2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-26 07:53:41 +01:00

Merge branch 'master' of github.com:jvehent/cipherscan

This commit is contained in:
Julien Vehent 2014-12-25 13:26:04 -05:00
commit 051f927fcd
2 changed files with 27 additions and 7 deletions

View File

@ -259,6 +259,11 @@ operators should now what level they want to match against, based on the
compatibility level they want to support. Again, refer to compatibility level they want to support. Again, refer to
https://wiki.mozilla.org/Security/Server_Side_TLS for more information. https://wiki.mozilla.org/Security/Server_Side_TLS for more information.
Note on Nagios mode:
cipherscan can take more than 10 seconds to complete. To alleviate any timeout
issues, you may want to run it outside of nagios, passing data through some
temporary file.
Contributors Contributors
------------ ------------

View File

@ -304,7 +304,8 @@ def evaluate_all(results):
return status return status
def process_results(data, level=None, do_json=False): def process_results(data, level=None, do_json=False, do_nagios=False):
exit_status = 0
results = dict() results = dict()
# initialize the failures struct # initialize the failures struct
global failures global failures
@ -353,6 +354,8 @@ def process_results(data, level=None, do_json=False):
print("\nThings that are bad:") print("\nThings that are bad:")
for failure in failures['fubar']: for failure in failures['fubar']:
print("* " + failure) print("* " + failure)
if do_nagios:
exit_status = 2
# print failures # print failures
if level != 'none': if level != 'none':
@ -360,13 +363,17 @@ def process_results(data, level=None, do_json=False):
print("\nChanges needed to match the " + level + " level:") print("\nChanges needed to match the " + level + " level:")
for failure in failures[level]: for failure in failures[level]:
print("* " + failure) print("* " + failure)
if do_nagios and exit_status < 2:
exit_status = 1
else: else:
for lvl in ['old', 'intermediate', 'modern']: for lvl in ['old', 'intermediate', 'modern']:
if len(failures[lvl]) > 0: if len(failures[lvl]) > 0:
print("\nChanges needed to match the " + lvl + " level:") print("\nChanges needed to match the " + lvl + " level:")
for failure in failures[lvl]: for failure in failures[lvl]:
print("* " + failure) print("* " + failure)
return True if do_nagios and exit_status < 2:
exit_status = 1
return exit_status
def build_ciphers_lists(opensslbin): def build_ciphers_lists(opensslbin):
global all_ciphers, old_ciphers, intermediate_ciphers, modern_ciphers, errors global all_ciphers, old_ciphers, intermediate_ciphers, modern_ciphers, errors
@ -445,8 +452,12 @@ def main():
help='output results in json format') help='output results in json format')
parser.add_argument('--ops', dest='operator', parser.add_argument('--ops', dest='operator',
help='optional name of the operator\'s team added into the JSON output (for database insertion)') help='optional name of the operator\'s team added into the JSON output (for database insertion)')
parser.add_argument('--nagios', dest='nagios', action='store_true',
help='use nagios-conformant exit codes')
args = parser.parse_args() args = parser.parse_args()
mypath = os.path.dirname(os.path.realpath(sys.argv[0]))
if args.debug: if args.debug:
logging.basicConfig(stream=sys.stderr, level=logging.DEBUG) logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
else: else:
@ -464,18 +475,22 @@ def main():
logging.debug('Invoking cipherscan with target: ' + args.target) logging.debug('Invoking cipherscan with target: ' + args.target)
data='' data=''
if args.openssl: if args.openssl:
data = subprocess.check_output(['./cipherscan', '-o', args.openssl, '-j', args.target]) data = subprocess.check_output([mypath + '/cipherscan', '-o', args.openssl, '-j', args.target])
else: else:
data = subprocess.check_output(['./cipherscan', '-j', args.target]) data = subprocess.check_output([mypath + '/cipherscan', '-j', args.target])
process_results(data, args.level, args.json) exit_status=process_results(data, args.level, args.json, args.nagios)
else: else:
if os.fstat(args.infile.fileno()).st_size < 2: if os.fstat(args.infile.fileno()).st_size < 2:
logging.error("invalid input file") logging.error("invalid input file")
parser.print_help() parser.print_help()
if args.nagios:
sys.exit(3)
else:
sys.exit(1) sys.exit(1)
data = args.infile.readline() data = args.infile.readline()
logging.debug('Evaluating results from stdin: ' + data) logging.debug('Evaluating results from stdin: ' + data)
process_results(data, args.level, args.json) exit_status=process_results(data, args.level, args.json, args.nagios)
sys.exit(exit_status)
if __name__ == "__main__": if __name__ == "__main__":
main() main()