update SSL Labs scanner with new API, be robust

busterb · busterb · commit 04d305feb38a · 2018-01-22T16:32:16.000-06:00
This updates the SSL Labs scanner to know about new additions to the API, and prevents the module from breaking again just because there is new JSON in the output. I couldn't figure out how to get the Api class to print messages normally, and there is some other output that needs to be added. But the module does work again.
diff --git a/modules/auxiliary/gather/ssllabs_scan.rb b/modules/auxiliary/gather/ssllabs_scan.rb
@@ -65,20 +65,34 @@ def request(name, params = {})
       end
     end
 
+    def report_unused_attrs(type, unused_attrs)
+      unused_attrs.each do | attr |
+        # $stderr.puts "#{type} request returned unknown parameter #{attr}"
+      end
+    end
+
     def info
-      Info.load request(:info)
+      obj, unused_attrs = Info.load request(:info)
+      report_unused_attrs('info', unused_attrs)
+      obj
     end
 
     def analyse(params = {})
-      Host.load request(:analyze, params)
+      obj, unused_attrs = Host.load request(:analyze, params)
+      report_unused_attrs('analyze', unused_attrs)
+      obj
     end
 
     def get_endpoint_data(params = {})
-      Endpoint.load request(:get_endpoint_data, params)
+      obj, unused_attrs = Endpoint.load request(:get_endpoint_data, params)
+      report_unused_attrs('get_endpoint_data', unused_attrs)
+      obj
     end
 
     def get_status_codes
-      StatusCodes.load request(:get_status_codes)
+      obj, unused_attrs = StatusCodes.load request(:get_status_codes)
+      report_unused_attrs('get_status_codes', unused_attrs)
+      obj
     end
   end
 
@@ -142,18 +156,30 @@ def self.has_object_ref(name, klass)
 
     def self.load(attributes = {})
       obj = self.new
+      unused_attrs = []
       attributes.each do |name, value|
         if @fields.include?(name)
           obj.instance_variable_set("@#{name}", value)
         elsif @lists.key?(name)
-          obj.instance_variable_set("@#{name}", value.map { |v| @lists[name].load(v) }) unless value.nil?
+          unless value.nil?
+            var = value.map do |v|
+              val, ua = @lists[name].load(v)
+              unused_attrs.concat ua
+              val
+            end
+            obj.instance_variable_set("@#{name}", var)
+          end
         elsif @refs.key?(name)
-          obj.instance_variable_set("@#{name}", @refs[name].load(value)) unless value.nil?
+          unless value.nil?
+            val, ua = @refs[name].load(value)
+            unused_attrs.concat ua
+            obj.instance_variable_set("@#{name}", val)
+          end
         else
-          fail ArgumentError, "#{name} is not an attribute of object #{self.name}"
+          unused_attrs << name
         end
       end
-      obj
+      return obj, unused_attrs
     end
 
     def to_json(opts = {})
@@ -184,7 +210,10 @@ class Cert < ApiObject
                :sgc?,
                :validationType,
                :issues,
-               :sct?
+               :sct?,
+               :mustStaple,
+               :sha1Hash,
+               :pinSha256
 
     def valid?
       issues == 0
@@ -210,7 +239,9 @@ class ChainCert < ApiObject
                :revocationStatus,
                :crlRevocationStatus,
                :ocspRevocationStatus,
-               :raw
+               :raw,
+               :sha1Hash,
+               :pinSha256
 
     def valid?
       issues == 0
@@ -273,7 +304,8 @@ class Info < ApiObject
                :clientMaxAssessments,
                :maxAssessments,
                :currentAssessments,
-               :messages
+               :messages,
+               :newAssessmentCoolOff
   end
 
   class SimClient < ApiObject
@@ -289,7 +321,8 @@ class Simulation < ApiObject
     has_fields :errorCode,
                :attempts,
                :protocolId,
-               :suiteId
+               :suiteId,
+               :kxInfo
 
     def success?
       error_code == 0
@@ -376,7 +409,23 @@ class EndpointDetails < ApiObject
                :poodleTls,
                :fallbackScsv?,
                :freak?,
-               :hasSct
+               :hasSct,
+               :stsStatus,
+               :stsPreload,
+               :supportsAlpn,
+               :rc4Only,
+               :protocolIntolerance,
+               :miscIntolerance,
+               :openSSLLuckyMinus20,
+               :logjam,
+               :chaCha20Preference,
+               :hstsPolicy,
+               :hstsPreloads,
+               :hpkpPolicy,
+               :hpkpRoPolicy,
+               :drownHosts,
+               :drownErrors,
+               :drownVulnerable
   end
 
   class Endpoint < ApiObject
@@ -688,7 +737,7 @@ def output_common_info(r)
     print_status "Host: #{r.host}"
 
     r.endpoints.each do |e|
-      print_status "\t  #{e.ip_address}\n"
+      print_status "\t  #{e.ip_address}"
     end
   end
 
@@ -799,8 +848,6 @@ def run
       r = api.analyse(host: hostname, all: 'done')
     end
 
-    rescue
-      print_error "Invalid parameters"
     rescue RequestRateTooHigh
       print_error "Request rate is too high, please slow down"
     rescue InternalError
@@ -809,5 +856,7 @@ def run
       print_error "Service is not available, sleep 15 minutes"
     rescue ServiceOverloaded
       print_error "Service is overloaded, sleep 30 minutes"
+    rescue
+      print_error "Invalid parameters"
   end
 end
