RubyGems - yawast - Versions diffs - 0.6.0.beta4 → 0.6.0.beta5 - Mend

yawast 0.6.0.beta4 → 0.6.0.beta5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

checksums.yaml +4 -4
data/.travis.yml +3 -2
data/CHANGELOG.md +1 -0
data/README.md +2 -1
data/lib/resources/common_file.txt +214 -29
data/lib/scanner/core.rb +3 -3
data/lib/scanner/plugins/dns/generic.rb +48 -40
data/lib/scanner/plugins/servers/apache.rb +22 -0
data/lib/scanner/plugins/ssl/ssl.rb +55 -0
data/lib/scanner/plugins/ssl/ssl_labs/analyze.rb +38 -3
data/lib/scanner/plugins/ssl/sweet32.rb +7 -13
data/lib/scanner/ssl.rb +5 -41
data/lib/scanner/ssl_labs.rb +93 -37
data/lib/shared/http.rb +16 -0
data/lib/version.rb +1 -1
data/lib/yawast.rb +2 -2
data/test/data/hsts_disabled_server_header.txt +16 -0
data/test/data/hsts_server_header.txt +17 -0
data/test/data/ssl_labs_analyze_data_file_zetlab_com.json +3851 -0
data/test/data/ssl_labs_analyze_data_parivahan_gov_in.json +1440 -0
data/test/test_scan_apache.rb +50 -0
data/test/test_scan_dns.rb +23 -0
data/test/test_ssl.rb +43 -0
data/test/test_ssl_labs_analyze.rb +29 -0
data/test/test_ssl_sweet32.rb +29 -0
data/test/test_yawast.rb +2 -1
metadata +19 -2

data/test/test_scan_apache.rb ADDED Viewed

@@ -0,0 +1,50 @@
+require File.dirname(__FILE__) + '/../lib/yawast'
+require File.dirname(__FILE__) + '/base'
+class TestScannerApache < Minitest::Test
+  include TestBase
+  def test_check_tomcat_put_rce
+    override_stdout
+    port = rand(60000) + 1024 # pick a random port number
+    server = start_web_server File.dirname(__FILE__) + '/data/apache_server_info.txt', '', port
+    uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
+    error = nil
+    begin
+      Yawast::Scanner::Plugins::Servers::Apache.check_tomcat_put_rce uri
+    rescue => e
+      error = e.message
+    end
+    assert !stdout_value.include?('[V]'), "Unexpected finding: #{stdout_value}"
+    assert error == nil, "Unexpected error: #{error}"
+    restore_stdout
+    server.exit
+  end
+  def test_check_struts2_samples
+    override_stdout
+    port = rand(60000) + 1024 # pick a random port number
+    server = start_web_server File.dirname(__FILE__) + '/data/apache_server_info.txt', '', port
+    uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
+    error = nil
+    begin
+      Yawast::Scanner::Plugins::Servers::Apache.check_struts2_samples uri
+    rescue => e
+      error = e.message
+    end
+    assert !stdout_value.include?('[W]'), "Unexpected finding: #{stdout_value}"
+    assert error == nil, "Unexpected error: #{error}"
+    restore_stdout
+    server.exit
+  end
+end

data/test/test_scan_dns.rb ADDED Viewed

@@ -0,0 +1,23 @@
+require File.dirname(__FILE__) + '/../lib/yawast'
+require File.dirname(__FILE__) + '/base'
+class TestScannerDns < Minitest::Test
+  include TestBase
+  def test_dns_caa
+    override_stdout
+    uri = URI::Parser.new.parse 'https://www.adamcaudill.com/'
+    Yawast::Scanner::Plugins::DNS::CAA.caa_info uri
+    assert stdout_value.include?('mailto:adam@adamcaudill.com'), "DNS CAA Record not found: #{stdout_value}"
+    restore_stdout
+  end
+  def test_get_network_info
+    ret = Yawast::Scanner::Plugins::DNS::Generic.get_network_info '127.0.0.1'
+    assert !ret.include?('Error'), "Unexpected error: #{ret}"
+  end
+end

