Class: SSLScan::Result

Inherits:
Object
  • Object
show all
Defined in:
lib/ssl_scan/result.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeResult

Returns a new instance of Result.



9
10
11
12
13
 
# File 'lib/ssl_scan/result.rb', line 9

def initialize()
  @cert = nil
  @ciphers = Set.new
  @supported_versions = [:SSLv2, :SSLv3, :TLSv1]
end

Instance Attribute Details

#ciphersObject (readonly)

Returns the value of attribute ciphers.



6
7
8
 
# File 'lib/ssl_scan/result.rb', line 6

def ciphers
  @ciphers
end

#openssl_sslv2Object

Returns the value of attribute openssl_sslv2.



4
5
6
 
# File 'lib/ssl_scan/result.rb', line 4

def openssl_sslv2
  @openssl_sslv2
end

#supported_versionsObject (readonly)

Returns the value of attribute supported_versions.



7
8
9
 
# File 'lib/ssl_scan/result.rb', line 7

def supported_versions
  @supported_versions
end

Instance Method Details

#accepted(version = :all) ⇒ Array

Returns all accepted ciphers matching the supplied version

Parameters:

  • version (Symbol, Array) (defaults to: :all)

    The SSL Version to filter on

Returns:

  • (Array)

    An array of accepted cipher details matching the supplied versions

Raises:



50
51
52
 
# File 'lib/ssl_scan/result.rb', line 50

def accepted(version = :all)
  enum_ciphers(:accepted, version)
end

#add_cipher(version, cipher, key_length, status) ⇒ Object

Adds the details of a cipher test to the Result object.

Parameters:

  • version (Symbol)

    the SSL Version

  • cipher (String)

    the SSL cipher

  • key_length (Fixnum)

    the length of encryption key

  • status (Symbol)

    :accepted or :rejected



107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
 
# File 'lib/ssl_scan/result.rb', line 107

def add_cipher(version, cipher, key_length, status)
  unless @supported_versions.include? version
    raise ArgumentError, "Must be a supported SSL Version"
  end
  unless OpenSSL::SSL::SSLContext.new(version).ciphers.flatten.include? cipher
    raise ArgumentError, "Must be a valid SSL Cipher for #{version}!"
  end
  unless key_length.kind_of? Fixnum
    raise ArgumentError, "Must supply a valid key length"
  end
  unless [:accepted, :rejected].include? status
    raise ArgumentError, "Status must be either :accepted or :rejected"
  end

  strong_cipher_ctx = OpenSSL::SSL::SSLContext.new(version)
  # OpenSSL Directive For Strong Ciphers
  # See: http://www.rapid7.com/vulndb/lookup/ssl-weak-ciphers
  strong_cipher_ctx.ciphers = "ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM"

  if strong_cipher_ctx.ciphers.flatten.include? cipher
    weak = false
  else
    weak = true
  end

  cipher_details = {:version => version, :cipher => cipher, :key_length => key_length, :weak => weak, :status => status}
  @ciphers << cipher_details
end

#certObject 



15
16
17
 
# File 'lib/ssl_scan/result.rb', line 15

def cert
  @cert
end

#cert=(input) ⇒ Object 



19
20
21
22
23
24
 
# File 'lib/ssl_scan/result.rb', line 19

def cert=(input)
  unless input.kind_of? OpenSSL::X509::Certificate or input.nil?
    raise ArgumentError, "Must be an X509 Cert!"
  end
  @cert = input
end

#each_accepted(version = :all) ⇒ Object 



62
63
64
65
66
 
# File 'lib/ssl_scan/result.rb', line 62

def each_accepted(version = :all)
  accepted(version).each do |cipher_result|
    yield cipher_result
  end
end

#each_rejected(version = :all) ⇒ Object 



68
69
70
71
72
 
# File 'lib/ssl_scan/result.rb', line 68

def each_rejected(version = :all)
  rejected(version).each do |cipher_result|
    yield cipher_result
  end
end

#rejected(version = :all) ⇒ Array

Returns all rejected ciphers matching the supplied version

Parameters:

  • version (Symbol, Array) (defaults to: :all)

    The SSL Version to filter on

Returns:

  • (Array)

    An array of rejected cipher details matching the supplied versions

Raises:



58
59
60
 
# File 'lib/ssl_scan/result.rb', line 58

def rejected(version = :all)
  enum_ciphers(:rejected, version)
end

#sslv2Object 



26
27
28
 
# File 'lib/ssl_scan/result.rb', line 26

def sslv2
  @ciphers.reject{|cipher| cipher[:version] != :SSLv2 }
end

#sslv3Object 



30
31
32
 
# File 'lib/ssl_scan/result.rb', line 30

def sslv3
  @ciphers.reject{|cipher| cipher[:version] != :SSLv3 }
end

#standards_compliant?Boolean

Returns:

  • (Boolean) 


94
95
96
97
98
99
100
 
# File 'lib/ssl_scan/result.rb', line 94

def standards_compliant?
  if supports_ssl?
    return false if supports_sslv2?
    return false if supports_weak_ciphers?
  end
  true
end

#strong_ciphersObject 



42
43
44
 
# File 'lib/ssl_scan/result.rb', line 42

def strong_ciphers
  accepted.reject{|cipher| cipher[:weak] }
end

#supports_ssl?Boolean

Returns:

  • (Boolean) 


86
87
88
 
# File 'lib/ssl_scan/result.rb', line 86

def supports_ssl?
  supports_sslv2? or supports_sslv3? or supports_tlsv1?
end

#supports_sslv2?Boolean

Returns:

  • (Boolean) 


74
75
76
 
# File 'lib/ssl_scan/result.rb', line 74

def supports_sslv2?
  !(accepted(:SSLv2).empty?)
end

#supports_sslv3?Boolean

Returns:

  • (Boolean) 


78
79
80
 
# File 'lib/ssl_scan/result.rb', line 78

def supports_sslv3?
  !(accepted(:SSLv3).empty?)
end

#supports_tlsv1?Boolean

Returns:

  • (Boolean) 


82
83
84
 
# File 'lib/ssl_scan/result.rb', line 82

def supports_tlsv1?
  !(accepted(:TLSv1).empty?)
end

#supports_weak_ciphers?Boolean

Returns:

  • (Boolean) 


90
91
92
 
# File 'lib/ssl_scan/result.rb', line 90

def supports_weak_ciphers?
  !(weak_ciphers.empty?)
end

#tlsv1Object 



34
35
36
 
# File 'lib/ssl_scan/result.rb', line 34

def tlsv1
  @ciphers.reject{|cipher| cipher[:version] != :TLSv1 }
end

#weak_ciphersObject 



38
39
40
 
# File 'lib/ssl_scan/result.rb', line 38

def weak_ciphers
  accepted.reject{|cipher| cipher[:weak] == false }
end