RubyGems - ruby-sslyze - Versions diffs - 0.2.1 → 1.0.0 - Mend

ruby-sslyze 0.2.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (146) hide show

checksums.yaml +4 -4
data/.gitignore +6 -4
data/.travis.yml +15 -7
data/ChangeLog.md +29 -12
data/Gemfile +3 -2
data/LICENSE.txt +1 -1
data/README.md +5 -5
data/Rakefile +1 -1
data/lib/sslyze/cipher_suites.rb +176 -0
data/lib/sslyze/program.rb +8 -8
data/lib/sslyze/task.rb +40 -33
data/lib/sslyze/version.rb +1 -1
data/lib/sslyze/{certificate/domain_name.rb → x509/domain.rb} +5 -3
data/lib/sslyze/x509/extension.rb +15 -0
data/lib/sslyze/x509/extension_set.rb +140 -0
data/lib/sslyze/x509/extensions.rb +6 -0
data/lib/sslyze/x509/extensions/basic_constraints.rb +41 -0
data/lib/sslyze/x509/extensions/certificate_policies.rb +108 -0
data/lib/sslyze/x509/extensions/crl_distribution_points.rb +47 -0
data/lib/sslyze/x509/extensions/extended_key_usage.rb +58 -0
data/lib/sslyze/x509/extensions/key_usage.rb +66 -0
data/lib/sslyze/x509/extensions/subject_alt_name.rb +144 -0
data/lib/sslyze/x509/name.rb +194 -0
data/lib/sslyze/x509/public_key.rb +53 -0
data/lib/sslyze/xml.rb +26 -37
data/lib/sslyze/xml/attributes.rb +5 -0
data/lib/sslyze/xml/attributes/error.rb +30 -0
data/lib/sslyze/xml/attributes/exception.rb +30 -0
data/lib/sslyze/xml/attributes/is_supported.rb +29 -0
data/lib/sslyze/xml/attributes/is_vulnerable.rb +29 -0
data/lib/sslyze/xml/attributes/title.rb +31 -0
data/lib/sslyze/xml/certinfo.rb +67 -0
data/lib/sslyze/xml/certinfo/certificate.rb +202 -0
data/lib/sslyze/xml/certinfo/certificate_validation.rb +69 -0
data/lib/sslyze/xml/certinfo/certificate_validation/hostname_validation.rb +54 -0
data/lib/sslyze/xml/certinfo/certificate_validation/path_validation.rb +84 -0
data/lib/sslyze/xml/certinfo/certificate_validation/verified_certificate_chain.rb +41 -0
data/lib/sslyze/xml/certinfo/has_certificates.rb +102 -0
data/lib/sslyze/xml/certinfo/ocsp_stapling.rb +45 -0
data/lib/sslyze/xml/certinfo/ocsp_stapling/ocsp_response.rb +87 -0
data/lib/sslyze/xml/certinfo/received_certificate_chain.rb +48 -0
data/lib/sslyze/xml/compression.rb +33 -0
data/lib/sslyze/xml/compression/compression_method.rb +38 -0
data/lib/sslyze/xml/fallback.rb +34 -0
data/lib/sslyze/xml/fallback/tls_fallback_scsv.rb +27 -0
data/lib/sslyze/xml/heartbleed.rb +38 -0
data/lib/sslyze/xml/heartbleed/openssl_heartbleed.rb +29 -0
data/lib/sslyze/xml/http_headers.rb +42 -0
data/lib/sslyze/xml/http_headers/http_public_key_pinning.rb +121 -0
data/lib/sslyze/xml/http_headers/http_strict_transport_security.rb +59 -0
data/lib/sslyze/xml/invalid_target.rb +33 -0
data/lib/sslyze/xml/openssl_ccs.rb +34 -0
data/lib/sslyze/xml/openssl_ccs/openssl_ccs_injection.rb +26 -0
data/lib/sslyze/xml/plugin.rb +27 -0
data/lib/sslyze/xml/protocol.rb +143 -0
data/lib/sslyze/xml/protocol/cipher_suite.rb +93 -0
data/lib/sslyze/xml/protocol/cipher_suite/key_exchange.rb +127 -0
data/lib/sslyze/xml/reneg.rb +28 -0
data/lib/sslyze/xml/reneg/session_renegotiation.rb +51 -0
data/lib/sslyze/xml/resum.rb +42 -0
data/lib/sslyze/xml/resum/session_resumption_with_session_ids.rb +94 -0
data/lib/sslyze/xml/resum/session_resumption_with_tls_tickets.rb +69 -0
data/lib/sslyze/xml/resum_rate.rb +30 -0
data/lib/sslyze/xml/target.rb +371 -0
data/lib/sslyze/xml/types.rb +19 -0
data/ruby-sslyze.gemspec +3 -3
data/spec/spec_helper.rb +2 -4
data/spec/sslyze.xml +2356 -2580
data/spec/x509/domain_spec.rb +125 -0
data/spec/x509/extension_set_spec.rb +208 -0
data/spec/x509/extension_spec.rb +58 -0
data/spec/x509/extensions/basic_constraints_spec.rb +41 -0
data/spec/x509/extensions/certificate_policies_spec.rb +38 -0
data/spec/x509/extensions/crl_distribution_points_spec.rb +38 -0