data/test/test_ssl.rb ADDED Viewed

@@ -0,0 +1,43 @@
+require 'webrick'
+require File.dirname(__FILE__) + '/../lib/yawast'
+require File.dirname(__FILE__) + '/base'
+class TestSSLLabsAnalyze < Minitest::Test
+  include TestBase
+  def test_hsts_header
+    head = parse_headers_from_file File.dirname(__FILE__) + '/data/hsts_server_header.txt'
+    override_stdout
+    Yawast::Scanner::Plugins::SSL::SSL.check_hsts head
+    assert stdout_value.include?('HSTS: Enabled'), "HSTS enabled not found in #{stdout_value}"
+    restore_stdout
+  end
+  def test_no_hsts_header
+    head = parse_headers_from_file File.dirname(__FILE__) + '/data/hsts_disabled_server_header.txt'
+    override_stdout
+    Yawast::Scanner::Plugins::SSL::SSL.check_hsts head
+    assert stdout_value.include?('HSTS: Not Enabled'), "HSTS disabled not found in #{stdout_value}"
+    restore_stdout
+  end
+  def test_hsts_preload
+    uri = URI::Parser.new.parse 'https://adamcaudill.com/'
+    override_stdout
+    Yawast::Scanner::Plugins::SSL::SSL.check_hsts_preload uri
+    assert stdout_value.include?('HSTS Preload'), "HSTS Preload not found in #{stdout_value}"
+    restore_stdout
+  end
+end

data/test/test_ssl_labs_analyze.rb CHANGED Viewed

@@ -45,4 +45,33 @@ class TestSSLLabsAnalyze < Minitest::Test
     restore_stdout
   end
+  def test_process_data_parivahan
+    override_stdout
+    uri = URI.parse 'https://parivahan.gov.in/'
+    body = JSON.parse(File.read(File.dirname(__FILE__) + '/data/ssl_labs_analyze_data_parivahan_gov_in.json'))
+    Yawast::Scanner::SslLabs.process_results uri, body, false
+    assert stdout_value.include?('parivahan.gov.in'), "domain name not found in #{stdout_value}"
+    assert !stdout_value.include?('[E]'), "Error message found in #{stdout_value}"
+    restore_stdout
+  end
+  def test_process_data_file_zetlab
+    override_stdout
+    uri = URI.parse 'https://file.zetlab.com/'
+    body = JSON.parse(File.read(File.dirname(__FILE__) + '/data/ssl_labs_analyze_data_file_zetlab_com.json'))
+    Yawast::Scanner::SslLabs.process_results uri, body, false
+    assert stdout_value.include?('file.zetlab.com'), "domain name not found in #{stdout_value}"
+    assert stdout_value.include?('Certificate Issue: hostname mismatch'), "hostname mismatch not found in #{stdout_value}"
+    assert !stdout_value.include?('[E]'), "Error message found in #{stdout_value}"
+    restore_stdout
+  end
 end

data/test/test_ssl_sweet32.rb ADDED Viewed

@@ -0,0 +1,29 @@
+require File.dirname(__FILE__) + '/../lib/yawast'
+require File.dirname(__FILE__) + '/base'
+class TestSharedHttp < Minitest::Test
+  include TestBase
+  def test_check_tdes
+    override_stdout
+    res = Yawast::Scanner::Plugins::SSL::Sweet32.check_tdes
+    assert stdout_value.include?('OpenSSL supports 3DES'), "Header line not found in #{stdout_value}"
+    assert res, '3DES support check failed'
+    restore_stdout
+  end
+  def test_session_count
+    override_stdout
+    uri = URI::Parser.new.parse 'https://3des.badssl.com/'
+    Yawast::Scanner::Plugins::SSL::Sweet32.get_tdes_session_msg_count uri, 1
+    assert stdout_value.include?('Connection not terminated after'), "SWEET32 warning not found in #{stdout_value}"
+    restore_stdout
+  end
+end

