ruby-sslyze 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: bee86f9696ba9bc1f258a39a3674722c5da075e8
-  data.tar.gz: 371902d6a7249430a2642d96d2924c11eb87edee
+  metadata.gz: 7170e79ae6e7d69becc03cea5c84b015253cce4d
+  data.tar.gz: 06f17142a24b912a7c26983b6dae5b1b8f4c4f86
 SHA512:
-  metadata.gz: bf2dc962eec84bd8f420bbf10104da3947a7667b854e775ad81c07f3a0d714ed1e812cd02ff94e99586feadb974a2e31c3efd7069bf9a51dca461dd0cfc078e1
-  data.tar.gz: 05bb76e5ea8445a67633c2b303f5505916e0ce2caf2ba51beb93848964f253d5d199b47cf57a42db15f11947f7f1d479197ea4926d6b7f8df8c1a5b4d130970d
+  metadata.gz: 6ec67afa81afa9ad7b3b1ffffc607c810a57b621a7a4f10444b554972d4b19822791b50ecf641cfbe66a963c836f791bd66913784da9426db327aa37720db80b
+  data.tar.gz: e9282b4878788e92a6c8e4643ff19d57745381701d29f43651e7f794a1cc789315b7e5b7fb4d2c869526a86eb6767a48fbd7bba2bbc622f3a7e51064a198b2c5

data/.travis.yml

@@ -1,12 +1,11 @@
 language: ruby
 sudo: false
 rvm:
-- 1.9.3
 - 2.0
 - 2.1
+- 2.2
 - ruby-head
-- jruby-19mode
-- jruby-head
+- jruby
 - rbx-2
 matrix:
   allow_failures:

data/ChangeLog.md

@@ -1,3 +1,19 @@
+### 0.2.0 / 2016-08-16
+
+* Requires sslyze 0.12.x.
+* Added {SSLyze::XML#each_invalid_target}.
+* Added {SSLyze::XML#invalid_targets}.
+* Added {SSLyze::InvalidTarget}.
+* Added {SSLyze::Target#ssl_v2} alias.
+* Added {SSLyze::Target#ssl_v3} alias.
+* Added {SSLyze::Target#tls_v1} alias.
+* Added {SSLyze::Target#tls_v1_1} alias.
+* Added {SSLyze::Target#tls_v1_2} alias.
+* Added {SSLyze::CertificateValidation#path?}.
+* Added {SSLyze::CertificateValidation#results}.
+* Fixed a bug in {SSLyze::CertInfo#validation} when the `certificateValidation`
+  node is omitted.
+
 ### 0.1.1 / 2015-12-08
 
 * `certificateValidation` may be omitted from `certinfo` if an OpenSSL

data/README.md

@@ -17,7 +17,7 @@ A Ruby interface to [sslyze] python utility.
 
 * Provides a Ruby interface to `sslyze.py`.
 * Provides a Parser for consuming the sslyze XML output.
-* [sslyze] >= 0.12
+* [sslyze] 0.12.x
 
 ## Examples
 
@@ -52,7 +52,7 @@ Parsing sslyze XML output:
 
 * [rprogram] ~> 0.3
 * [nokogiri] ~> 1.0
-* [sslyze] >= 0.12
+* [sslyze] 0.12.x
 
 ## Install
 

data/lib/sslyze/certificate_validation.rb

@@ -27,6 +27,20 @@ module SSLyze
       Boolean[@node.at('hostnameValidation/@certificateMatchesServerHostname').value]
     end
 
+    #
+    # Retrieves the validation results for each trust store.
+    #
+    # @return [Hash{String => String}]
+    #   The certificate store name and validation result.
+    #
+    # @since 0.2.0
+    #
+    def results
+      @path ||= Hash[@node.search('pathValidation').map { |path|
+        [path['usingTrustStore'], path['validationResult']]
+      }]
+    end
+
     #
     # Specifies whether the certificate path was validated against various
     # certificate stores.
@@ -35,10 +49,22 @@ module SSLyze
     #   The certificate store name and validation result.
     #
     def path
-      @path ||= Hash[@node.search('pathValidation').map { |path|
-        [path['usingTrustStore'], path['validationResult'] == 'ok']
+      @path ||= Hash[results.map { |trust_store,result|
+        [trust_store, result == 'ok']
       }]
     end
 
