RubyGems - ruby-sslyze - Versions diffs - 0.2.1 → 1.0.0 - Mend

ruby-sslyze 0.2.1 → 1.0.0

Files changed (146) hide show

checksums.yaml +4 -4
data/.gitignore +6 -4
data/.travis.yml +15 -7
data/ChangeLog.md +29 -12
data/Gemfile +3 -2
data/LICENSE.txt +1 -1
data/README.md +5 -5
data/Rakefile +1 -1
data/lib/sslyze/cipher_suites.rb +176 -0
data/lib/sslyze/program.rb +8 -8
data/lib/sslyze/task.rb +40 -33
data/lib/sslyze/version.rb +1 -1
data/lib/sslyze/{certificate/domain_name.rb → x509/domain.rb} +5 -3
data/lib/sslyze/x509/extension.rb +15 -0
data/lib/sslyze/x509/extension_set.rb +140 -0
data/lib/sslyze/x509/extensions.rb +6 -0
data/lib/sslyze/x509/extensions/basic_constraints.rb +41 -0
data/lib/sslyze/x509/extensions/certificate_policies.rb +108 -0
data/lib/sslyze/x509/extensions/crl_distribution_points.rb +47 -0
data/lib/sslyze/x509/extensions/extended_key_usage.rb +58 -0
data/lib/sslyze/x509/extensions/key_usage.rb +66 -0
data/lib/sslyze/x509/extensions/subject_alt_name.rb +144 -0
data/lib/sslyze/x509/name.rb +194 -0
data/lib/sslyze/x509/public_key.rb +53 -0
data/lib/sslyze/xml.rb +26 -37
data/lib/sslyze/xml/attributes.rb +5 -0
data/lib/sslyze/xml/attributes/error.rb +30 -0
data/lib/sslyze/xml/attributes/exception.rb +30 -0
data/lib/sslyze/xml/attributes/is_supported.rb +29 -0
data/lib/sslyze/xml/attributes/is_vulnerable.rb +29 -0
data/lib/sslyze/xml/attributes/title.rb +31 -0
data/lib/sslyze/xml/certinfo.rb +67 -0
data/lib/sslyze/xml/certinfo/certificate.rb +202 -0
data/lib/sslyze/xml/certinfo/certificate_validation.rb +69 -0
data/lib/sslyze/xml/certinfo/certificate_validation/hostname_validation.rb +54 -0
data/lib/sslyze/xml/certinfo/certificate_validation/path_validation.rb +84 -0
data/lib/sslyze/xml/certinfo/certificate_validation/verified_certificate_chain.rb +41 -0
data/lib/sslyze/xml/certinfo/has_certificates.rb +102 -0
data/lib/sslyze/xml/certinfo/ocsp_stapling.rb +45 -0
data/lib/sslyze/xml/certinfo/ocsp_stapling/ocsp_response.rb +87 -0
data/lib/sslyze/xml/certinfo/received_certificate_chain.rb +48 -0
data/lib/sslyze/xml/compression.rb +33 -0
data/lib/sslyze/xml/compression/compression_method.rb +38 -0
data/lib/sslyze/xml/fallback.rb +34 -0
data/lib/sslyze/xml/fallback/tls_fallback_scsv.rb +27 -0
data/lib/sslyze/xml/heartbleed.rb +38 -0
data/lib/sslyze/xml/heartbleed/openssl_heartbleed.rb +29 -0
data/lib/sslyze/xml/http_headers.rb +42 -0
data/lib/sslyze/xml/http_headers/http_public_key_pinning.rb +121 -0
data/lib/sslyze/xml/http_headers/http_strict_transport_security.rb +59 -0
data/lib/sslyze/xml/invalid_target.rb +33 -0
data/lib/sslyze/xml/openssl_ccs.rb +34 -0
data/lib/sslyze/xml/openssl_ccs/openssl_ccs_injection.rb +26 -0
data/lib/sslyze/xml/plugin.rb +27 -0
data/lib/sslyze/xml/protocol.rb +143 -0
data/lib/sslyze/xml/protocol/cipher_suite.rb +93 -0
data/lib/sslyze/xml/protocol/cipher_suite/key_exchange.rb +127 -0
data/lib/sslyze/xml/reneg.rb +28 -0
data/lib/sslyze/xml/reneg/session_renegotiation.rb +51 -0
data/lib/sslyze/xml/resum.rb +42 -0
data/lib/sslyze/xml/resum/session_resumption_with_session_ids.rb +94 -0
data/lib/sslyze/xml/resum/session_resumption_with_tls_tickets.rb +69 -0
data/lib/sslyze/xml/resum_rate.rb +30 -0
data/lib/sslyze/xml/target.rb +371 -0
data/lib/sslyze/xml/types.rb +19 -0
data/ruby-sslyze.gemspec +3 -3
data/spec/spec_helper.rb +2 -4
data/spec/sslyze.xml +2356 -2580
data/spec/x509/domain_spec.rb +125 -0
data/spec/x509/extension_set_spec.rb +208 -0
data/spec/x509/extension_spec.rb +58 -0
data/spec/x509/extensions/basic_constraints_spec.rb +41 -0
data/spec/x509/extensions/certificate_policies_spec.rb +38 -0
data/spec/x509/extensions/crl_distribution_points_spec.rb +38 -0
