sslscan_wrapper 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/sslscan_wrapper/report.rb +67 -43
  3. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 17102ec6e6de9081e6b60fd9c8c87b9402a48fbdb9835504e186c72446acc751
4
- data.tar.gz: fd6a13ba469b548cecc3334ef7912602040622591ecc85fe35042487a4e60390
3
+ metadata.gz: 03f023bc03720c2b805c53f8fb96461c9e08f20c004d1ab47a5e7530e37348bd
4
+ data.tar.gz: d54e2450f1ee9807deb1bdf4685a8ba0c8af10fb9d9c2c700cf02bb70e39cd7c
5
5
  SHA512:
6
- metadata.gz: 110da3e2aa079522204b497810c4dd73604ca9a6cc94c87c5f5774b311a35669f89646cbc9fcbfd6b18ca54c258a1a601269a26f77a37c4faebf2e3cd397016d
7
- data.tar.gz: 3561cca8da3ab70d813955657afb89070b27e86467634a58247ccd2feb48356ed03704018d9303c7a6bdf5bd0df4f6b10fa953d04749ec183a327c8c8e5e7468
6
+ metadata.gz: 90dc7681488b7a5ce688521f9e98c1b2447df47b901a50b4a4a3d5052ad2f1199c0759f4ac0ca96d2b09cd246160972a3ac9aed226a4d9991d5ef847c710cc65
7
+ data.tar.gz: d25025101165013b3b9ba08f082f0f837a7b209af464d37b65e6bfdd0c8467ab873871a320fb59f4de77057ab3a8de5bd4d8ea6a5b9e8b182132e68e5f0b0faa
@@ -1,4 +1,5 @@
1
1
  require 'nokogiri'
2
+ require 'openssl'
2
3
  require 'time'
3
4
 
4
5
  module SslscanWrapper
@@ -20,59 +21,72 @@ module SslscanWrapper
20
21
  @doc = Nokogiri::XML(@body)
21
22
  end
22
23
 
23
- # The hostname of the scanned host
24
- def host
25
- @doc.xpath('//ssltest/@host').first.value
24
+ def self.attr_first_value_accessor(name, xpath)
25
+ define_method(name) do
26
+ node = @doc.xpath(xpath).first
27
+ node.value unless node.nil?
28
+ end
26
29
  end
27
30
 
28
- # The port of the scan report
29
- def port
30
- @doc.xpath('//ssltest/@port').first.value
31
+ def self.attr_first_value_boolean_true?(name, xpath)
32
+ define_method(name) do
33
+ node = @doc.xpath(xpath).first
34
+ node.value.to_i == 1 unless node.nil?
35
+ end
31
36
  end
32
37
 
33
- # Is ssl compression supported on target?
34
- def compression_supported?
35
- @doc.xpath('//compression/@supported').first.value == '1'
38
+ def self.content_first_node_accessor(name, xpath)
39
+ define_method(name) do
40
+ node = @doc.xpath(xpath).first
41
+ node.content unless node.nil?
42
+ end
36
43
  end
37
44
 
38
- # Does the target support TLS renegotiation?
39
- def renegotiation_supported?
40
- @doc.xpath('//renegotiation/@supported').first.value == '1'
45
+ def self.content_first_node_boolean_true?(name, xpath)
46
+ define_method(name) do
47
+ node = @doc.xpath(xpath).first
48
+ node.content == 'true' unless node.nil?
49
+ end
41
50
  end
42
51
 
43
- def renegotiation_secure?
44
- @doc.xpath('//renegotiation/@secure').first.value == '1'
52
+ def self.all_attr_values_accessor(name, xpath)
53
+ define_method(name) do
54
+ @doc.xpath(xpath).map(&:value)
55
+ end
45
56
  end
46
57
 
58
+ # The hostname of the scanned host
59
+ attr_first_value_accessor :host, '//ssltest/@host'
60
+
61
+ # The port of the scan report
62
+ attr_first_value_accessor :port, '//ssltest/@port'
63
+
64
+ # Is ssl compression supported on target?
65
+ attr_first_value_boolean_true? :compression_supported?, '//compression/@supported'
66
+
67
+ # Does the target support TLS renegotiation?
68
+ attr_first_value_boolean_true? :renegotiation_supported?, '//renegotiation/@supported'
69
+
70
+ # Is the renegotiation secure?
71
+ attr_first_value_boolean_true? :renegotiation_secure?, '//renegotiation/@secure'
72
+
47
73
  # Signature algorithm used in the certificate
48
- def signature_algorithm
49
- @doc.xpath('//certificate/signature-algorithm').first.content
50
- end
74
+ content_first_node_accessor :signature_algorithm, '//certificate/signature-algorithm'
51
75
 