+    #
+    # Determines whether the certificate was validated by all the certificate
+    # stores.
+    #
+    # @return [Boolean]
+    #
+    # @since 0.2.0
+    #
+    def path?
+      path.all? { |cert_store,trusted| trusted }
+    end
+
   end
 end

data/lib/sslyze/invalid_target.rb

@@ -0,0 +1,35 @@
+module SSLyze
+  #
+  # Represents the `<invalidTarget>` XML element.
+  #
+  class InvalidTarget
+
+    #
+    # Initializes the invalid target.
+    #
+    # @param [Nokogiri::XML::Node] node
+    #   The `<invalid>` XML element.
+    #
+    def initialize(node)
+      @node = node
+    end
+
+    #
+    # The host name of the target.
+    #
+    # @return [String]
+    #
+    def host
+      @host ||= @node.text
+    end
+
+    #
+    # The error from the scan.
+    #
+    # @return [String]
+    #
+    def error
+      @ip ||= @node['error']
+    end
+  end
+end

data/lib/sslyze/target.rb

@@ -133,6 +133,8 @@ module SSLyze
                  end
     end
 
+    alias ssl_v2 sslv2
+
     #
     # SSLv3 protocol information.
     #
@@ -144,6 +146,8 @@ module SSLyze
                  end
     end
 
+    alias ssl_v3 sslv3
+
     #
     # TLSv1 protocol information.
     #
@@ -155,6 +159,8 @@ module SSLyze
                  end
     end
 
+    alias tls_v1 tlsv1
+
     #
     # TLSv1.1 protocol information.
     #
@@ -166,6 +172,8 @@ module SSLyze
                    end
     end
 
+    alias tls_v1_1 tlsv1_1
+
     #
     # TLSv1.2 protocol information.
     #
@@ -177,6 +185,8 @@ module SSLyze
                    end
     end
 
+    alias tls_v1_2 tlsv1_2
+
     #
     # Iterates over every SSL protocol.
     #

data/lib/sslyze/version.rb

@@ -1,4 +1,4 @@
 module SSLyze
   # ruby-sslyze version
-  VERSION = "0.1.1"
+  VERSION = "0.2.0"
 end

data/lib/sslyze/xml.rb

@@ -1,4 +1,5 @@
 require 'sslyze/target'
+require 'sslyze/invalid_target'
 require 'sslyze/types'
 require 'nokogiri'
 
@@ -90,12 +91,32 @@ module SSLyze
     end
 
     #
-    # The invalid targets.
+    # @return [Array<InvalidTarget>]
     #
-    # @raise [NotImplementedError]
+    # @see #each_invalid_target
+    #
+    # @since 0.2.0
     #
     def invalid_targets
-      raise(NotImplementedError,"#{self.class}##{__method__} not implemented")
+      each_invalid_target.to_a
+    end
+
+    # Enumerates over each invalid target.
+    #
+    # @yield [invalidtarget]
+    #
+    # @yieldparam [InvalidTarget] invalid_target
+    #
+    # @return [Enumerator]
+    #
+    # @since 0.2.0
+    #
+    def each_invalid_target
+      return enum_for(__method__) unless block_given?
+
+      @doc.search('invalidTargets/invalidTarget').each do |inval|
+        yield InvalidTarget.new(inval)
+      end
     end
 
     #

data/ruby-sslyze.gemspec

@@ -17,6 +17,8 @@ Gem::Specification.new do |gem|
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.require_paths = ['lib']
 
+  gem.requirements << 'sslyze 0.12.x'
+
   gem.add_dependency 'rprogram', '~> 0.3'
   gem.add_dependency 'nokogiri', '~> 1.0'
 

data/spec/certificate_validation_spec.rb

@@ -13,8 +13,20 @@ describe SSLyze::CertificateValidation do
     end
   end
 
-  describe "#path" do
+  describe "#results" do
     it "should parse the pathValidation elements into a Hash" do
+      expect(subject.results).to be == {
+        'Mozilla NSS' => 'ok',
+        'Microsoft' => 'ok',
+        'Apple' => 'ok',
+        'Java 6' => 'ok',
+        'Google' => 'ok' 
+      }
+    end
+  end
+
+  describe "#path" do
+    it "should check if each pathValidation/@validationResult is 'ok'" do
       expect(subject.path).to be == {
         'Mozilla NSS' => true,
         'Microsoft' => true,

