RubyGems - yawast - Versions diffs - 0.5.0.beta7 → 0.5.0.beta8 - Mend

yawast 0.5.0.beta7 → 0.5.0.beta8

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/scanner/plugins/ssl/sweet32.rb +25 -2
data/lib/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4f046f0314626571128c97bbcf2ff87947f88e66
-  data.tar.gz: 8a01a5d54536515a6ab541b54bb9abdeb29f864f
+  metadata.gz: 76e1b89755a35676aaf8b0c09b610374cc65ffb0
+  data.tar.gz: d724a23dfeadf0c7caa6cd6d743d0f4b7bb8e7fe
 SHA512:
-  metadata.gz: 865bb32735ba681b546395eaf8c7edf9bd6671d5681a9f8c93a3cf68b36e71fac4b70b2ee1807197dfbd9c96a23160c117589a28a45bbf58dd91c0fc9e457018
-  data.tar.gz: aea15cd82a94b9310170b9640278b3e4b34582f6f550685c900bd9eaf544fa6eb93a592c617d5141a644fc361be5ade12035d3f883a5086e14d155751f2cc939
+  metadata.gz: 632588ee25be17d27c1c280db6ce036bb6947edba73d6b656934942977501363de41da0b2e6f7b483285a828f239ad81dd84ff98c63f043d35ebfe9f20be0b62
+  data.tar.gz: 9e90bb7d3cd0cdb5929a1ed7bd42e18d60a47a84808ee35dcc546b6560f78e2d657dffccc62ddbaccc3a3babf6c43406a7a6a03d030b7764853f31bc8ccf5225

data/lib/scanner/plugins/ssl/sweet32.rb CHANGED Viewed

@@ -21,6 +21,9 @@ module Yawast
               req.keep_alive_timeout = 600
               headers = Yawast::Shared::Http.get_headers
+              #we will use HEAD by default, but allow GET if we have issues with HEAD
+              use_head = true
               #force 3DES - this is to ensure that 3DES specific limits are caught
               req.ciphers = ['3DES']
@@ -32,7 +35,23 @@ module Yawast
                   begin
                     req.start do |http|
-                      head = http.head(uri.path, headers)
+                      head = nil
+                      begin
+                        if use_head
+                          head = http.head(uri.path, headers)
+                        else
+                          head = http.request_get(uri.path, headers)
+                        end
+                      rescue
+                        #check if we are using HEAD or GET. If we've already switched to GET, no need to do this again.
+                        if use_head
+                          head = http.request_get(uri.path, headers)
+                          #if we are here, that means that HEAD failed, but GET didn't, so we'll use GET from now on.
+                          use_head = false
+                        end
+                      end
                       #check to see if this is on Cloudflare - they break Keep-Alive limits, creating a false positive
                       head.each do |k, v|
@@ -57,7 +76,11 @@ module Yawast
                 #cache the number of hits
                 hits = http.instance_variable_get(:@ssl_context).session_cache_stats[:cache_hits]
                 10000.times do |i|
-                  http.head(uri.path, headers)
+                  if use_head
+                    http.head(uri.path, headers)
+                  else
+                    http.request_get(uri.path, headers)
+                  end
                   # hack to detect transparent disconnects
                   if http.instance_variable_get(:@ssl_context).session_cache_stats[:cache_hits] != hits

data/lib/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Yawast
-  VERSION = '0.5.0.beta7'
+  VERSION = '0.5.0.beta8'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: yawast
 version: !ruby/object:Gem::Version
-  version: 0.5.0.beta7
+  version: 0.5.0.beta8
 platform: ruby
 authors:
 - Adam Caudill