data/spec/x509/extensions/extended_key_usage_spec.rb +58 -0
data/spec/x509/extensions/key_usage_spec.rb +84 -0
data/spec/x509/extensions/subject_alt_name_spec.rb +146 -0
data/spec/x509/name_spec.rb +85 -0
data/spec/x509/public_key_spec.rb +113 -0
data/spec/xml/certinfo/certificate_spec.rb +166 -0
data/spec/xml/certinfo/certificate_validation/hostname_validation_spec.rb +23 -0
data/spec/xml/certinfo/certificate_validation/path_validation_spec.rb +107 -0
data/spec/xml/certinfo/certificate_validation/verified_certificate_chain_spec.rb +163 -0
data/spec/xml/certinfo/certificate_validation_spec.rb +40 -0
data/spec/xml/certinfo/ocsp_stapling/ocsp_response_spec.rb +61 -0
data/spec/xml/certinfo/ocsp_stapling_spec.rb +31 -0
data/spec/xml/certinfo/received_certificate_chain_spec.rb +165 -0
data/spec/xml/certinfo_spec.rb +45 -0
data/spec/xml/compression/compression_method_spec.rb +23 -0
data/spec/xml/compression_spec.rb +23 -0
data/spec/xml/heartbleed/openssl_heartbleed_spec.rb +17 -0
data/spec/xml/heartbleed_spec.rb +37 -0
data/spec/xml/http_headers/http_public_key_pinning_spec.rb +73 -0
data/spec/xml/http_headers/http_strict_transport_security_spec.rb +107 -0
data/spec/xml/http_headers_spec.rb +63 -0
data/spec/xml/invalid_target_spec.rb +23 -0
data/spec/xml/plugin_examples.rb +14 -0
data/spec/{key_exchange_spec.rb → xml/protocol/cipher_suite/key_exchange_spec.rb} +9 -3
data/spec/xml/protocol/cipher_suite_spec.rb +66 -0
data/spec/xml/protocol_spec.rb +115 -0
data/spec/xml/reneg/session_renegotiation_spec.rb +23 -0
data/spec/xml/reneg_spec.rb +35 -0
data/spec/xml/resum/session_resumption_with_session_ids_spec.rb +103 -0
data/spec/xml/resum/session_resumption_with_tls_tickets_spec.rb +121 -0
data/spec/xml/resum_rate_spec.rb +30 -0
data/spec/xml/resum_spec.rb +47 -0
data/spec/{target_spec.rb → xml/target_spec.rb} +73 -27
data/spec/xml_spec.rb +13 -21
metadata +138 -61
data/lib/sslyze/cert_info.rb +0 -57
data/lib/sslyze/certificate.rb +0 -139
data/lib/sslyze/certificate/extensions.rb +0 -127
data/lib/sslyze/certificate/extensions/authority_information_access.rb +0 -38
data/lib/sslyze/certificate/extensions/extension.rb +0 -26
data/lib/sslyze/certificate/extensions/x509v3_basic_constraints.rb +0 -60
data/lib/sslyze/certificate/extensions/x509v3_certificate_policies.rb +0 -50
data/lib/sslyze/certificate/extensions/x509v3_crl_distribution_points.rb +0 -32
data/lib/sslyze/certificate/extensions/x509v3_extended_key_usage.rb +0 -32
data/lib/sslyze/certificate/extensions/x509v3_key_usage.rb +0 -50
data/lib/sslyze/certificate/extensions/x509v3_subject_alternative_name.rb +0 -71
data/lib/sslyze/certificate/issuer.rb +0 -56
data/lib/sslyze/certificate/public_key.rb +0 -9
data/lib/sslyze/certificate/subject.rb +0 -117
data/lib/sslyze/certificate/subject_public_key_info.rb +0 -53
data/lib/sslyze/certificate/validity.rb +0 -9
data/lib/sslyze/certificate_chain.rb +0 -89
data/lib/sslyze/certificate_validation.rb +0 -70
data/lib/sslyze/cipher_suite.rb +0 -237
data/lib/sslyze/invalid_target.rb +0 -35
data/lib/sslyze/key_exchange.rb +0 -106
data/lib/sslyze/ocsp_response.rb +0 -87
data/lib/sslyze/protocol.rb +0 -133
data/lib/sslyze/target.rb +0 -312
data/lib/sslyze/types.rb +0 -17
data/spec/cert_info_spec.rb +0 -29
data/spec/certificate/subject_name_spec.rb +0 -72
data/spec/certificate_chain_spec.rb +0 -61
data/spec/certificate_spec.rb +0 -330
data/spec/certificate_validation_spec.rb +0 -39
data/spec/cipher_suite_spec.rb +0 -50
data/spec/invalid_target_spec.rb +0 -21
data/spec/issuer_spec.rb +0 -33
data/spec/ocsp_response_spec.rb +0 -59
data/spec/protocol_spec.rb +0 -99
data/spec/subject_public_key_info_spec.rb +0 -35
data/spec/subject_spec.rb +0 -69

