Class: TLSmap::App::Extended

Inherits:

Object

• Object
• TLSmap::App::Extended

Defined in:

lib/tls_map/ciphersuiteinfo.rb

Overview

Partial wrapper around ciphersuite.info API to get extra info about a cipher

Documentation:

• https://ciphersuite.info/blog/2019/04/05/how-to-use-our-api/
• https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.0.md
• https://ciphersuite.info/api/
• https://github.com/hcrudolph/ciphersuite.info

Constant Summary

ROOT =

Root URL of Cipher Suite Info

'https://ciphersuite.info/'

API_ROOT =

Root URL of Cipher Suite Info API

"#{ROOT}api/"

VULN_DATA =

URL of the data file containig vulnerabilities information

'https://raw.githubusercontent.com/hcrudolph/ciphersuite.info/master/directory/fixtures/00_vulnerabilities.yaml'

TECH_DATA =

URL of the data file containig technologies information

'https://raw.githubusercontent.com/hcrudolph/ciphersuite.info/master/directory/fixtures/01_technologies.yaml'

DICO =

Hash mapping API key and display name for CLI

{
  'tls_version' => 'TLS Version(s)',
  'protocol_version' => 'Protocol',
  'kex_algorithm' => 'Key Exchange',
  'auth_algorithm' => 'Authentication',
  'enc_algorithm' => 'Encryption',
  'hash_algorithm' => 'Hash',
  'security' => 'Security',
  'url' => 'More info',
  'vulns' => 'Vulnerabilities'
}.freeze

VULN_SEVERITY =

Hash mapping the severity number used by the API and the severity text and color for the CLI

{
  0 => { title: 'Low', color: :yellow },
  1 => { title: 'Medium', color: 'orange' },
  2 => { title: 'High', color: :red }
}.freeze

Instance Method Summary

• #extend(iana_name) ⇒ Hash

  Retrieve advanced about a cipher on Cipher Suite Info API and enhanced it.

• #find_vuln(tech) ⇒ Array<Hash>

  Find vulnerabilities related to a technology.

• #initialize ⇒ Extended constructor

  Will automatically fetch source files and parse them.

• #translate_acronym(term) ⇒ String

  Translate cipher related acronyms.

Constructor Details

#initialize ⇒ Extended

Will automatically fetch source files and parse them.

# File 'lib/tls_map/ciphersuiteinfo.rb', line 49

def initialize
  @tech_file = Utils.tmpfile('tech', TECH_DATA)
  @vuln_file = Utils.tmpfile('vuln', VULN_DATA)
  @tech = parse_tech
  @vuln = parse_vuln
end

Instance Method Details

#extend(iana_name) ⇒ Hash

Retrieve advanced about a cipher on Cipher Suite Info API and enhanced it

Parameters:

• iana_name (String) —

  IANA cipher name

Returns:

• (Hash) —

  Hash containing advanced information. The keys are the same as DICO. All valeus are string except vulns which is an array of hashes containing two keys: :severity (integer) and :description (string). Each hash in vulns correspond to a vulnerability.

# File 'lib/tls_map/ciphersuiteinfo.rb', line 61

def extend(iana_name) # rubocop:disable Metrics/MethodLength
  obj = Net::HTTP.get(URI("#{API_ROOT}cs/#{iana_name}/"))
  out = JSON.parse(obj)[iana_name]
  out.store('vulns', [])
  %w[openssl_name gnutls_name hex_byte_1 hex_byte_2].each do |key|
    out.delete(key)
  end
  out.each_value do |v|
    out['vulns'].push(find_vuln(v)) if @tech.keys.include?(v)
  end
  out['vulns'].flatten!
  out['vulns'].uniq!
  out.store('url', "#{ROOT}cs/#{iana_name}/") # Add upstream URL
  out
end

#find_vuln(tech) ⇒ Array<Hash>

Find vulnerabilities related to a technology

Parameters:

• tech (String) —

  The technology acronym, eg. CBC

Returns:

• (Array<Hash>) —

  Array of vulnerabilities as described for #extend return value in the vulns key.

# File 'lib/tls_map/ciphersuiteinfo.rb', line 111

def find_vuln(tech)
  return @tech[tech][:vulnerabilities].map { |vuln| @vuln[vuln] } unless @tech[tech][:vulnerabilities].nil?

  nil
end

#translate_acronym(term) ⇒ String

Translate cipher related acronyms

Parameters:

• term (String) —

  Acronym, eg. DSS

Returns:

• (String) —

  The long name of the acronym, eg. Digital Signature Standard or nil if it's not found

# File 'lib/tls_map/ciphersuiteinfo.rb', line 102

def translate_acronym(term)
  return @tech[term][:long_name] unless @tech[term].nil?

  nil
end