52
76
  # Subject of the certificate
53
- def subject
54
- @doc.xpath('//certificate/subject').first.content
55
- end
77
+ content_first_node_accessor :subject, '//certificate/subject'
56
78
 
57
79
  # Subject alternative names of the certificate
58
- def altnames
59
- @doc.xpath('//certificate/altnames').first.content
60
- end
80
+ content_first_node_accessor :altnames, '//certificate/altnames'
61
81
 
62
82
  # Issuer of the certificate
63
- def issuer
64
- @doc.xpath('//certificate/issuer').first.content
65
- end
83
+ content_first_node_accessor :issuer, '//certificate/issuer'
66
84
 
67
85
  # Is the certificate a self-signed certificate?
68
- def self_signed?
69
- @doc.xpath('//certificate/self-signed').first.content == 'true'
70
- end
86
+ content_first_node_boolean_true? :self_signed?, '//certificate/self-signed'
71
87
 
72
88
  # Is the certificate expired?
73
- def expired?
74
- @doc.xpath('//certificate/expired').first.content == 'true'
75
- end
89
+ content_first_node_boolean_true? :expired?, '//certificate/expired'
76
90
 
77
91
  # Time the certificate starts to be valid
78
92
  def not_before
@@ -87,28 +101,38 @@ module SslscanWrapper
87
101
  end
88
102
 
89
103
  # Returns a list of supported ciphers
90
- def ciphers
91
- @doc.xpath('//cipher/@cipher').map(&:value)
92
- end
104
+ all_attr_values_accessor :ciphers, '//cipher/@cipher'
93
105
 
94
106
  # Is the cipher supported?
95
- def cipher_supported?(cipher)
96
- @doc.xpath("//cipher[@cipher=\"#{cipher}\"]").count > 0
107
+ def support_cipher?(cipher)
108
+ @doc.xpath("//cipher[@cipher=$cipher]", nil, { cipher: cipher }).count > 0
97
109
  end
98
110
 
99
111
  # Returns a list of preferred ciphers
100
- def preferred_ciphers
101
- @doc.xpath('//cipher[@status="preferred"]/@cipher').map(&:value)
102
- end
112
+ all_attr_values_accessor :preferred_ciphers, '//cipher[@status="preferred"]/@cipher'
103
113
 
104
114
  # Returns a list of SSL/TLS protocol versions vulnerable to heartbleed
105
- def heartbleed_vulnerable_sslversions
106
- @doc.xpath('//heartbleed[@vulnerable="1"]/@sslversion').map(&:value)
107
- end
115
+ all_attr_values_accessor :heartbleed_vulnerable_sslversions, '//heartbleed[@vulnerable="1"]/@sslversion'
108
116
 
109
117
  # Are there any heartblead vulnerable SSL/TLS protocol versions?
110
118
  def heartbleed_vulnerable?
111
119
  @doc.xpath('//heartbleed[@vulnerable="1"]').count > 0
112
120
  end
121
+
122
+ # Returns a list of supported SSL protocol versions
123
+ def sslversions
124
+ @doc.xpath('//cipher/@sslversion').map(&:value).uniq
125
+ end
126
+
127
+ # Check if a SSL protocol version is supported
128
+ def support_sslversion?(version)
129
+ @doc.xpath("//cipher[@sslversion=$version]", nil, { version: version }).count > 0
130
+ end
131
+
132
+ # Return the parsed certificate blob as OpenSSL::X509::Certificate
133
+ def certificate
134
+ node = @doc.xpath('//certificate/certificate-blob').first
135
+ OpenSSL::X509::Certificate.new(node.content) unless node.nil?
136
+ end
113
137
  end
114
138
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sslscan_wrapper
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Markus Benning
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-04-04 00:00:00.000000000 Z
11
+ date: 2018-04-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aruba