RubyGems - yawast - Versions diffs - 0.5.0.beta7 → 0.5.0.beta8 - Mend

yawast 0.5.0.beta7 → 0.5.0.beta8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/scanner/plugins/ssl/sweet32.rb +25 -2
data/lib/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4f046f0314626571128c97bbcf2ff87947f88e66
-  data.tar.gz: 8a01a5d54536515a6ab541b54bb9abdeb29f864f
+  metadata.gz: 76e1b89755a35676aaf8b0c09b610374cc65ffb0
+  data.tar.gz: d724a23dfeadf0c7caa6cd6d743d0f4b7bb8e7fe
 SHA512:
-  metadata.gz: 865bb32735ba681b546395eaf8c7edf9bd6671d5681a9f8c93a3cf68b36e71fac4b70b2ee1807197dfbd9c96a23160c117589a28a45bbf58dd91c0fc9e457018
-  data.tar.gz: aea15cd82a94b9310170b9640278b3e4b34582f6f550685c900bd9eaf544fa6eb93a592c617d5141a644fc361be5ade12035d3f883a5086e14d155751f2cc939
+  metadata.gz: 632588ee25be17d27c1c280db6ce036bb6947edba73d6b656934942977501363de41da0b2e6f7b483285a828f239ad81dd84ff98c63f043d35ebfe9f20be0b62
+  data.tar.gz: 9e90bb7d3cd0cdb5929a1ed7bd42e18d60a47a84808ee35dcc546b6560f78e2d657dffccc62ddbaccc3a3babf6c43406a7a6a03d030b7764853f31bc8ccf5225

data/lib/scanner/plugins/ssl/sweet32.rb CHANGED Viewed

@@ -21,6 +21,9 @@ module Yawast
               req.keep_alive_timeout = 600
               headers = Yawast::Shared::Http.get_headers
+              #we will use HEAD by default, but allow GET if we have issues with HEAD
+              use_head = true
               #force 3DES - this is to ensure that 3DES specific limits are caught
               req.ciphers = ['3DES']
@@ -32,7 +35,23 @@ module Yawast
                   begin
                     req.start do |http|
-                      head = http.head(uri.path, headers)
+                      head = nil
+                      begin
+                        if use_head
+                          head = http.head(uri.path, headers)
+                        else
+                          head = http.request_get(uri.path, headers)
+                        end
+                      rescue
+                        #check if we are using HEAD or GET. If we've already switched to GET, no need to do this again.
+                        if use_head
+                          head = http.request_get(uri.path, headers)
+                          #if we are here, that means that HEAD failed, but GET didn't, so we'll use GET from now on.
+                          use_head = false
+                        end
+                      end
                       #check to see if this is on Cloudflare - they break Keep-Alive limits, creating a false positive
                       head.each do |k, v|
@@ -57,7 +76,11 @@ module Yawast
                 #cache the number of hits
                 hits = http.instance_variable_get(:@ssl_context).session_cache_stats[:cache_hits]
                 10000.times do |i|
-                  http.head(uri.path, headers)
+                  if use_head
+                    http.head(uri.path, headers)
+                  else
+                    http.request_get(uri.path, headers)
+                  end
                   # hack to detect transparent disconnects
                   if http.instance_variable_get(:@ssl_context).session_cache_stats[:cache_hits] != hits

data/lib/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Yawast
-  VERSION = '0.5.0.beta7'
+  VERSION = '0.5.0.beta8'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: yawast
 version: !ruby/object:Gem::Version
-  version: 0.5.0.beta7
+  version: 0.5.0.beta8
 platform: ruby
 authors:
 - Adam Caudill