yawast 0.6.0.beta4 → 0.6.0.beta5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,50 @@
1
+ require File.dirname(__FILE__) + '/../lib/yawast'
2
+ require File.dirname(__FILE__) + '/base'
3
+
4
+ class TestScannerApache < Minitest::Test
5
+ include TestBase
6
+
7
+ def test_check_tomcat_put_rce
8
+ override_stdout
9
+
10
+ port = rand(60000) + 1024 # pick a random port number
11
+ server = start_web_server File.dirname(__FILE__) + '/data/apache_server_info.txt', '', port
12
+ uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
13
+
14
+ error = nil
15
+ begin
16
+ Yawast::Scanner::Plugins::Servers::Apache.check_tomcat_put_rce uri
17
+ rescue => e
18
+ error = e.message
19
+ end
20
+
21
+ assert !stdout_value.include?('[V]'), "Unexpected finding: #{stdout_value}"
22
+ assert error == nil, "Unexpected error: #{error}"
23
+
24
+ restore_stdout
25
+
26
+ server.exit
27
+ end
28
+
29
+ def test_check_struts2_samples
30
+ override_stdout
31
+
32
+ port = rand(60000) + 1024 # pick a random port number
33
+ server = start_web_server File.dirname(__FILE__) + '/data/apache_server_info.txt', '', port
34
+ uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
35
+
36
+ error = nil
37
+ begin
38
+ Yawast::Scanner::Plugins::Servers::Apache.check_struts2_samples uri
39
+ rescue => e
40
+ error = e.message
41
+ end
42
+
43
+ assert !stdout_value.include?('[W]'), "Unexpected finding: #{stdout_value}"
44
+ assert error == nil, "Unexpected error: #{error}"
45
+
46
+ restore_stdout
47
+
48
+ server.exit
49
+ end
50
+ end
@@ -0,0 +1,23 @@
1
+ require File.dirname(__FILE__) + '/../lib/yawast'
2
+ require File.dirname(__FILE__) + '/base'
3
+
4
+ class TestScannerDns < Minitest::Test
5
+ include TestBase
6
+
7
+ def test_dns_caa
8
+ override_stdout
9
+
10
+ uri = URI::Parser.new.parse 'https://www.adamcaudill.com/'
11
+ Yawast::Scanner::Plugins::DNS::CAA.caa_info uri
12
+
13
+ assert stdout_value.include?('mailto:adam@adamcaudill.com'), "DNS CAA Record not found: #{stdout_value}"
14
+
15
+ restore_stdout
16
+ end
17
+
18
+ def test_get_network_info
19
+ ret = Yawast::Scanner::Plugins::DNS::Generic.get_network_info '127.0.0.1'
20
+
21
+ assert !ret.include?('Error'), "Unexpected error: #{ret}"
22
+ end
23
+ end
data/test/test_ssl.rb ADDED
@@ -0,0 +1,43 @@
1
+ require 'webrick'
2
+ require File.dirname(__FILE__) + '/../lib/yawast'
3
+ require File.dirname(__FILE__) + '/base'
4
+
5
+ class TestSSLLabsAnalyze < Minitest::Test
6
+ include TestBase
7
+
8
+ def test_hsts_header
9
+ head = parse_headers_from_file File.dirname(__FILE__) + '/data/hsts_server_header.txt'
10
+
11
+ override_stdout
12
+
13
+ Yawast::Scanner::Plugins::SSL::SSL.check_hsts head
14
+
15
+ assert stdout_value.include?('HSTS: Enabled'), "HSTS enabled not found in #{stdout_value}"
16
+
17
+ restore_stdout
18
+ end
19
+
20
+ def test_no_hsts_header
21
+ head = parse_headers_from_file File.dirname(__FILE__) + '/data/hsts_disabled_server_header.txt'
22
+
23
+ override_stdout
24
+
25
+ Yawast::Scanner::Plugins::SSL::SSL.check_hsts head
26
+
27
+ assert stdout_value.include?('HSTS: Not Enabled'), "HSTS disabled not found in #{stdout_value}"
28
+
29
+ restore_stdout