data/test/test_yawast.rb CHANGED Viewed

@@ -9,7 +9,8 @@ class TestYawast < Minitest::Test
     Yawast.header
     header = stdout_value
-    assert header.include?('Copyright'), 'Header not found'
+    assert header.include?('Copyright'), "Header not found in #{header}"
+    assert header.include?(Yawast::VERSION), "Version not found in #{header}"
     restore_stdout
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: yawast
 version: !ruby/object:Gem::Version
-  version: 0.6.0.beta4
+  version: 0.6.0.beta5
 platform: ruby
 authors:
 - Adam Caudill
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-10-21 00:00:00.000000000 Z
+date: 2017-10-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: commander
@@ -178,6 +178,7 @@ files:
 - lib/scanner/plugins/servers/iis.rb
 - lib/scanner/plugins/servers/nginx.rb
 - lib/scanner/plugins/servers/python.rb
+- lib/scanner/plugins/ssl/ssl.rb
 - lib/scanner/plugins/ssl/ssl_labs/analyze.rb
 - lib/scanner/plugins/ssl/ssl_labs/info.rb
 - lib/scanner/plugins/ssl/sweet32.rb
@@ -195,8 +196,12 @@ files:
 - test/data/apache_server_status.txt
 - test/data/cms_none_body.txt
 - test/data/cms_wordpress_body.txt
+- test/data/hsts_disabled_server_header.txt
+- test/data/hsts_server_header.txt
 - test/data/iis_server_header.txt
 - test/data/ssl_labs_analyze_data.json
+- test/data/ssl_labs_analyze_data_file_zetlab_com.json
+- test/data/ssl_labs_analyze_data_parivahan_gov_in.json
 - test/data/ssl_labs_analyze_start.json
 - test/data/ssl_labs_info.json
 - test/data/tomcat_release_notes.txt
@@ -206,16 +211,20 @@ files:
 - test/test_helper.rb
 - test/test_internalssl.rb
 - test/test_object_presence.rb
+- test/test_scan_apache.rb
 - test/test_scan_apache_banner.rb
 - test/test_scan_apache_server_info.rb
 - test/test_scan_apache_server_status.rb
 - test/test_scan_cms.rb
+- test/test_scan_dns.rb
 - test/test_scan_iis_headers.rb
 - test/test_scan_nginx_banner.rb
 - test/test_shared_http.rb
 - test/test_shared_util.rb
+- test/test_ssl.rb
 - test/test_ssl_labs_analyze.rb
 - test/test_ssl_labs_info.rb
+- test/test_ssl_sweet32.rb
 - test/test_string_ext.rb
 - test/test_yawast.rb
 - yawast.gemspec
@@ -249,8 +258,12 @@ test_files:
 - test/data/apache_server_status.txt
 - test/data/cms_none_body.txt
 - test/data/cms_wordpress_body.txt
+- test/data/hsts_disabled_server_header.txt
+- test/data/hsts_server_header.txt
 - test/data/iis_server_header.txt
 - test/data/ssl_labs_analyze_data.json
+- test/data/ssl_labs_analyze_data_file_zetlab_com.json
+- test/data/ssl_labs_analyze_data_parivahan_gov_in.json
 - test/data/ssl_labs_analyze_start.json
 - test/data/ssl_labs_info.json
 - test/data/tomcat_release_notes.txt
@@ -260,15 +273,19 @@ test_files:
 - test/test_helper.rb
 - test/test_internalssl.rb
 - test/test_object_presence.rb
+- test/test_scan_apache.rb
 - test/test_scan_apache_banner.rb
 - test/test_scan_apache_server_info.rb
 - test/test_scan_apache_server_status.rb
 - test/test_scan_cms.rb
+- test/test_scan_dns.rb
 - test/test_scan_iis_headers.rb
 - test/test_scan_nginx_banner.rb
 - test/test_shared_http.rb
 - test/test_shared_util.rb
+- test/test_ssl.rb
 - test/test_ssl_labs_analyze.rb
 - test/test_ssl_labs_info.rb
+- test/test_ssl_sweet32.rb
 - test/test_string_ext.rb
 - test/test_yawast.rb