data/spec/x509/extensions/extended_key_usage_spec.rb +58 -0
data/spec/x509/extensions/key_usage_spec.rb +84 -0
data/spec/x509/extensions/subject_alt_name_spec.rb +146 -0
data/spec/x509/name_spec.rb +85 -0
data/spec/x509/public_key_spec.rb +113 -0
data/spec/xml/certinfo/certificate_spec.rb +166 -0
data/spec/xml/certinfo/certificate_validation/hostname_validation_spec.rb +23 -0
data/spec/xml/certinfo/certificate_validation/path_validation_spec.rb +107 -0
data/spec/xml/certinfo/certificate_validation/verified_certificate_chain_spec.rb +163 -0
data/spec/xml/certinfo/certificate_validation_spec.rb +40 -0
data/spec/xml/certinfo/ocsp_stapling/ocsp_response_spec.rb +61 -0
data/spec/xml/certinfo/ocsp_stapling_spec.rb +31 -0
data/spec/xml/certinfo/received_certificate_chain_spec.rb +165 -0
data/spec/xml/certinfo_spec.rb +45 -0
data/spec/xml/compression/compression_method_spec.rb +23 -0
data/spec/xml/compression_spec.rb +23 -0
data/spec/xml/heartbleed/openssl_heartbleed_spec.rb +17 -0
data/spec/xml/heartbleed_spec.rb +37 -0
data/spec/xml/http_headers/http_public_key_pinning_spec.rb +73 -0
data/spec/xml/http_headers/http_strict_transport_security_spec.rb +107 -0
data/spec/xml/http_headers_spec.rb +63 -0
data/spec/xml/invalid_target_spec.rb +23 -0
data/spec/xml/plugin_examples.rb +14 -0
data/spec/{key_exchange_spec.rb → xml/protocol/cipher_suite/key_exchange_spec.rb} +9 -3
data/spec/xml/protocol/cipher_suite_spec.rb +66 -0
data/spec/xml/protocol_spec.rb +115 -0
data/spec/xml/reneg/session_renegotiation_spec.rb +23 -0
data/spec/xml/reneg_spec.rb +35 -0
data/spec/xml/resum/session_resumption_with_session_ids_spec.rb +103 -0
data/spec/xml/resum/session_resumption_with_tls_tickets_spec.rb +121 -0
data/spec/xml/resum_rate_spec.rb +30 -0
data/spec/xml/resum_spec.rb +47 -0
data/spec/{target_spec.rb → xml/target_spec.rb} +73 -27
data/spec/xml_spec.rb +13 -21
metadata +138 -61
data/lib/sslyze/cert_info.rb +0 -57
data/lib/sslyze/certificate.rb +0 -139
data/lib/sslyze/certificate/extensions.rb +0 -127
data/lib/sslyze/certificate/extensions/authority_information_access.rb +0 -38
data/lib/sslyze/certificate/extensions/extension.rb +0 -26
data/lib/sslyze/certificate/extensions/x509v3_basic_constraints.rb +0 -60
data/lib/sslyze/certificate/extensions/x509v3_certificate_policies.rb +0 -50
data/lib/sslyze/certificate/extensions/x509v3_crl_distribution_points.rb +0 -32
data/lib/sslyze/certificate/extensions/x509v3_extended_key_usage.rb +0 -32
data/lib/sslyze/certificate/extensions/x509v3_key_usage.rb +0 -50
data/lib/sslyze/certificate/extensions/x509v3_subject_alternative_name.rb +0 -71
data/lib/sslyze/certificate/issuer.rb +0 -56
data/lib/sslyze/certificate/public_key.rb +0 -9
data/lib/sslyze/certificate/subject.rb +0 -117
data/lib/sslyze/certificate/subject_public_key_info.rb +0 -53
data/lib/sslyze/certificate/validity.rb +0 -9
data/lib/sslyze/certificate_chain.rb +0 -89
data/lib/sslyze/certificate_validation.rb +0 -70
data/lib/sslyze/cipher_suite.rb +0 -237
data/lib/sslyze/invalid_target.rb +0 -35
data/lib/sslyze/key_exchange.rb +0 -106
data/lib/sslyze/ocsp_response.rb +0 -87
data/lib/sslyze/protocol.rb +0 -133
data/lib/sslyze/target.rb +0 -312
data/lib/sslyze/types.rb +0 -17
data/spec/cert_info_spec.rb +0 -29
data/spec/certificate/subject_name_spec.rb +0 -72
data/spec/certificate_chain_spec.rb +0 -61
data/spec/certificate_spec.rb +0 -330
data/spec/certificate_validation_spec.rb +0 -39
data/spec/cipher_suite_spec.rb +0 -50
data/spec/invalid_target_spec.rb +0 -21
data/spec/issuer_spec.rb +0 -33
data/spec/ocsp_response_spec.rb +0 -59
data/spec/protocol_spec.rb +0 -99
data/spec/subject_public_key_info_spec.rb +0 -35
data/spec/subject_spec.rb +0 -69