30
+ end
31
+
32
+ def test_hsts_preload
33
+ uri = URI::Parser.new.parse 'https://adamcaudill.com/'
34
+
35
+ override_stdout
36
+
37
+ Yawast::Scanner::Plugins::SSL::SSL.check_hsts_preload uri
38
+
39
+ assert stdout_value.include?('HSTS Preload'), "HSTS Preload not found in #{stdout_value}"
40
+
41
+ restore_stdout
42
+ end
43
+ end
@@ -45,4 +45,33 @@ class TestSSLLabsAnalyze < Minitest::Test
45
45
 
46
46
  restore_stdout
47
47
  end
48
+
49
+ def test_process_data_parivahan
50
+ override_stdout
51
+
52
+ uri = URI.parse 'https://parivahan.gov.in/'
53
+ body = JSON.parse(File.read(File.dirname(__FILE__) + '/data/ssl_labs_analyze_data_parivahan_gov_in.json'))
54
+
55
+ Yawast::Scanner::SslLabs.process_results uri, body, false
56
+
57
+ assert stdout_value.include?('parivahan.gov.in'), "domain name not found in #{stdout_value}"
58
+ assert !stdout_value.include?('[E]'), "Error message found in #{stdout_value}"
59
+
60
+ restore_stdout
61
+ end
62
+
63
+ def test_process_data_file_zetlab
64
+ override_stdout
65
+
66
+ uri = URI.parse 'https://file.zetlab.com/'
67
+ body = JSON.parse(File.read(File.dirname(__FILE__) + '/data/ssl_labs_analyze_data_file_zetlab_com.json'))
68
+
69
+ Yawast::Scanner::SslLabs.process_results uri, body, false
70
+
71
+ assert stdout_value.include?('file.zetlab.com'), "domain name not found in #{stdout_value}"
72
+ assert stdout_value.include?('Certificate Issue: hostname mismatch'), "hostname mismatch not found in #{stdout_value}"
73
+ assert !stdout_value.include?('[E]'), "Error message found in #{stdout_value}"
74
+
75
+ restore_stdout
76
+ end
48
77
  end
@@ -0,0 +1,29 @@
1
+ require File.dirname(__FILE__) + '/../lib/yawast'
2
+ require File.dirname(__FILE__) + '/base'
3
+
4
+ class TestSharedHttp < Minitest::Test
5
+ include TestBase
6
+
7
+ def test_check_tdes
8
+ override_stdout
9
+
10
+ res = Yawast::Scanner::Plugins::SSL::Sweet32.check_tdes
11
+
12
+ assert stdout_value.include?('OpenSSL supports 3DES'), "Header line not found in #{stdout_value}"
13
+ assert res, '3DES support check failed'
14
+
15
+ restore_stdout
16
+ end
17
+
18
+ def test_session_count
19
+ override_stdout
20
+
21
+ uri = URI::Parser.new.parse 'https://3des.badssl.com/'
22
+ Yawast::Scanner::Plugins::SSL::Sweet32.get_tdes_session_msg_count uri, 1
23
+
24
+ assert stdout_value.include?('Connection not terminated after'), "SWEET32 warning not found in #{stdout_value}"
25
+
26
+ restore_stdout
27
+ end
28
+
29
+ end
data/test/test_yawast.rb CHANGED
@@ -9,7 +9,8 @@ class TestYawast < Minitest::Test
9
9
 
10
10
  Yawast.header
11
11
  header = stdout_value
12
- assert header.include?('Copyright'), 'Header not found'
12
+ assert header.include?('Copyright'), "Header not found in #{header}"
13
+ assert header.include?(Yawast::VERSION), "Version not found in #{header}"
13
14
 
14
15
  restore_stdout
15
16
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: yawast
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0.beta4
4
+ version: 0.6.0.beta5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Caudill
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-10-21 00:00:00.000000000 Z
11