data/spec/invalid_target_spec.rb

@@ -0,0 +1,21 @@
+require 'spec_helper'
+require 'xml_examples'
+require 'sslyze/invalid_target'
+
+describe SSLyze::InvalidTarget do
+  include_examples "XML specs"
+
+  subject { described_class.new(xml.at('/document/invalidTargets/invalidTarget')) }
+
+  describe "#host" do
+    it "must parse the host attribute" do
+      expect(subject.host).to be == '10.10.10.1:443'
+    end
+  end
+
+  describe "#error" do
+    it "must parse the ip attribute" do
+      expect(subject.error).to be == 'Could not connect (timeout)'
+    end
+  end
+end

data/spec/sslyze.xml

@@ -1,6 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <document SSLyzeVersion="0.12.0" SSLyzeWeb="https://github.com/nabla-c0d3/sslyze" title="SSLyze Scan Results">
-  <invalidTargets/>
+  <invalidTargets>
+    <invalidTarget error="Could not connect (timeout)">10.10.10.1:443</invalidTarget>
+    <invalidTarget error="Could not connect (timeout)">10.10.10.2:443</invalidTarget>
+  </invalidTargets>
   <results defaultTimeout="5" httpsTunnel="None" startTLS="None" totalScanTime="9.99340701103">
     <target host="github.com" ip="192.30.252.130" port="443">
       <certinfo argument="basic" title="Certificate Information">
@@ -103,6 +106,7 @@ XX4C2NesiZcLYbc2n7B9O+63M2k=
             <serialNumber>0C009310D206DBE337553580118DDC87</serialNumber>
             <subject>
               <serialNumber>5157550</serialNumber>
+              <organizationalUnitName>Information Security</organizationalUnitName>
               <organizationName>GitHub, Inc.</organizationName>
               <businessCategory>Private Organization</businessCategory>
               <jurisdictionCountryName>US</jurisdictionCountryName>

data/spec/subject_spec.rb

@@ -8,7 +8,9 @@ describe SSLyze::Certificate::Subject do
   subject { described_class.new(xml.at('/document/results/target/certinfo/certificateChain/certificate/subject')) }
 
   describe "#organizational_unit_name" do
-    pending "need data"
+    it "should parse the organizationUnitName element" do
+      expect(subject.organizational_unit_name).to be == 'Information Security'
+    end
   end
 
   describe "#organization_name" do

data/spec/xml_spec.rb

@@ -47,14 +47,18 @@ describe SSLyze::XML do
   end
 
   describe "#invalid_targets" do
-    pending "need data"
+    it "should return an Array of Strings" do
+      val = subject.invalid_targets
+      expect(val).to be_an(Array).and(all(be_a(InvalidTarget)))
+      expect(val.size).to be == 2
+    end
   end
 
-  describe "#each_target" do
-    it "should iterate over each target element under results" do
+  describe "#each_invalid_target" do
+    it "should iterate over each invalid target element under results" do
       expect { |b|
-        subject.each_target(&b)
-      }.to yield_successive_args(Target, Target, Target)
+        subject.each_invalid_target(&b)
+      }.to yield_successive_args(InvalidTarget, InvalidTarget)
     end
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-sslyze
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Hal Brodigan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-12-08 00:00:00.000000000 Z
+date: 2016-08-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rprogram
@@ -89,6 +89,7 @@ files:
 - lib/sslyze/certificate_chain.rb
 - lib/sslyze/certificate_validation.rb
 - lib/sslyze/cipher_suite.rb
+- lib/sslyze/invalid_target.rb
 - lib/sslyze/key_exchange.rb
 - lib/sslyze/ocsp_response.rb
 - lib/sslyze/program.rb
@@ -105,6 +106,7 @@ files:
 - spec/certificate_spec.rb
 - spec/certificate_validation_spec.rb
 - spec/cipher_suite_spec.rb
+- spec/invalid_target_spec.rb
 - spec/issuer_spec.rb
 - spec/key_exchange_spec.rb
 - spec/ocsp_response_spec.rb
@@ -135,9 +137,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
-requirements: []
+requirements:
+- sslyze 0.12.x
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.4.7
 signing_key: 
 specification_version: 4
 summary: Ruby interface to sslyze
@@ -148,6 +151,7 @@ test_files:
 - spec/certificate_spec.rb
 - spec/certificate_validation_spec.rb
 - spec/cipher_suite_spec.rb
+- spec/invalid_target_spec.rb
 - spec/issuer_spec.rb
 - spec/key_exchange_spec.rb
 - spec/ocsp_response_spec.rb