_class.new(xml.at("#{xpath}[not(@maxAge)]"))
+      end
+
+      it do
+        pending "need an example with no 'maxAge' attribute"
+
+        expect(subject.max_age).to be nil
+      end
+    end
+  end
+
+  describe "#preload?" do
+    context "when the 'preload' attribute is present" do
+      subject do
+        described_class.new(xml.at("#{xpath}[@preload]"))
+      end
+
+      it "should return a Boolean value" do
+        expect(subject.preload?).to be(true).or(be(false))
+      end
+    end
+
+    context "when the 'preload' attribute is not present" do
+      subject do
+        described_class.new(xml.at("#{xpath}[not(@preload)]"))
+      end
+
+      it do
+        pending "need an example with no 'preload' attribute"
+
+        expect(subject.preload?).to be nil
+      end
+    end
+  end
+end

data/spec/xml/http_headers_spec.rb

@@ -0,0 +1,63 @@
+require 'spec_helper'
+require 'xml_examples'
+require 'xml/plugin_examples'
+require 'sslyze/xml/http_headers'
+
+describe SSLyze::XML::HTTPHeaders do
+  include_examples "XML specs"
+  include_examples "Plugin element"
+
+  let(:xpath) { '/document/results/target/http_headers' }
+
+  subject { described_class.new(xml.at(xpath)) }
+
+  describe "#http_strict_transport_security" do
+    context "when the '<httpStrictTransportSecurity/>' XML element is present" do
+      subject do
+        described_class.new(xml.at("#{xpath}[httpStrictTransportSecurity]"))
+      end
+
+      it do
+        expect(subject.http_strict_transport_security).to \
+          be_kind_of(described_class::HTTPStrictTransportSecurity)
+      end
+    end
+
+    context "when the '<httpStrictTransportSecurity/>' XML element is omitted" do
+      subject do
+        described_class.new(xml.at("#{xpath}[not(./httpStrictTransportSecurity)]"))
+      end
+
+      it do
+        pending "need an example with no '<httpStrictTransportSecurity/>'"
+
+        expect(subject.http_strict_transport_security).to be nil
+      end
+    end
+  end
+
+  describe "#http_public_key_pinning" do
+    context "when the '<httpPublicKeyPinning/>' XML element is present" do
+      subject do
+        described_class.new(xml.at("#{xpath}[httpPublicKeyPinning]"))
+      end
+
+      it do
+        expect(subject.http_public_key_pinning).to \
+          be_kind_of(described_class::HTTPPublicKeyPinning)
+      end
+    end
+
+    context "when the '<httpPublicKeyPinning/>' XML element is omitted" do
+      subject do
+        described_class.new(xml.at("#{xpath}[not(./httpPublicKeyPinning)]"))
+      end
+
+      it do
+        pending "need an example with no '<httpPublicKeyPinning/>'"
+
+        expect(subject.http_public_key_pinning).to be nil
+      end
+    end
+  end
+end

data/spec/xml/invalid_target_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+require 'xml_examples'
+require 'sslyze/xml/invalid_target'
+
+describe SSLyze::XML::InvalidTarget do
+  include_examples "XML specs"
+
+  let(:xpath) { '/document/invalidTargets/invalidTarget' }
+
+  subject { described_class.new(xml.at(xpath)) }
+
+  describe "#host" do
+    it "must parse the host attribute" do
+      expect(subject.host).to be == 'foo'
+    end
+  end
+
+  describe "#error" do
+    it "must parse the ip attribute" do
+      expect(subject.error).to be == 'Could not resolve foo'
+    end
+  end
+end

data/spec/xml/plugin_examples.rb

@@ -0,0 +1,14 @@
+require 'rspec'
+
+shared_examples_for "Plugin element" do
+  describe "#title" do
+    it "should parse the title attribute" do
+      expect(subject.title).to be_kind_of(String)
+      expect(subject.title).not_to be_empty
+    end
+  end
+
+  describe "#exception" do
+    pending "need an examples of plugin elements with exception messages"
+  end
+end

data/spec/{key_exchange_spec.rb → xml/protocol/cipher_suite/key_exchange_spec.rb}

@@ -1,11 +1,11 @@
 require 'spec_helper'
 require 'xml_examples'
-require 'sslyze/key_exchange'
+require 'sslyze/xml/protocol/cipher_suite/key_exchange'
 
-describe SSLyze::KeyExchange do
+describe SSLyze::XML::Protocol::CipherSuite::KeyExchange do
   include_examples "XML specs"
 
-  subject { described_class.new(xml.at('/document/results/target/tlsv1_2/acceptedCipherSuites/cipherSuite/keyExchange')) }
+  subject { described_class.new(xml.at('/document/results/target/tlsv1_2/preferredCipherSuite/cipherSuite/keyExchange')) }
 
   describe "#a" do
     it "should parse the A attribute" do
@@ -49,6 +49,12 @@ describe SSLyze::KeyExchange do
     end
   end
 