+ date: 2017-10-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: commander
@@ -178,6 +178,7 @@ files:
178
178
  - lib/scanner/plugins/servers/iis.rb
179
179
  - lib/scanner/plugins/servers/nginx.rb
180
180
  - lib/scanner/plugins/servers/python.rb
181
+ - lib/scanner/plugins/ssl/ssl.rb
181
182
  - lib/scanner/plugins/ssl/ssl_labs/analyze.rb
182
183
  - lib/scanner/plugins/ssl/ssl_labs/info.rb
183
184
  - lib/scanner/plugins/ssl/sweet32.rb
@@ -195,8 +196,12 @@ files:
195
196
  - test/data/apache_server_status.txt
196
197
  - test/data/cms_none_body.txt
197
198
  - test/data/cms_wordpress_body.txt
199
+ - test/data/hsts_disabled_server_header.txt
200
+ - test/data/hsts_server_header.txt
198
201
  - test/data/iis_server_header.txt
199
202
  - test/data/ssl_labs_analyze_data.json
203
+ - test/data/ssl_labs_analyze_data_file_zetlab_com.json
204
+ - test/data/ssl_labs_analyze_data_parivahan_gov_in.json
200
205
  - test/data/ssl_labs_analyze_start.json
201
206
  - test/data/ssl_labs_info.json
202
207
  - test/data/tomcat_release_notes.txt
@@ -206,16 +211,20 @@ files:
206
211
  - test/test_helper.rb
207
212
  - test/test_internalssl.rb
208
213
  - test/test_object_presence.rb
214
+ - test/test_scan_apache.rb
209
215
  - test/test_scan_apache_banner.rb
210
216
  - test/test_scan_apache_server_info.rb
211
217
  - test/test_scan_apache_server_status.rb
212
218
  - test/test_scan_cms.rb
219
+ - test/test_scan_dns.rb
213
220
  - test/test_scan_iis_headers.rb
214
221
  - test/test_scan_nginx_banner.rb
215
222
  - test/test_shared_http.rb
216
223
  - test/test_shared_util.rb
224
+ - test/test_ssl.rb
217
225
  - test/test_ssl_labs_analyze.rb
218
226
  - test/test_ssl_labs_info.rb
227
+ - test/test_ssl_sweet32.rb
219
228
  - test/test_string_ext.rb
220
229
  - test/test_yawast.rb
221
230
  - yawast.gemspec
@@ -249,8 +258,12 @@ test_files:
249
258
  - test/data/apache_server_status.txt
250
259
  - test/data/cms_none_body.txt
251
260
  - test/data/cms_wordpress_body.txt
261
+ - test/data/hsts_disabled_server_header.txt
262
+ - test/data/hsts_server_header.txt
252
263
  - test/data/iis_server_header.txt
253
264
  - test/data/ssl_labs_analyze_data.json
265
+ - test/data/ssl_labs_analyze_data_file_zetlab_com.json
266
+ - test/data/ssl_labs_analyze_data_parivahan_gov_in.json
254
267
  - test/data/ssl_labs_analyze_start.json
255
268
  - test/data/ssl_labs_info.json
256
269
  - test/data/tomcat_release_notes.txt
@@ -260,15 +273,19 @@ test_files:
260
273
  - test/test_helper.rb
261
274
  - test/test_internalssl.rb
262
275
  - test/test_object_presence.rb
276
+ - test/test_scan_apache.rb
263
277
  - test/test_scan_apache_banner.rb
264
278
  - test/test_scan_apache_server_info.rb
265
279
  - test/test_scan_apache_server_status.rb
266
280
  - test/test_scan_cms.rb
281
+ - test/test_scan_dns.rb
267
282
  - test/test_scan_iis_headers.rb
268
283
  - test/test_scan_nginx_banner.rb
269
284
  - test/test_shared_http.rb
270
285
  - test/test_shared_util.rb
286
+ - test/test_ssl.rb
271
287
  - test/test_ssl_labs_analyze.rb
272
288
  - test/test_ssl_labs_info.rb
289
+ - test/test_ssl_sweet32.rb
273
290
  - test/test_string_ext.rb
274
291
  - test/test_yawast.rb