data/lib/sslyze/xml/certinfo/received_certificate_chain.rb ADDED

@@ -0,0 +1,48 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/types'
+require 'sslyze/xml/certinfo/has_certificates'
+module SSLyze
+  class XML
+    class Certinfo < Plugin
+      #
+      # Represents the `<receivedCertificateChain>` XML element.
+      #
+      # @since 1.0.0
+      #
+      class ReceivedCertificateChain
+        include Types
+        include HasCertificates
+        #
+        # Initializes the {ReceivedCertificateChain} object.
+        #
+        # @param [Nokogiri::XML::Element] node
+        #
+        def initialize(node)
+          @node = node
+        end
+        #
+        # Parses the `isChainOrderValid` XML attribute.
+        #
+        # @return [Boolean]
+        #
+        def is_chain_order_valid?
+          Boolean[@node['isChainOrderValid']]
+        end
+        #
+        # Parses the `containsAnchorCertificate` XML attribute.
+        #
+        # @return [Boolean]
+        #
+        def contains_anchor_certificate?
+          Boolean[@node['containsAnchorCertificate']]
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/xml/compression.rb ADDED

@@ -0,0 +1,33 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/compression/compression_method'
+module SSLyze
+  class XML
+    #
+    # Represents the `<compression>` XML element.
+    #
+    # @since 1.0.0
+    #
+    class Compression < Plugin
+      #
+      # Parses the `<compressionMethod>` XML element.
+      #
+      # @return [CompressionMethod]
+      #
+      def deflate
+        @compression_method ||= CompressionMethod.new(
+          @node.at_xpath('compressionMethod[@type="DEFLATE"]')
+        )
+      end
+      #
+      # @see CompressionMethod#is_supported?
+      #
+      def deflate?
+        deflate.is_supported?
+      end
+    end
+  end
+end

data/lib/sslyze/xml/compression/compression_method.rb ADDED

@@ -0,0 +1,38 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/attributes/is_supported'
+module SSLyze
+  class XML
+    class Compression < Plugin
+      #
+      # Represents the `<compressionMethod>` XML element.
+      #
+      # @since 1.0.0
+      #
+      class CompressionMethod
+        include Attributes::IsSupported
+        #
+        # Initializes the {CompressionMethod} object.
+        #
+        # @param [Nokogiri::XML::Element] node
+        #   The `<compressionMethod>` XML element.
+        #
+        def initialize(node)
+          @node = node
+        end
+        #
+        # The type of compression.
+        #
+        # @return [Symbol]
+        #
+        def type
+          @type ||= @node['type'].to_sym
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/xml/fallback.rb ADDED

