RubyGems - sensu-plugins-ssl - Versions diffs - 1.5.0 → 2.0.0 - Mend

sensu-plugins-ssl 1.5.0 → 2.0.0

Files changed (6) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +16 -1
data/README.md +8 -0
data/bin/check-ssl-qualys.rb +71 -21
data/lib/sensu-plugins-ssl/version.rb +2 -2
metadata +3 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 7e23f7f9bda17a902a794ba2b392db1fab95bc18
-  data.tar.gz: dcfb2876610019130353b96e5eeee56ce760b7bf
+SHA256:
+  metadata.gz: a3a3897180c22577185edd1adc5a1dbf56c40f6bebd440ca0a115d25977ba4ce
+  data.tar.gz: 61647f568fffad2d7a6e9017ef80605ad2cef91f63067e926fef5ed911c3b57c
 SHA512:
-  metadata.gz: 055dd188beb7356eb2c10edfab2db5432343910d4548a6ab4f911860bd27d93814b8e896ea02a54d240c265140ded0edf1209433f1d49c30ad1c45f6f78af200
-  data.tar.gz: 9724710d3b54fb0d20538232cefb3992fa1ef7c707489c4cb6bc15de62a9e098cebb983016396344ee6ca6781af5a87f647ba76e9d6dcee92786ee3041422593
+  metadata.gz: 865092f6bc7e45b28a6e70ad6fe2f97cc4872a5c4e49bcb1ac5de50808529ab83a98cd10a3c94178d8e26fdb0d5ea05bc38fb212e39d64fc7a1942ebeaff348f
+  data.tar.gz: a5367f0f04bb14f7ac3c2e5fa4aea72001ef80d763f688aa8a501774bf360892881a64cbc88d34ee6bf393afc3911d0741cf0bdcaee18895c54bae5a42df0989

data/CHANGELOG.md CHANGED

@@ -5,6 +5,20 @@ This CHANGELOG follows the format listed [here](https://github.com/sensu-plugins
 ## [Unreleased]
+## [2.0.0] - 2018-03-27
+### Breaking Changes
+- `check-ssl-qualys.rb`: when you submit a request with caching enabled it will return back a response including an eta key. Rather than sleeping for some arbitrary number of time we now use this key when its greater than `--between-checks` to wait before attempting the next attempt to query. If it is lower or not present we fall back to `--between-checks` (@majormoses)
+- `check-ssl-qualys.rb`: new `--timeout` parameter to short circuit slow apis (@majormoses)
+### Changed
+- `check-ssl-qualys.rb`: updated `--api-url` to default to `v3` but remains backwards compatible (@jhoblitt) (@majormoses)
+### Added
+`check-ssl-qualys.rb`: option `--debug` to enable debug logging (@majormoses)
+### Fixed
+- `check-ssl-hsts-preloadable.rb`: Fixed testing warnings for if a domain can be HSTS preloaded (@rwky)
 ## [1.5.0] - 2017-09-26
 ### Added
 - Ruby 2.4.1 testing
@@ -91,7 +105,8 @@ This CHANGELOG follows the format listed [here](https://github.com/sensu-plugins
 ### Added
 - initial release
-[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.5.0...HEAD
+[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/2.0.0...HEAD
+[2.0.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.5.0...2.0.0
 [1.5.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.4.0...1.5.0
 [1.4.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.3.1...1.4.0
 [1.3.1]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.3.0...1.3.1

data/README.md CHANGED

@@ -46,6 +46,14 @@ or an online CRL:
 Critical and Warning thresholds are specified in minutes.
+### `bin/check-ssl-qualys.rb`
+Checks the ssllabs qualysis api for grade of your server, this check can be quite long so it should not be scheduled with a low interval and will probably need to adjust the check `timeout` options per the [check attributes spec](https://docs.sensu.io/sensu-core/1.2/reference/checks/#check-attributes) based on my tests you should expect this to take around 3 minutes.
+```
+./bin/check-ssl-qualys.rb -d google.com
+```
 ## Installation
 [Installation and Setup](http://sensu-plugins.io/docs/installation_instructions.html)