data/lib/sslyze/xml/certinfo/received_certificate_chain.rb ADDED

@@ -0,0 +1,48 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/types'
+require 'sslyze/xml/certinfo/has_certificates'
+module SSLyze
+  class XML
+    class Certinfo < Plugin
+      #
+      # Represents the `<receivedCertificateChain>` XML element.
+      #
+      # @since 1.0.0
+      #
+      class ReceivedCertificateChain
+        include Types
+        include HasCertificates
+        #
+        # Initializes the {ReceivedCertificateChain} object.
+        #
+        # @param [Nokogiri::XML::Element] node
+        #
+        def initialize(node)
+          @node = node
+        end
+        #
+        # Parses the `isChainOrderValid` XML attribute.
+        #
+        # @return [Boolean]
+        #
+        def is_chain_order_valid?
+          Boolean[@node['isChainOrderValid']]
+        end
+        #
+        # Parses the `containsAnchorCertificate` XML attribute.
+        #
+        # @return [Boolean]
+        #
+        def contains_anchor_certificate?
+          Boolean[@node['containsAnchorCertificate']]
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/xml/compression.rb ADDED

@@ -0,0 +1,33 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/compression/compression_method'
+module SSLyze
+  class XML
+    #
+    # Represents the `<compression>` XML element.
+    #
+    # @since 1.0.0
+    #
+    class Compression < Plugin
+      #
+      # Parses the `<compressionMethod>` XML element.
+      #
+      # @return [CompressionMethod]
+      #
+      def deflate
+        @compression_method ||= CompressionMethod.new(
+          @node.at_xpath('compressionMethod[@type="DEFLATE"]')
+        )
+      end
+      #
+      # @see CompressionMethod#is_supported?
+      #
+      def deflate?
+        deflate.is_supported?
+      end
+    end
+  end
+end

data/lib/sslyze/xml/compression/compression_method.rb ADDED

@@ -0,0 +1,38 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/attributes/is_supported'
+module SSLyze
+  class XML
+    class Compression < Plugin
+      #
+      # Represents the `<compressionMethod>` XML element.
+      #
+      # @since 1.0.0
+      #
+      class CompressionMethod
+        include Attributes::IsSupported
+        #
+        # Initializes the {CompressionMethod} object.
+        #
+        # @param [Nokogiri::XML::Element] node
+        #   The `<compressionMethod>` XML element.
+        #
+        def initialize(node)
+          @node = node
+        end
+        #
+        # The type of compression.
+        #
+        # @return [Symbol]
+        #
+        def type
+          @type ||= @node['type'].to_sym
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/xml/fallback.rb ADDED