@@ -0,0 +1,34 @@
+require 'sslyze/xml/plugin'
+module SSLyze
+  class XML
+    #
+    # Represents the `<fallback>` XML element.
+    #
+    # @since 1.0.0
+    #
+    class Fallback < Plugin
+      #
+      # Parses the `<tlsFallbackScsv>` XML element.
+      #
+      # @return [TLSFallbackSCSV]
+      #
+      def tls_fallback_scsv
+        @tls_fallback_scsv ||= TLSFallbackSCSV.new(
+          @node.at_xpath('tlsFallbackScsv')
+        )
+      end
+      #
+      # @see TLSFallbackSCSV#is_supported?
+      #
+      def is_supported?
+        tls_fallback_scsv.is_supported?
+      end
+      alias supported? is_supported?
+    end
+  end
+end

data/lib/sslyze/xml/fallback/tls_fallback_scsv.rb ADDED

@@ -0,0 +1,27 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/is_supported'
+module SSLyze
+  class XML
+    class Fallback < Plugin
+      #
+      # Represents the `<tlsFallbackScsv>` XML element.
+      #
+      class TLSFallbackSCSV
+        include IsSupported
+        #
+        # Initializes the {TLSFallbackSCSV} object.
+        #
+        # @param [Nokogiri::XML::Element] node
+        #   The `<tlsFallbackScsv>` XML element.
+        #
+        def initialize(node)
+          @node = node
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/xml/heartbleed.rb ADDED

@@ -0,0 +1,38 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/types'
+require 'sslyze/xml/heartbleed/openssl_heartbleed'
+module SSLyze
+  class XML
+    #
+    # Represents the `<heartbleed>` XML element.
+    #
+    # @since 1.0.0
+    #
+    class Heartbleed < Plugin
+      #
+      # Parses the `<openSslHeartbleed>` XML element.
+      #
+      # @return [OpenSSLHeartbleed]
+      #
+      def openssl_heartbleed
+        @openssl_heartbleed ||= if (element = @node.at_xpath('openSslHeartbleed'))
+                                  OpenSSLHeartbleed.new(element)
+                                end
+      end
+      alias openssl openssl_heartbleed
+      #
+      # @see #has_openssl_heartbleed?
+      #
+      def is_vulnerable?
+        openssl_heartbleed && openssl_heartbleed.is_vulnerable?
+      end
+      alias vulnerable? is_vulnerable?
+    end
+  end
+end

data/lib/sslyze/xml/heartbleed/openssl_heartbleed.rb ADDED

@@ -0,0 +1,29 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/attributes/is_vulnerable'
+module SSLyze
+  class XML
+    class Heartbleed < Plugin
+      #
+      # Represents the `<openSslHeartbleed>` XML element.
+      #
+      # @since 1.0.0
+      #
+      class OpenSSLHeartbleed
+        include Attributes::IsVulnerable
+        #
+        # Initializes the {OpenSSLHeartbleed} object.
+        #
+        # @param [Nokogiri::XML::Element] node
+        #   The `<openSslHeartbleed>` XML element.
+        #
+        def initialize(node)
+          @node = node
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/xml/http_headers.rb ADDED

@@ -0,0 +1,42 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/http_headers/http_strict_transport_security'
+require 'sslyze/xml/http_headers/http_public_key_pinning'
+module SSLyze
+  class XML
+    #
+    # Represents the `<http_headers>` XML element.
+    #
+    # @since 1.0.0
+    #
+    class HTTPHeaders < Plugin
+      #
+      # HTTP Strict-Transport-Security header information.
+      #
+      # @return [HTTPStrictTransportSecurity, nil]
+      #
+      def http_strict_transport_security
+        @http_strict_transport_security ||= if (element = @node.at_xpath('httpStrictTransportSecurity'))
+                                              HTTPStrictTransportSecurity.new(element)
+                                            end
+      end
+      alias strict_transport_security http_strict_transport_security
+      #
+      # HTTP Public-Key-Pinning header information.
+      #
+      # @return [HTTPPublicKeyPinning, nil]
+      #
+      def http_public_key_pinning
+        @http_public_key_pinning ||= if (element = @node.at_xpath('httpPublicKeyPinning'))
+                                       HTTPPublicKeyPinning.new(element)
+                                     end
+      end
+      alias public_key_pinning http_public_key_pinning
+    end
+  end
+end

