From a53a91695e7983f625816de77789621567d110e9 Mon Sep 17 00:00:00 2001 From: Hubert Kario Date: Sat, 30 May 2015 15:46:26 +0200 Subject: [PATCH 1/2] make scripts python 3 compatible --- analyze.py | 25 ++++++++++++++++--------- top1m/parse_CAs.py | 16 ++++++++-------- top1m/parse_results.py | 2 +- 3 files changed, 25 insertions(+), 18 deletions(-) diff --git a/analyze.py b/analyze.py index 9acbc60..2cd9578 100755 --- a/analyze.py +++ b/analyze.py @@ -5,6 +5,8 @@ # # Contributor: Julien Vehent jvehent@mozilla.com [:ulfr] +from __future__ import print_function + import sys, os, json, subprocess, logging, argparse, platform from collections import namedtuple from datetime import datetime @@ -319,8 +321,8 @@ def process_results(data, level=None, do_json=False, do_nagios=False): level='none' try: results = json.loads(data) - except ValueError, e: - print("invalid json data") + except ValueError as e: + print("invalid json data: " + str(e)) try: if results: if do_json: @@ -342,12 +344,13 @@ def process_results(data, level=None, do_json=False, do_nagios=False): print("and complies with the '" + level + "' level") else: print("and DOES NOT comply with the '" + level + "' level") - except TypeError, e: + except TypeError as e: + print("Error processing data: " + str(e)) return False if do_json: json_output['failures'] = deepcopy(failures) - print json.dumps(json_output) + print(json.dumps(json_output)) return True if len(failures['fubar']) > 0: @@ -419,16 +422,20 @@ def build_ciphers_lists(opensslbin): logging.debug('Loading all ciphers: ' + allC) all_ciphers = subprocess.Popen([opensslbin, 'ciphers', allC], - stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip().split(':') + stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip() + all_ciphers = str(all_ciphers).split(":") logging.debug('Loading old ciphers: ' + oldC) old_ciphers = subprocess.Popen([opensslbin, 'ciphers', oldC], - stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip().split(':') + stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip() + old_ciphers = str(old_ciphers).split(':') logging.debug('Loading intermediate ciphers: ' + intC) intermediate_ciphers = subprocess.Popen([opensslbin, 'ciphers', intC], - stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip().split(':') + stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip() + intermediate_ciphers = str(intermediate_ciphers).split(':') logging.debug('Loading modern ciphers: ' + modernC) modern_ciphers = subprocess.Popen([opensslbin, 'ciphers', modernC], - stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip().split(':') + stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip() + modern_ciphers = str(modern_ciphers).split(':') blackhole.close() def main(): @@ -481,7 +488,7 @@ def main(): data = subprocess.check_output([mypath + '/cipherscan', '-o', args.openssl, '-j', args.target]) else: data = subprocess.check_output([mypath + '/cipherscan', '-j', args.target]) - exit_status=process_results(data, args.level, args.json, args.nagios) + exit_status=process_results(str(data), args.level, args.json, args.nagios) else: if os.fstat(args.infile.fileno()).st_size < 2: logging.error("invalid input file") diff --git a/top1m/parse_CAs.py b/top1m/parse_CAs.py index f3db0bf..9c3f1a6 100644 --- a/top1m/parse_CAs.py +++ b/top1m/parse_CAs.py @@ -5,7 +5,7 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. # Author: Hubert Kario - 2014 -from __future__ import division +from __future__ import division, print_function path = "./results/" ca_certs_path = "./ca_files" @@ -61,7 +61,7 @@ def get_path_for_hash(cert_hash): if not os.path.exists(f_name): f_name = ca_certs_path + '/' + cert_hash + '.pem' if not os.path.exists(f_name): - #print "File with hash " + c_hash + " is missing!" + #print("File with hash " + c_hash + " is missing!") return None return f_name @@ -201,7 +201,7 @@ with open("parsed") as res_file: try: res = json.loads(line) except ValueError as e: - print "can't process line: " + line + print("can't process line: " + line) continue f=res @@ -248,13 +248,13 @@ with open("parsed") as res_file: if server_chain_trusted: if server_chain_complete: chains["complete"] += 1 - print "complete: " + f['host'] + print("complete: " + f['host']) else: chains["incomplete"] += 1 - print "incomplete: " + f['host'] + print("incomplete: " + f['host']) else: chains["untrusted"] += 1 - print "untrusted: " + f['host'] + print("untrusted: " + f['host']) if valid: hosts += 1 @@ -276,9 +276,9 @@ with open("parsed") as res_file: continue """ Display stats """ -#print "openssl invocations: " + str(invocations["openssl"]) +#print("openssl invocations: " + str(invocations["openssl"])) -print "Statistics from " + str(total) + " chains provided by " + str(hosts) + " hosts" +print("Statistics from " + str(total) + " chains provided by " + str(hosts) + " hosts") print("\nServer provided chains Count Percent") print("-------------------------+---------+-------") diff --git a/top1m/parse_results.py b/top1m/parse_results.py index 6c5326a..091eec7 100644 --- a/top1m/parse_results.py +++ b/top1m/parse_results.py @@ -6,7 +6,7 @@ # Author: Julien Vehent [:ulfr] - 2013 # Contributors: Hubert Kario - 2014 -from __future__ import division +from __future__ import division, print_function path = "./results/" From 86bc8e8574a21686bf7fed5c8131da013fc81a5d Mon Sep 17 00:00:00 2001 From: Hubert Kario Date: Sat, 30 May 2015 19:48:56 +0200 Subject: [PATCH 2/2] fix is_fubar key size check --- analyze.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/analyze.py b/analyze.py index 2cd9578..8e02546 100755 --- a/analyze.py +++ b/analyze.py @@ -53,7 +53,7 @@ def is_fubar(results): has_ssl2 = True logging.debug('SSLv2 is in the list of fubar protocols') fubar = True - if conn['pubkey'] < 2048: + if int(conn['pubkey'][0]) < 2048: has_wrong_pubkey = True logging.debug(conn['pubkey'] + ' is a fubar pubkey size') fubar = True