@@ -0,0 +1,34 @@
+require 'sslyze/xml/plugin'
+module SSLyze
+  class XML
+    #
+    # Represents the `<fallback>` XML element.
+    #
+    # @since 1.0.0
+    #
+    class Fallback < Plugin
+      #
+      # Parses the `<tlsFallbackScsv>` XML element.
+      #
+      # @return [TLSFallbackSCSV]
+      #
+      def tls_fallback_scsv
+        @tls_fallback_scsv ||= TLSFallbackSCSV.new(
+          @node.at_xpath('tlsFallbackScsv')
+        )
+      end
+      #
+      # @see TLSFallbackSCSV#is_supported?
+      #
+      def is_supported?
+        tls_fallback_scsv.is_supported?
+      end
+      alias supported? is_supported?
+    end
+  end
+end

data/lib/sslyze/xml/fallback/tls_fallback_scsv.rb ADDED

@@ -0,0 +1,27 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/is_supported'
+module SSLyze
+  class XML
+    class Fallback < Plugin
+      #
+      # Represents the `<tlsFallbackScsv>` XML element.
+      #
+      class TLSFallbackSCSV
+        include IsSupported
+        #
+        # Initializes the {TLSFallbackSCSV} object.
+        #
+        # @param [Nokogiri::XML::Element] node
+        #   The `<tlsFallbackScsv>` XML element.
+        #
+        def initialize(node)
+          @node = node
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/xml/heartbleed.rb ADDED

@@ -0,0 +1,38 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/types'
+require 'sslyze/xml/heartbleed/openssl_heartbleed'
+module SSLyze
+  class XML
+    #
+    # Represents the `<heartbleed>` XML element.
+    #
+    # @since 1.0.0
+    #
+    class Heartbleed < Plugin
+      #
+      # Parses the `<openSslHeartbleed>` XML element.
+      #
+      # @return [OpenSSLHeartbleed]
+      #
+      def openssl_heartbleed
+        @openssl_heartbleed ||= if (element = @node.at_xpath('openSslHeartbleed'))
+                                  OpenSSLHeartbleed.new(element)
+                                end
+      end
+      alias openssl openssl_heartbleed
+      #
+      # @see #has_openssl_heartbleed?
+      #
+      def is_vulnerable?
+        openssl_heartbleed && openssl_heartbleed.is_vulnerable?
+      end
+      alias vulnerable? is_vulnerable?
+    end
+  end
+end

data/lib/sslyze/xml/heartbleed/openssl_heartbleed.rb ADDED

@@ -0,0 +1,29 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/attributes/is_vulnerable'
+module SSLyze
+  class XML
+    class Heartbleed < Plugin
+      #
+      # Represents the `<openSslHeartbleed>` XML element.
+      #
+      # @since 1.0.0
+      #
+      class OpenSSLHeartbleed
+        include Attributes::IsVulnerable
+        #
+        # Initializes the {OpenSSLHeartbleed} object.
+        #
+        # @param [Nokogiri::XML::Element] node
+        #   The `<openSslHeartbleed>` XML element.
+        #
+        def initialize(node)
+          @node = node
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/xml/http_headers.rb ADDED

@@ -0,0 +1,42 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/http_headers/http_strict_transport_security'
+require 'sslyze/xml/http_headers/http_public_key_pinning'
+module SSLyze
+  class XML
+    #
+    # Represents the `<http_headers>` XML element.
+    #
+    # @since 1.0.0
+    #
+    class HTTPHeaders < Plugin
+      #
+      # HTTP Strict-Transport-Security header information.
+      #
+      # @return [HTTPStrictTransportSecurity, nil]
+      #
+      def http_strict_transport_security
+        @http_strict_transport_security ||= if (element = @node.at_xpath('httpStrictTransportSecurity'))
+                                              HTTPStrictTransportSecurity.new(element)
+                                            end
+      end
+      alias strict_transport_security http_strict_transport_security
+      #
+      # HTTP Public-Key-Pinning header information.
+      #
+      # @return [HTTPPublicKeyPinning, nil]
+      #
+      def http_public_key_pinning
+        @http_public_key_pinning ||= if (element = @node.at_xpath('httpPublicKeyPinning'))
+                                       HTTPPublicKeyPinning.new(element)
+                                     end
+      end
+      alias public_key_pinning http_public_key_pinning
+    end
+  end
+end