+  describe "#order" do
+    it "should parse the Order attribute" do
+      expect(subject.order).to be == '0x00ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551'
+    end
+  end
+
   describe "#prime" do
     it "should parse the Prime attribute" do
       expect(subject.prime).to be == '0x00ffffffff00000001000000000000000000000000ffffffffffffffffffffffff'

data/spec/xml/protocol/cipher_suite_spec.rb

@@ -0,0 +1,66 @@
+require 'spec_helper'
+require 'xml_examples'
+require 'sslyze/xml/protocol/cipher_suite'
+
+describe SSLyze::XML::Protocol::CipherSuite do
+  include_examples "XML specs"
+
+  subject { described_class.new(xml.at('/document/results/target/tlsv1_2/preferredCipherSuite/cipherSuite')) }
+
+  describe "#name" do
+    it "should parse the name attribute" do
+      expect(subject.name).to be == 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
+    end
+  end
+
+  describe "#rfc_name" do
+    it "should return the RFC cipher suite name" do
+      expect(subject.rfc_name).to be == 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
+    end
+  end
+
+  describe "#openssl_name" do
+    it "should map the RFC name back to the OpenSSL name" do
+      expect(subject.openssl_name).to be == 'ECDHE-RSA-AES128-GCM-SHA256'
+    end
+  end
+
+  describe "#connection_status" do
+    it "should parse the connectionStatus attribute" do
+      expect(subject.connection_status).to be == 'HTTP 200 OK'
+    end
+  end
+
+  describe "#anonymous?" do
+    it "should query the anonymous attribute" do
+      expect(subject.anonymous?).to be false
+    end
+  end
+
+  describe "#key_size" do
+    it "should return the keySize attribute" do
+      expect(subject.key_size).to be 128
+    end
+  end
+
+  describe "#key_exchange" do
+    context "when the keyExchange child is present" do
+      subject do
+        described_class.new(xml.at('/document/results/target/tlsv1_2/acceptedCipherSuites/cipherSuite[keyExchange]'))
+      end
+
+      it do
+        expect(subject.key_exchange).to be_kind_of(described_class::KeyExchange)
+      end
+    end
+
+    context "when the keyExchange object is missing" do
+      subject do
+        described_class.new(xml.at('/document/results/target/tlsv1_2/acceptedCipherSuites/cipherSuite[not(./keyExchange)]'))
+      end
+
+      it { expect(subject.key_exchange).to be nil }
+    end
+  end
+
+end

data/spec/xml/protocol_spec.rb

@@ -0,0 +1,115 @@
+require 'spec_helper'
+require 'xml_examples'
+require 'sslyze/xml/protocol'
+
+describe SSLyze::XML::Protocol do
+  include_examples "XML specs"
+
+  let(:xpath) { '/document/results/target/tlsv1_2' }
+
+  subject { described_class.new(xml.at(xpath)) }
+
+  describe "#name" do
+    it "should return the protocol name" do
+      expect(subject.name).to be == :tlsv1_2
+    end
+  end
+
+  describe "#title" do
+    it "must parse the title attribute" do
+      expect(subject.title).to be == 'TLSV1_2 Cipher Suites'
+    end
+  end
+
+  describe "#preferred_cipher_suite" do
+    context "when the 'preferredCipherSuite' XML element has children" do
+      let(:xpath) do
+        '/document/results/target/*[preferredCipherSuite/cipherSuite]'
+      end
+
+      it do
+        expect(subject.preferred_cipher_suite).to be_kind_of(described_class::CipherSuite)
+      end
+    end
+
+    context "when the preferredCipherSuite' XML element has no children" do
+      let(:xpath) do
+        '/document/results/target/*[preferredCipherSuite][not(preferredCipherSuite/cipherSuite)]'
+      end
+
+      it do
+        expect(subject.preferred_cipher_suite).to be nil
+      end
+    end
+  end
+
+  describe "#each_accepted_cipher_suite" do
+    it "should yield CipherSuite objects" do
+      expect { |b|
+        subject.each_accepted_cipher_suite(&b)
+      }
+    end
+
+    context "when given no block" do
+      it { expect(subject.each_accepted_cipher_suite).to be_an(Enumerator) }
+    end
+  end
+
+  describe "#accepted_cipher_suites" do
+    it "should return an Array of CipherSuites" do
+      expect(subject.accepted_cipher_suites).to be_an(Array).and(
+        all(be_a(described_class::CipherSuite))
+      )
+    end
+  end
+
+  describe "#each_rejected_cipher_suite" do
+    it "should yield CipherSuite objects" do
+      expect { |b|
+        subject.each_rejected_cipher_suite(&b)
+      }
+    end
+
+    context "when given no block" do
+      it { expect(subject.each_rejected_cipher_suite).to be_an(Enumerator) }
+    end
+  end
+
+  describe "#rejected_cipher_suites" do
+    it "should return an Array of CipherSuites" do
+      expect(subject.rejected_cipher_suites).to be_an(Array).and(
+        all(be_a(described_class::CipherSuite))
+      )
+    end
+  end
+
+  describe "#supported?" do
+    context "when there are preferred cipher suites" do
+      it "should return true" do
+        expect(subject.supported?).to be(true)
+      end
+    end
+  end
+
+  describe "#each_error" do
+    it "should yield CipherSuite objects" do
+      pending "need a target with non-empty '<errors/>'"
+
+      expect { |b|
+        subject.each_error(&b)
+      }.to yield_successive_args(described_class::CipherSuite)
+    end
+
+    context "when given no block" do
+      it { expect(subject.each_error).to be_an(Enumerator) }
+    end
+  end
+
+  describe "#errors" do
+    it "should return an Array of CipherSuites" do
+      expect(subject.errors).to be_an(Array).and(
+        all(be_a(described_class::CipherSuite))
+      )
+    end
+  end
+end