RubyGems - ruby-sslyze - Versions diffs - 0.2.1 → 1.0.0 - Mend

ruby-sslyze 0.2.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (146) hide show

checksums.yaml +4 -4
data/.gitignore +6 -4
data/.travis.yml +15 -7
data/ChangeLog.md +29 -12
data/Gemfile +3 -2
data/LICENSE.txt +1 -1
data/README.md +5 -5
data/Rakefile +1 -1
data/lib/sslyze/cipher_suites.rb +176 -0
data/lib/sslyze/program.rb +8 -8
data/lib/sslyze/task.rb +40 -33
data/lib/sslyze/version.rb +1 -1
data/lib/sslyze/{certificate/domain_name.rb → x509/domain.rb} +5 -3
data/lib/sslyze/x509/extension.rb +15 -0
data/lib/sslyze/x509/extension_set.rb +140 -0
data/lib/sslyze/x509/extensions.rb +6 -0
data/lib/sslyze/x509/extensions/basic_constraints.rb +41 -0
data/lib/sslyze/x509/extensions/certificate_policies.rb +108 -0
data/lib/sslyze/x509/extensions/crl_distribution_points.rb +47 -0
data/lib/sslyze/x509/extensions/extended_key_usage.rb +58 -0
data/lib/sslyze/x509/extensions/key_usage.rb +66 -0
data/lib/sslyze/x509/extensions/subject_alt_name.rb +144 -0
data/lib/sslyze/x509/name.rb +194 -0
data/lib/sslyze/x509/public_key.rb +53 -0
data/lib/sslyze/xml.rb +26 -37
data/lib/sslyze/xml/attributes.rb +5 -0
data/lib/sslyze/xml/attributes/error.rb +30 -0
data/lib/sslyze/xml/attributes/exception.rb +30 -0
data/lib/sslyze/xml/attributes/is_supported.rb +29 -0
data/lib/sslyze/xml/attributes/is_vulnerable.rb +29 -0
data/lib/sslyze/xml/attributes/title.rb +31 -0
data/lib/sslyze/xml/certinfo.rb +67 -0
data/lib/sslyze/xml/certinfo/certificate.rb +202 -0
data/lib/sslyze/xml/certinfo/certificate_validation.rb +69 -0
data/lib/sslyze/xml/certinfo/certificate_validation/hostname_validation.rb +54 -0
data/lib/sslyze/xml/certinfo/certificate_validation/path_validation.rb +84 -0
data/lib/sslyze/xml/certinfo/certificate_validation/verified_certificate_chain.rb +41 -0
data/lib/sslyze/xml/certinfo/has_certificates.rb +102 -0
data/lib/sslyze/xml/certinfo/ocsp_stapling.rb +45 -0
data/lib/sslyze/xml/certinfo/ocsp_stapling/ocsp_response.rb +87 -0
data/lib/sslyze/xml/certinfo/received_certificate_chain.rb +48 -0
data/lib/sslyze/xml/compression.rb +33 -0
data/lib/sslyze/xml/compression/compression_method.rb +38 -0
data/lib/sslyze/xml/fallback.rb +34 -0
data/lib/sslyze/xml/fallback/tls_fallback_scsv.rb +27 -0
data/lib/sslyze/xml/heartbleed.rb +38 -0
data/lib/sslyze/xml/heartbleed/openssl_heartbleed.rb +29 -0
data/lib/sslyze/xml/http_headers.rb +42 -0
data/lib/sslyze/xml/http_headers/http_public_key_pinning.rb +121 -0
data/lib/sslyze/xml/http_headers/http_strict_transport_security.rb +59 -0
data/lib/sslyze/xml/invalid_target.rb +33 -0
data/lib/sslyze/xml/openssl_ccs.rb +34 -0
data/lib/sslyze/xml/openssl_ccs/openssl_ccs_injection.rb +26 -0
data/lib/sslyze/xml/plugin.rb +27 -0
data/lib/sslyze/xml/protocol.rb +143 -0
data/lib/sslyze/xml/protocol/cipher_suite.rb +93 -0
data/lib/sslyze/xml/protocol/cipher_suite/key_exchange.rb +127 -0
data/lib/sslyze/xml/reneg.rb +28 -0
data/lib/sslyze/xml/reneg/session_renegotiation.rb +51 -0
data/lib/sslyze/xml/resum.rb +42 -0
data/lib/sslyze/xml/resum/session_resumption_with_session_ids.rb +94 -0
data/lib/sslyze/xml/resum/session_resumption_with_tls_tickets.rb +69 -0
data/lib/sslyze/xml/resum_rate.rb +30 -0
data/lib/sslyze/xml/target.rb +371 -0
data/lib/sslyze/xml/types.rb +19 -0
data/ruby-sslyze.gemspec +3 -3
data/spec/spec_helper.rb +2 -4
data/spec/sslyze.xml +2356 -2580
data/spec/x509/domain_spec.rb +125 -0
data/spec/x509/extension_set_spec.rb +208 -0
data/spec/x509/extension_spec.rb +58 -0
data/spec/x509/extensions/basic_constraints_spec.rb +41 -0
data/spec/x509/extensions/certificate_policies_spec.rb +38 -0
data/spec/x509/extensions/crl_distribution_points_spec.rb +38 -0