data/lib/sslyze/xml/http_headers/http_public_key_pinning.rb ADDED

@@ -0,0 +1,121 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/types'
+require 'sslyze/xml/attributes/is_supported'
+require 'sslyze/xml/attributes/exception'
+module SSLyze
+  class XML
+    class HTTPHeaders < Plugin
+      #
+      # Represents the `<httpPublicKeyPinning>` XML element.
+      #
+      # @since 1.0.0
+      #
+      class HTTPPublicKeyPinning
+        include Types
+        include Attributes::IsSupported
+        include Attributes::Exception
+        #
+        # Initializes the {HTTPPublicKeyPinning} element.
+        #
+        def initialize(node)
+          @node = node
+        end
+        #
+        # Parses each `pinSha256` XML element.
+        #
+        # @yield [sha256]
+        #   Yields each SHA256 checksum.
+        #
+        # @yieldparam [String] sha256
+        #   An individual pinned SHA256 checksum.
+        #
+        # @return [Enumerator]
+        #
+        def each_pin_sha256
+          return enum_for(__method__) unless block_given?
+          @node.xpath('pinSha256').each do |element|
+            yield element.inner_text
+          end
+        end
+        alias each_sha256 each_pin_sha256
+        #
+        # @return [Array<String>]
+        #
+        # @see #each_pin_sha256
+        #
+        def pin_sha256s
+          each_pin_sha256.to_a
+        end
+        alias sha256s pin_sha256s
+        #
+        # Parses the `includeSubDomains` XML attribute.
+        #
+        # @return [Boolean]
+        #
+        def include_sub_domains?
+          Boolean[@node['includeSubDomains']]
+        end
+        #
+        # Parses the `maxAge` attribute.
+        #
+        # @return [Integer, nil]
+        #
+        def max_age
+          @max_age ||= if (value = @node['maxAge'])
+                         value.to_i
+                       end
+        end
+        #
+        # Parses the `reportOnly` XML attribute.
+        #
+        # @return [Boolean]
+        #
+        def report_only
+          Boolean[@node['reportOnly']]
+        end
+        #
+        # Parses the `reportUri` XML attribute.
+        #
+        # @return [String, nil]
+        #
+        def report_uri
+          @report_uri ||= case (value = @node['reportUri'])
+                          when nil, 'None' then nil
+                          else                  value
+                          end
+        end
+        #
+        # Parses the `isValidPinConfigured` XML attribute.
+        #
+        # @return [Boolean]
+        #
+        def is_valid_pin_configured?
+          Boolean[@node['isValidPinConfigured']]
+        end
+        #
+        # Parses the `isBackupPinConfigured` XML attribute.
+        #
+        # @return [Boolean]
+        #
+        def is_backup_pin_configured?
+          Boolean[@node['isBackupPinConfigured']]
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/xml/http_headers/http_strict_transport_security.rb ADDED

@@ -0,0 +1,59 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/types'
+require 'sslyze/xml/attributes/is_supported'
+require 'sslyze/xml/attributes/exception'
+module SSLyze
+  class XML
+    class HTTPHeaders < Plugin
+      #
+      # Represents the `<httpStrictTransportSecurity/>` XML element.
+      #
+      # @since 1.0.0
+      #
+      class HTTPStrictTransportSecurity
+        include Types
+        include Attributes::IsSupported
+        include Attributes::Exception
+        #
+        # Initializes the {HTTPStrictTransportSecurity} object.
+        #
+        def initialize(node)
+          @node = node
+        end
+        #
+        # Parses the `includeSubDomains` XML attribute.
+        #
+        # @return [Boolean]
+        #
+        def include_sub_domains?
+          Boolean[@node['includeSubDomains']]
+        end
+        #
+        # Parses the `maxAge` XML attribute.
+        #
+        # @return [Integer, nil]
+        #
+        def max_age
+          @max_age ||= if (value = @node['maxAge'])
+                         value.to_i
+                       end
+        end
+        #
+        # Parses the `preload` XML attribute.
+        #
+        # @return [Boolean]
+        #
+        def preload?
+          Boolean[@node['preload']]
+        end
+      end
+    end
+  end
+end