data/bin/check-ssl-qualys.rb CHANGED

@@ -1,5 +1,6 @@
 #!/usr/bin/env ruby
 # encoding: UTF-8
 #  check-ssl-qualys.rb
 #
 # DESCRIPTION:
@@ -41,6 +42,7 @@
 require 'sensu-plugin/check/cli'
 require 'json'
 require 'net/http'
+require 'timeout'
 # Checks a single DNS entry has a rating above a certain level
 class CheckSSLQualys < Sensu::Plugin::Check::CLI
@@ -56,7 +58,7 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
   option :api_url,
          description: 'The URL of the API to run against',
          long: '--api-url URL',
-         default: 'https://api.ssllabs.com/api/v2/'
+         default: 'https://api.ssllabs.com/api/v3/'
   option :warn,
          short: '-w GRADE',
@@ -72,6 +74,12 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
          proc: proc { |g| GRADE_OPTIONS.index(g) },
          default: 3 # 'B'
+  option :debug,
+         long: '--debug BOOL',
+         description: 'toggles extra debug printing',
+         boolean: true,
+         default: false
   option :num_checks,
          short: '-n NUM_CHECKS',
          long: '--number-checks NUM_CHECKS',
@@ -82,17 +90,31 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
   option :between_checks,
          short: '-t SECONDS',
          long: '--time-between SECONDS',
-         description: 'The time between each poll of the API',
+         description: 'The fallback time between each poll of the API, when an ETA is given by the previous response and is higher than this value it is used',
          proc: proc { |t| t.to_i },
          default: 10
+  option :timeout,
+         short: '-t SECONDS',
+         descriptions: 'the ammount of seconds that this is allowed to run for',
+         proc: proc(&:to_i),
+         default: 300
   def ssl_api_request(from_cache)
     params = { host: config[:domain] }
-    params[:startNew] = 'on' unless from_cache
+    params[:startNew] = if from_cache == true
+                          'off'
+                        else
+                          'on'
+                        end
     uri       = URI("#{config[:api_url]}analyze")
     uri.query = URI.encode_www_form(params)
-    response  = Net::HTTP.get_response(uri)
+    begin
+      response = Net::HTTP.get_response(uri)
+    rescue StandardError => e
+      warning e
+    end
     warning 'Bad response recieved from API' unless response.is_a?(Net::HTTPSuccess)
@@ -107,11 +129,37 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
   def ssl_recheck
     1.upto(config[:num_checks]) do |step|
-      json = ssl_check(step != 1)
+      p "step: #{step}" if config[:debug]
+      start_time = Time.now
+      p "start_time: #{start_time}" if config[:debug]
+      json = if step == 1
+               ssl_check(false)
+             else
+               ssl_check(true)
+             end
       return json if json['status'] == 'READY'
-      sleep(config[:between_checks])
+      if json['endpoints'] && json['endpoints'].is_a?(Array)
+        p "endpoints: #{json['endpoints']}" if config[:debug]
+        # The api response sometimes has low eta (which seems unrealistic) from
+        # my tests that can be 0 or low numbers which would imply it is done...
+        # Basically we check if present and if its higher than the specified
+        # time to wait between checks. If so we use the eta from the api get
+        # response otherwise we use the time between check values. We have an
+        # overall timeout that protects us from the api telling us to wait for
+        # insanely long time periods. The highest I have seen the eta go was
+        # around 250 seconds but put it in just in case as the api has very
+        # erratic response times.
+        if json['endpoints'].first.is_a?(Hash) && json['endpoints'].first.key?('eta') && json['endpoints'].first['eta'] > config[:between_checks]
+          p "eta: #{json['endpoints'].first['eta']}" if config[:debug]
+          sleep(json['endpoints'].first['eta'])
+        else
+          p "sleeping with default: #{config[:between_checks]}" if config[:debug]
+          sleep(config[:between_checks])
+        end
+      end
+      p "elapsed: #{Time.now - start_time}" if config[:debug]
+      warning 'Timeout waiting for check to finish' if step == config[:num_checks]
     end
-    warning 'Timeout waiting for check to finish'
   end
   def ssl_grades
@@ -121,23 +169,25 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
   end
   def lowest_grade
-    ssl_grades.sort_by! { |g| GRADE_OPTIONS.index(g) } .reverse![0]
+    ssl_grades.sort_by! { |g| GRADE_OPTIONS.index(g) }.reverse![0]
   end
   def run
-    grade = lowest_grade
-    unless grade
-      message "#{config[:domain]} not rated"
-      critical
-    end
-    message "#{config[:domain]} rated #{grade}"
-    grade_rank = GRADE_OPTIONS.index(grade)
-    if grade_rank > config[:critical]
-      critical
-    elsif grade_rank > config[:warn]
-      warning
-    else
-      ok
+    Timeout.timeout(config[:timeout]) do
+      grade = lowest_grade
+      unless grade
+        message "#{config[:domain]} not rated"
+        critical
+      end
+      message "#{config[:domain]} rated #{grade}"
+      grade_rank = GRADE_OPTIONS.index(grade)
+      if grade_rank > config[:critical]
+        critical
+      elsif grade_rank > config[:warn]
+        warning
+      else
+        ok
+      end
     end
   end
 end

data/lib/sensu-plugins-ssl/version.rb CHANGED

@@ -1,7 +1,7 @@
 module SensuPluginsSSL
   module Version
-    MAJOR = 1
-    MINOR = 5
+    MAJOR = 2
+    MINOR = 0
     PATCH = 0
     VER_STRING = [MAJOR, MINOR, PATCH].compact.join('.')

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sensu-plugins-ssl
 version: !ruby/object:Gem::Version
-  version: 1.5.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Sensu-Plugins and contributors
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-09-26 00:00:00.000000000 Z
+date: 2018-03-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sensu-plugin
@@ -220,7 +220,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.13
+rubygems_version: 2.7.6
 signing_key:
 specification_version: 4
 summary: Sensu plugins for SSL