data/spec/x509/extensions/extended_key_usage_spec.rb +58 -0
data/spec/x509/extensions/key_usage_spec.rb +84 -0
data/spec/x509/extensions/subject_alt_name_spec.rb +146 -0
data/spec/x509/name_spec.rb +85 -0
data/spec/x509/public_key_spec.rb +113 -0
data/spec/xml/certinfo/certificate_spec.rb +166 -0
data/spec/xml/certinfo/certificate_validation/hostname_validation_spec.rb +23 -0
data/spec/xml/certinfo/certificate_validation/path_validation_spec.rb +107 -0
data/spec/xml/certinfo/certificate_validation/verified_certificate_chain_spec.rb +163 -0
data/spec/xml/certinfo/certificate_validation_spec.rb +40 -0
data/spec/xml/certinfo/ocsp_stapling/ocsp_response_spec.rb +61 -0
data/spec/xml/certinfo/ocsp_stapling_spec.rb +31 -0
data/spec/xml/certinfo/received_certificate_chain_spec.rb +165 -0
data/spec/xml/certinfo_spec.rb +45 -0
data/spec/xml/compression/compression_method_spec.rb +23 -0
data/spec/xml/compression_spec.rb +23 -0
data/spec/xml/heartbleed/openssl_heartbleed_spec.rb +17 -0
data/spec/xml/heartbleed_spec.rb +37 -0
data/spec/xml/http_headers/http_public_key_pinning_spec.rb +73 -0
data/spec/xml/http_headers/http_strict_transport_security_spec.rb +107 -0
data/spec/xml/http_headers_spec.rb +63 -0
data/spec/xml/invalid_target_spec.rb +23 -0
data/spec/xml/plugin_examples.rb +14 -0
data/spec/{key_exchange_spec.rb → xml/protocol/cipher_suite/key_exchange_spec.rb} +9 -3
data/spec/xml/protocol/cipher_suite_spec.rb +66 -0
data/spec/xml/protocol_spec.rb +115 -0
data/spec/xml/reneg/session_renegotiation_spec.rb +23 -0
data/spec/xml/reneg_spec.rb +35 -0
data/spec/xml/resum/session_resumption_with_session_ids_spec.rb +103 -0
data/spec/xml/resum/session_resumption_with_tls_tickets_spec.rb +121 -0
data/spec/xml/resum_rate_spec.rb +30 -0
data/spec/xml/resum_spec.rb +47 -0
data/spec/{target_spec.rb → xml/target_spec.rb} +73 -27
data/spec/xml_spec.rb +13 -21
metadata +138 -61
data/lib/sslyze/cert_info.rb +0 -57
data/lib/sslyze/certificate.rb +0 -139
data/lib/sslyze/certificate/extensions.rb +0 -127
data/lib/sslyze/certificate/extensions/authority_information_access.rb +0 -38
data/lib/sslyze/certificate/extensions/extension.rb +0 -26
data/lib/sslyze/certificate/extensions/x509v3_basic_constraints.rb +0 -60
data/lib/sslyze/certificate/extensions/x509v3_certificate_policies.rb +0 -50
data/lib/sslyze/certificate/extensions/x509v3_crl_distribution_points.rb +0 -32
data/lib/sslyze/certificate/extensions/x509v3_extended_key_usage.rb +0 -32
data/lib/sslyze/certificate/extensions/x509v3_key_usage.rb +0 -50
data/lib/sslyze/certificate/extensions/x509v3_subject_alternative_name.rb +0 -71
data/lib/sslyze/certificate/issuer.rb +0 -56
data/lib/sslyze/certificate/public_key.rb +0 -9
data/lib/sslyze/certificate/subject.rb +0 -117
data/lib/sslyze/certificate/subject_public_key_info.rb +0 -53
data/lib/sslyze/certificate/validity.rb +0 -9
data/lib/sslyze/certificate_chain.rb +0 -89
data/lib/sslyze/certificate_validation.rb +0 -70
data/lib/sslyze/cipher_suite.rb +0 -237
data/lib/sslyze/invalid_target.rb +0 -35
data/lib/sslyze/key_exchange.rb +0 -106
data/lib/sslyze/ocsp_response.rb +0 -87
data/lib/sslyze/protocol.rb +0 -133
data/lib/sslyze/target.rb +0 -312
data/lib/sslyze/types.rb +0 -17
data/spec/cert_info_spec.rb +0 -29
data/spec/certificate/subject_name_spec.rb +0 -72
data/spec/certificate_chain_spec.rb +0 -61
data/spec/certificate_spec.rb +0 -330
data/spec/certificate_validation_spec.rb +0 -39
data/spec/cipher_suite_spec.rb +0 -50
data/spec/invalid_target_spec.rb +0 -21
data/spec/issuer_spec.rb +0 -33
data/spec/ocsp_response_spec.rb +0 -59
data/spec/protocol_spec.rb +0 -99
data/spec/subject_public_key_info_spec.rb +0 -35
data/spec/subject_spec.rb +0 -69

