Class: TLSmap::App::Extended

Inherits:

Object

• Object
• TLSmap::App::Extended

Defined in:

lib/tls_map/app/extended/ciphersuiteinfo.rb

Overview

Partial wrapper around ciphersuite.info API to get extra info about a cipher

Documentation:

• https://ciphersuite.info/blog/2019/04/05/how-to-use-our-api/
• https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.0.md
• https://ciphersuite.info/api/
• https://github.com/hcrudolph/ciphersuite.info

Direct Known Subclasses

CLI::Extended

Constant Summary

ROOT =

Root URL of Cipher Suite Info

'https://ciphersuite.info/'

API_ROOT =

Root URL of Cipher Suite Info API

"#{ROOT}api/".freeze

VULN_DATA =

URL of the data file containing vulnerabilities information

'https://raw.githubusercontent.com/hcrudolph/ciphersuite.info/master/directory/fixtures/00_vulnerabilities.yaml'

TECH_DATA =

URL of the data file containing technologies information

'https://raw.githubusercontent.com/hcrudolph/ciphersuite.info/master/directory/fixtures/01_technologies.yaml'

DICO =

Hash mapping API key and display name for CLI

{
  'tls_version' => 'TLS Version(s)',
  'protocol_version' => 'Protocol',
  'kex_algorithm' => 'Key Exchange',
  'auth_algorithm' => 'Authentication',
  'enc_algorithm' => 'Encryption',
  'hash_algorithm' => 'Hash',
  'security' => 'Security',
  'url' => 'More info',
  'vulns' => 'Vulnerabilities'
}.freeze

VULN_SEVERITY =

Hash mapping the severity number used by the API and the severity text and color for the CLI

{
  0 => { title: 'Low', color: :yellow },
  1 => { title: 'Medium', color: 'orange' },
  2 => { title: 'High', color: :red }
}.freeze

SECURITY_LEVEL =

Hash mapping the security level used by the API and color for the CLI

{
  'recommended' => { color: :green },
  'secure' => { color: :green },
  'weak' => { color: 'orange' },
  'insecure' => { color: :red }
}.freeze

Instance Attribute Summary

• #enhanced_data ⇒ Hash readonly

  Get the enhanced information of all cipher suites returned by #enhance_all.

Instance Method Summary

• #enhance_all ⇒ Object

  Enhance data from ciphersuite.info for all cipher suites and store it for batch usage.

• #extend(iana_name, caching = false) ⇒ Hash

  Retrieve advanced information about a cipher on Cipher Suite Info API and enhanced it.

• #find_vuln(tech) ⇒ Array<Hash>

  Find vulnerabilities related to a technology.

• #initialize ⇒ Extended constructor

  Will automatically fetch source files and parse them.

• #translate_acronym(term) ⇒ String

  Translate cipher related acronyms.

Constructor Details

#initialize ⇒ Extended

Will automatically fetch source files and parse them.

# File 'lib/tls_map/app/extended/ciphersuiteinfo.rb', line 60

def initialize
  @tech_file = Utils.tmpfile('tech', TECH_DATA)
  @vuln_file = Utils.tmpfile('vuln', VULN_DATA)
  @tech = parse_tech
  @vuln = parse_vuln
  @ciphersuite_all = nil
  @enhanced_data = nil
end

Instance Attribute Details

#enhanced_data ⇒ Hash (readonly)

Get the enhanced information of all cipher suites returned by #enhance_all.

Returns:

• (Hash) —

  Enhanced information of all cipher suites

# File 'lib/tls_map/app/extended/ciphersuiteinfo.rb', line 57

def enhanced_data
  @enhanced_data
end

Instance Method Details

#enhance_all ⇒ Object

Enhance data from ciphersuite.info for all cipher suites and store it for batch usage. The data will be available through #enhanced_data.

# File 'lib/tls_map/app/extended/ciphersuiteinfo.rb', line 79

def enhance_all
  fetch_ciphersuite
  out = {}
  @ciphersuite_all.each_key do |k|
    out.store(k, extend(k, true))
  end
  @enhanced_data = out
end

#extend(iana_name, caching = false) ⇒ Hash

Retrieve advanced information about a cipher on Cipher Suite Info API and enhanced it. Fetch only the requested cipher suite, small network footprint, ideal for low bandwidth or punctual use.

Parameters:

• iana_name (String) —

  IANA cipher name

• caching (Boolean) (defaults to: false) —

  if true will fetch info for all cipher suites the 1st time and used the cached value for further requests

Returns:

• (Hash) —

  Hash containing advanced information. The keys are the same as DICO. All values are string except vulns which is an array of hashes containing two keys: :severity (integer) and :description (string). Each hash in vulns correspond to a vulnerability.

# File 'lib/tls_map/app/extended/ciphersuiteinfo.rb', line 96

def extend(iana_name, caching = false) # rubocop:disable Metrics/MethodLength
  if caching
    fetch_ciphersuite
    out = @ciphersuite_all[iana_name]
  else
    obj = Net::HTTP.get(URI("#{API_ROOT}cs/#{iana_name}/"))
    out = JSON.parse(obj)[iana_name]
  end
  return {} if out.nil?

  out.store('vulns', [])
  %w[openssl_name gnutls_name hex_byte_1 hex_byte_2].each do |key|
    out.delete(key)
  end
  out.each_value do |v|
    out['vulns'].push(find_vuln(v)) if @tech.keys.include?(v)
  end
  out['vulns'].flatten!
  out['vulns'].uniq!
  out.store('url', "#{ROOT}cs/#{iana_name}/") # Add upstream URL
  out
end

#find_vuln(tech) ⇒ Array<Hash>

Find vulnerabilities related to a technology

Parameters:

• tech (String) —

  The technology acronym, eg. CBC

Returns:

• (Array<Hash>) —

  Array of vulnerabilities as described for #extend return value in the vulns key.

# File 'lib/tls_map/app/extended/ciphersuiteinfo.rb', line 153

def find_vuln(tech)
  return @tech[tech][:vulnerabilities].map { |vuln| @vuln[vuln] } unless @tech[tech][:vulnerabilities].nil?

  nil
end

#translate_acronym(term) ⇒ String

Translate cipher related acronyms

Parameters:

• term (String) —

  Acronym, eg. DSS

Returns:

• (String) —

  The long name of the acronym, eg. Digital Signature Standard or nil if it's not found

# File 'lib/tls_map/app/extended/ciphersuiteinfo.rb', line 144

def translate_acronym(term)
  return @tech[term][:long_name] unless @tech[term].nil?

  nil
end