data/lib/sslyze/xml/http_headers/http_public_key_pinning.rb ADDED

@@ -0,0 +1,121 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/types'
+require 'sslyze/xml/attributes/is_supported'
+require 'sslyze/xml/attributes/exception'
+module SSLyze
+  class XML
+    class HTTPHeaders < Plugin
+      #
+      # Represents the `<httpPublicKeyPinning>` XML element.
+      #
+      # @since 1.0.0
+      #
+      class HTTPPublicKeyPinning
+        include Types
+        include Attributes::IsSupported
+        include Attributes::Exception
+        #
+        # Initializes the {HTTPPublicKeyPinning} element.
+        #
+        def initialize(node)
+          @node = node
+        end
+        #
+        # Parses each `pinSha256` XML element.
+        #
+        # @yield [sha256]
+        #   Yields each SHA256 checksum.
+        #
+        # @yieldparam [String] sha256
+        #   An individual pinned SHA256 checksum.
+        #
+        # @return [Enumerator]
+        #
+        def each_pin_sha256
+          return enum_for(__method__) unless block_given?
+          @node.xpath('pinSha256').each do |element|
+            yield element.inner_text
+          end
+        end
+        alias each_sha256 each_pin_sha256
+        #
+        # @return [Array<String>]
+        #
+        # @see #each_pin_sha256
+        #
+        def pin_sha256s
+          each_pin_sha256.to_a
+        end
+        alias sha256s pin_sha256s
+        #
+        # Parses the `includeSubDomains` XML attribute.
+        #
+        # @return [Boolean]
+        #
+        def include_sub_domains?
+          Boolean[@node['includeSubDomains']]
+        end
+        #
+        # Parses the `maxAge` attribute.
+        #
+        # @return [Integer, nil]
+        #
+        def max_age
+          @max_age ||= if (value = @node['maxAge'])
+                         value.to_i
+                       end
+        end
+        #
+        # Parses the `reportOnly` XML attribute.
+        #
+        # @return [Boolean]
+        #
+        def report_only
+          Boolean[@node['reportOnly']]
+        end
+        #
+        # Parses the `reportUri` XML attribute.
+        #
+        # @return [String, nil]
+        #
+        def report_uri
+          @report_uri ||= case (value = @node['reportUri'])
+                          when nil, 'None' then nil
+                          else                  value
+                          end
+        end
+        #
+        # Parses the `isValidPinConfigured` XML attribute.
+        #
+        # @return [Boolean]
+        #
+        def is_valid_pin_configured?
+          Boolean[@node['isValidPinConfigured']]
+        end
+        #
+        # Parses the `isBackupPinConfigured` XML attribute.
+        #
+        # @return [Boolean]
+        #
+        def is_backup_pin_configured?
+          Boolean[@node['isBackupPinConfigured']]
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/xml/http_headers/http_strict_transport_security.rb ADDED

@@ -0,0 +1,59 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/types'
+require 'sslyze/xml/attributes/is_supported'
+require 'sslyze/xml/attributes/exception'
+module SSLyze
+  class XML
+    class HTTPHeaders < Plugin
+      #
+      # Represents the `<httpStrictTransportSecurity/>` XML element.
+      #
+      # @since 1.0.0
+      #
+      class HTTPStrictTransportSecurity
+        include Types
+        include Attributes::IsSupported
+        include Attributes::Exception
+        #
+        # Initializes the {HTTPStrictTransportSecurity} object.
+        #
+        def initialize(node)
+          @node = node
+        end
+        #
+        # Parses the `includeSubDomains` XML attribute.
+        #
+        # @return [Boolean]
+        #
+        def include_sub_domains?
+          Boolean[@node['includeSubDomains']]
+        end
+        #
+        # Parses the `maxAge` XML attribute.
+        #
+        # @return [Integer, nil]
+        #
+        def max_age
+          @max_age ||= if (value = @node['maxAge'])
+                         value.to_i
+                       end
+        end
+        #
+        # Parses the `preload` XML attribute.
+        #
+        # @return [Boolean]
+        #
+        def preload?
+          Boolean[@node['preload']]
+        end
+      end
+    end
+  end
+end