data/lib/sslyze/xml.rb CHANGED

@@ -1,15 +1,20 @@
-require 'sslyze/target'
-require 'sslyze/invalid_target'
-require 'sslyze/types'
+require 'sslyze/xml/target'
+require 'sslyze/xml/invalid_target'
+require 'sslyze/xml/types'
+require 'sslyze/xml/attributes/title'
 require 'nokogiri'
 module SSLyze
   #
   # Represents the XML output from sslyze.
   #
+  # @see https://github.com/nabla-c0d3/sslyze/blob/master/xml_out.xsd
+  #
   class XML
     include Types
+    include Attributes::Title
     #
     # Initializes the XML.
@@ -51,7 +56,7 @@ module SSLyze
     # @return [String]
     #
     def version
-      @version ||= @doc.at('/document/@SSLyzeVersion').value.split(' ',2).last
+      @version ||= @doc.at_xpath('/document/@SSLyzeVersion').value
     end
     #
@@ -59,26 +64,10 @@ module SSLyze
     #
     # @return [Integer]
     #
-    def default_timeout
-      @default_time ||= @doc.at('/document/results/@defaultTimeout').value.to_i
-    end
-    #
-    # Whether an HTTPS tunnel was used.
+    # @since 1.0.0
     #
-    # @return [Boolean]
-    #
-    def https_tunnel
-      @https_tunnel ||= Boolean[@doc.at('/document/results/@httpsTunnel').value]
-    end
-    #
-    # Specifies whether STARTTLS was enabled.
-    #
-    # @return [Boolean]
-    #
-    def start_tls
-      @start_tls ||= Boolean[@doc.at('/document/results/@startTLS').value]
+    def network_timeout
+      @default_time ||= @doc.at_xpath('/document/results/@networkTimeout').value.to_i
     end
     #
@@ -87,18 +76,7 @@ module SSLyze
     # @return [Float]
     #
     def total_scan_time
-      @start_tls ||= @doc.at('/document/results/@totalScanTime').value.to_f
-    end
-    #
-    # @return [Array<InvalidTarget>]
-    #
-    # @see #each_invalid_target
-    #
-    # @since 0.2.0
-    #
-    def invalid_targets
-      each_invalid_target.to_a
+      @start_tls ||= @doc.at_xpath('/document/results/@totalScanTime').value.to_f
     end
     # Enumerates over each invalid target.
@@ -114,11 +92,22 @@ module SSLyze
     def each_invalid_target
       return enum_for(__method__) unless block_given?
-      @doc.search('invalidTargets/invalidTarget').each do |inval|
+      @doc.xpath('/document/invalidTargets/invalidTarget').each do |inval|
         yield InvalidTarget.new(inval)
       end
     end
+    #
+    # @return [Array<InvalidTarget>]
+    #
+    # @see #each_invalid_target
+    #
+    # @since 0.2.0
+    #
+    def invalid_targets
+      each_invalid_target.to_a
+    end
     #
     # Enumerates over each target.
     #
@@ -131,7 +120,7 @@ module SSLyze
     def each_target
       return enum_for(__method__) unless block_given?
-      @doc.search('/document/results/target').each do |target|
+      @doc.xpath('/document/results/target').each do |target|
         yield Target.new(target)
       end
     end

data/lib/sslyze/xml/attributes.rb ADDED

@@ -0,0 +1,5 @@
+require 'sslyze/xml/attributes/title'
+require 'sslyze/xml/attributes/is_supported'
+require 'sslyze/xml/attributes/is_vulnerable'
+require 'sslyze/xml/attributes/exception'
+require 'sslyze/xml/attributes/error'

data/lib/sslyze/xml/attributes/error.rb ADDED

@@ -0,0 +1,30 @@
+module SSLyze
+  class XML
+    module Attributes
+      #
+      # Provides methods for parsing the `error` XML attribute.
+      #
+      # @since 1.0.0
+      #
+      module Error
+        #
+        # The error message, if an error occurred.
+        #
+        # @return [String, nil]
+        #
+        def error
+          @error ||= @node['error']
+        end
+        #
+        # Determines if an error occurred.
+        #
+        # @return [Boolean]
+        #
+        def error?
+          !error.nil?
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/xml/attributes/exception.rb ADDED

