mod_ssl: more coverage

tests/attack/test_mod_ssl.py

@@ -21,7 +21,7 @@
 from wapitiCore.language.vulnerability import CRITICAL_LEVEL, HIGH_LEVEL, INFO_LEVEL, MEDIUM_LEVEL
 from wapitiCore.net.crawler import AsyncCrawler
 from wapitiCore.attack.mod_ssl import ModuleSsl, NAME, extract_altnames, match_address, check_ocsp_must_staple, \
-    check_ev_certificate
+    check_ev_certificate, process_vulnerabilities, process_bad_protocols
 
 
 def https_server(cert_directory: str):
@@ -124,24 +124,31 @@ def test_extract_alt_names():
 
 def test_match_address():
     assert match_address("sub.domain.com", "domain.com", ["*.domain.com", "yolo"])
+    assert match_address("sub.domain.com", "*.domain.com", ["yolo"])
+    assert not match_address("sub.domain.com", "google.com", ["*.truc.com"])
 
 
-def generate_cert():
+def generate_cert(include_organization_name: bool = True, include_ocsp_must_staple: bool = True):
     # Generate a private key
     private_key = rsa.generate_private_key(
         public_exponent=65537,
         key_size=2048,
         backend=default_backend()
     )
 
-    # Generate a certificate
-    subject = issuer = x509.Name([
+    # Build the subject name
+    subject_name = [
         x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u"US"),
         x509.NameAttribute(x509.NameOID.STATE_OR_PROVINCE_NAME, u"California"),
         x509.NameAttribute(x509.NameOID.LOCALITY_NAME, u"San Francisco"),
-        x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, u"My Company"),
         x509.NameAttribute(x509.NameOID.COMMON_NAME, u"mysite.com"),
-    ])
+    ]
+
+    if include_organization_name:
+        subject_name.append(x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, u"My Company"))
+
+    # Generate a certificate
+    subject = issuer = x509.Name(subject_name)
 
     cert_builder = x509.CertificateBuilder().subject_name(
         subject
@@ -160,10 +167,11 @@ def generate_cert():
         critical=False,
     )
 
-    cert_builder = cert_builder.add_extension(
-        x509.TLSFeature([x509.TLSFeatureType.status_request]),
-        critical=False
-    )
+    if include_ocsp_must_staple:
+        cert_builder = cert_builder.add_extension(
+            x509.TLSFeature([x509.TLSFeatureType.status_request]),
+            critical=False
+        )
 
     cert = cert_builder.sign(private_key, hashes.SHA256(), default_backend())
     return cert
@@ -190,10 +198,31 @@ async def test_certificate_transparency():
 
 
 def test_ocsp():
-    cert = generate_cert()
-    assert 1 == check_ocsp_must_staple(cert)
+    assert 0 == check_ocsp_must_staple(generate_cert(include_ocsp_must_staple=False))
+    assert 1 == check_ocsp_must_staple(generate_cert())
 
 
 def test_extended_validation():
-    cert = generate_cert()
-    assert 1 == check_ev_certificate(cert)
+    assert 0 == check_ev_certificate(generate_cert(include_organization_name=False))
+    assert 1 == check_ev_certificate(generate_cert())
+
+
+@pytest.mark.asyncio
+async def test_process_vulnerabilities():
+    base_dir = os.path.dirname(sys.modules["wapitiCore"].__file__)
+    xml_file = os.path.join(base_dir, "..", "tests/data/ssl/broken_ssl.xml")
+    results = [info async for info in process_vulnerabilities(xml_file)]
+    assert [
+        (4, 'Server is vulnerable to Heartbleed attack via TLSv1.0'),
+        (3, 'Server honors client-initiated renegotiations (vulnerable to DoS attacks)')
+    ] == results
+
+
+@pytest.mark.asyncio
+async def test_process_bad_protocols():
+    base_dir = os.path.dirname(sys.modules["wapitiCore"].__file__)
+    xml_file = os.path.join(base_dir, "..", "tests/data/ssl/broken_ssl.xml")
+    results = [info async for info in process_bad_protocols(xml_file)]
+    assert [
+       (4, 'The following protocols are deprecated and/or insecure and should be deactivated: SSLv2, TLSv1.0')
+    ] == results