@@ -0,0 +1,30 @@
+module SSLyze
+  class XML
+    module Attributes
+      #
+      # Provides methods for accessing the `exception` XML attribute.
+      #
+      # @since 1.0.0
+      #
+      module Exception
+        #
+        # The exception message, if an exception occurred.
+        #
+        # @return [String, nil]
+        #
+        def exception
+          @exception ||= @node['exception']
+        end
+        #
+        # Tests whether an exception occurred.
+        #
+        # @return [Boolean]
+        #
+        def exception?
+          !exception.nil?
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/xml/attributes/is_supported.rb ADDED

@@ -0,0 +1,29 @@
+require 'sslyze/xml/types'
+module SSLyze
+  class XML
+    module Attributes
+      #
+      # Common methods for the `isSupported` attribute.
+      #
+      # @since 1.0.0
+      #
+      module IsSupported
+        include Types
+        #
+        # Parses the `isSupported` attribute.
+        #
+        # @return [Boolean]
+        #
+        def is_supported?
+          Boolean[@node['isSupported']]
+        end
+        alias supported? is_supported?
+      end
+    end
+  end
+end

data/lib/sslyze/xml/attributes/is_vulnerable.rb ADDED

@@ -0,0 +1,29 @@
+require 'sslyze/xml/types'
+module SSLyze
+  class XML
+    module Attributes
+      #
+      # Common methods for the `isVulnerable` attribute.
+      #
+      # @since 1.0.0
+      #
+      module IsVulnerable
+        include Types
+        #
+        # Parses the `isVulnerable` attribute.
+        #
+        # @return [Boolean]
+        #
+        def is_vulnerable?
+          Boolean[@node['isVulnerable']]
+        end
+        alias vulnerable? is_vulnerable?
+      end
+    end
+  end
+end

data/lib/sslyze/xml/attributes/title.rb ADDED

@@ -0,0 +1,31 @@
+module SSLyze
+  class XML
+    module Attributes
+      #
+      # Provides methods for accessing the `title` XML attribute.
+      #
+      # @since 1.0.0
+      #
+      module Title
+        #
+        # The title.
+        #
+        # @return [String, nil]
+        #   The value of the `title` attribute.
+        #
+        def title
+          @title ||= @node['title']
+        end
+        #
+        # The title or an empty String.
+        #
+        # @return [String]
+        #
+        def to_s
+          title || ''
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/xml/certinfo.rb ADDED

@@ -0,0 +1,67 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/certinfo/received_certificate_chain'
+require 'sslyze/xml/certinfo/certificate_validation'
+require 'sslyze/xml/certinfo/certificate_validation/verified_certificate_chain'
+require 'sslyze/xml/certinfo/ocsp_stapling'
+module SSLyze
+  class XML
+    #
+    # Represents the `<certinfo>` XML element.
+    #
+    # @since 1.0.0
+    #
+    class Certinfo < Plugin
+      #
+      # The received certificate chain.
+      #
+      # @return [ReceivedCertificateChain]
+      #
+      def received_certificate_chain
+        @received_certificate_chain ||= ReceivedCertificateChain.new(
+          @node.at_xpath('receivedCertificateChain')
+        )
+      end
+      alias received_chain received_certificate_chain
+      #
+      # Certificate validation information.
+      #
+      # @return [CertificateValidation]
+      #
+      def certificate_validation
+        @certificate_validation ||= CertificateValidation.new(
+          @node.at_xpath('certificateValidation')
+        )
+      end
+      alias validation certificate_validation
+      #
+      # The verified certificate chain.
+      #
+      # @return [VerifiedCertificateChain, nil]
+      #
+      def verified_certificate_chain
+        @verified_certificate_chain ||= if (element = @node.at_xpath('certificateValidation/verifiedCertificateChain'))
+                                          CertificateValidation::VerifiedCertificateChain.new(element)
+                                        end
+      end
+      alias verified_chain verified_certificate_chain
+      #
+      # OCSP Stapling.
+      #
+      # @return [OCSPStapling]
+      #
+      def ocsp_stapling
+        @ocsp_stapling ||= OCSPStapling.new(@node.at_xpath('ocspStapling'))
+      end
+    end
+  end
+end

data/lib/sslyze/xml/certinfo/certificate.rb ADDED

@@ -0,0 +1,202 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/x509/name'
+require 'sslyze/x509/extension_set'
+require 'sslyze/x509/public_key'
+require 'openssl'
+module SSLyze
+  class XML
+    class Certinfo < Plugin
+      #
+      # Represents the `<certificate>` XML element.
+      #
+      class Certificate
+        #
+        # Initializes the certificate.
+        #
+        # @param [Nokogiri::XML::Node] node
+        #   The `<certificate>` XML element.
+        #
+        def initialize(node)
+          @node = node
+        end
+        #
+        # The AS PEM information.
+        #
+        # @return [String]
+        #
+        def as_pem
+          @as_pem ||= @node.at_xpath('asPEM').inner_text
+        end
+        alias to_s as_pem
+        #
+        # The parsed X509 certificate.
+        #
+        # @return [OpenSSL::X509::Certificate]
+        #
+        # @see http://www.rubydoc.info/stdlib/openssl/OpenSSL/X509/Certificate
+        #
+        # @since 1.0.0
+        #
+        def x509
+          @x509 ||= OpenSSL::X509::Certificate.new(as_pem)
+        end
+        #
+        # @return [X509::ExtensionSet]
+        #
+        # @group OpenSSL Methods
+        #
+        def extensions
+          X509::ExtensionSet.new(x509.extensions)
+        end
+        #
+        # @return [X509::Name]
+        #
+        # @see http://www.rubydoc.info/stdlib/openssl/OpenSSL/X509/Name
+        #
+        # @group OpenSSL Methods
+        #
+        def issuer
+          @issuer ||= X509::Name.new(x509.issuer)
+        end
+        #
+        # @return [Time]
+        #
+        # @group OpenSSL Methods
+        #
+        def not_after
+          x509.not_after
+        end
+        #
+        # @return [Time]
+        #
+        # @group OpenSSL Methods
+        #
+        def not_before
+          x509.not_before
+        end
+        #
+        # @return [X509::PublicKey]
+        #
+        # @group OpenSSL Methods
+        #
+        def public_key
+          @public_key ||= X509::PublicKey.new(x509.public_key)
+        end
+        #
+        # @return [OpenSSL::BN]
+        #
+        # @see http://www.rubydoc.info/stdlib/openssl/OpenSSL/BN
+        #
+        # @group OpenSSL Methods
+        #
+        def serial
+          x509.serial
+        end
+        #
+        # @return [String]
+        #
+        # @group OpenSSL Methods
+        #
+        def signature_algorithm
+          x509.signature_algorithm
+        end
+        #
+        # @return [X509::Name]
+        #
+        # @group OpenSSL Methods
+        #
+        def subject
+          @subject ||= X509::Name.new(x509.subject)
+        end
+        #
+        # @return [String]
+        #
+        # @group OpenSSL Methods
+        #
+        def to_der
+          x509.to_der
+        end
+        #
+        # @return [String]
+        #
+        # @group OpenSSL Methods
+        #
+        def to_text
+          x509.to_text
+        end
+        #
+        # @return [Integer]
+        #
+        # @group OpenSSL Methods
+        #
+        def version
+          x509.version
+        end
+        #
+        # The SHA1 fingerprint of the cert.
+        #
+        # @return [String]
+        #
+        def sha1_fingerprint
+          @sha1_fingerprint ||= @node['sha1Fingerprint']
+        end
+        #
+        # The HPKP SHA256 Pin.
+        #
+        # @return [String]
+        #
+        # @since 1.0.0
+        #
+        def hpkp_sha256_pin
+          @hpkp_sha256_pin ||= @node['hpkpSha256Pin']
+        end
+        #
+        # The supplied server name indication.
+        #
+        # @return [String]
+        #
+        # @since 1.0.0
+        #
+        def supplied_server_name_indication
+          @supplied_server_name_indication ||= @node['suppliedServerNameIndication']
+        end
+        #
+        # Compares the other certificiate to this certificate.
+        #
+        # @param [Certificate] other
+        #   The other certificate.
+        #
+        # @return [Boolean]
+        #   Whether the other certificate has the same {#as_pem}.
+        #
+        # @since 1.0.0
+        #
+        def ==(other)
+          other.kind_of?(self.class) && other.as_pem == as_pem
+        end
+      end
+    end
+  end
+end