def mixed_internal_anchor_detector(anchors, sec_url):
from fnmatch import translate as xlate
import re
ret = False
vul_url=sec_url.replace('https://','http://')
vul_url=vul_url+"*"
for link in anchors:
try:
foo = link['href']
except KeyError:
continue
if re.match(xlate(vul_url), foo, re.I|re.DOTALL):
#print "non-relative link: %s" % (foo)
return True
return ret
def calc_ssl_okay(data):
# tests for states and returns an intervalue based on how bad things are
# this might be better served in capitolhttpstester.py but here we are
# this is the scoring mechanism for the survey
import re
from fnmatch import translate as xlate
global entity_counter
grade = 100 # everyone fails hard
emoji = ''
# doodling while getting regex right
body_url = "http://www.%s.gov" % (data['body'])
body_url_r = xlate(body_url + '*')
https_url = data['url']
http_url = https_url.replace("https://", 'http://')
re_g = xlate(http_url + '*')
re_g = re_g.replace('www\.', '(www\.)?')
# best case
if ( data['hostname_match']
and data['http status'] == 200
and data['redirects'] == False
and data['mixed content'] == False
and data['non-rel links'] == False):
grade = 0
# valid cert non-rel http links
elif ( data['hostname_match']
and data['http status'] == 200
and data['redirects'] == False
and data['mixed content'] == False
and data['non-rel links'] == True):
grade = 1
# valid cert mixed content
elif ( data['hostname_match']
and data['http status'] == 200
and data['redirects'] == False
and data['mixed content'] == True):
# and data['non-rel links'] == False): # don't care if non-rel links
grade = 2
# valid cert enforced non-ssl redirect to member site
elif ( data['hostname_match']
and data['redirects'] == True
and re.match(re_g, data['redirect_url'], re.I|re.DOTALL)):
grade = 3
# invalid cert enforced non-ssl redirect to member site
elif ( data['hostname_match'] == False
and data['redirects'] == True
and re.match(re_g, data['redirect_url'], re.I|re.DOTALL)):
grade = 6
# valid cert hard fail to leg body website
elif ( data['hostname_match']
and data['redirects'] == True
and re.match(body_url_r, data['redirect_url'], re.I|re.DOTALL)):
grade = 7
# invalid cert but SSL ready
elif ( data['hostname_match'] == False
and data['http status'] == 200
and data['redirects'] == False
and data['mixed content'] == False
and data['non-rel links'] == False):
grade = 4
# invalid cert content fixable
elif ( data['hostname_match'] == False
and data['http status'] == 200
and data['redirects'] == False):
grade = 5
# invalid cert hard fail to leg body website
elif ( data['hostname_match'] == False
and data['redirects'] == True
and re.match(body_url_r, data['redirect_url'], re.I|re.DOTALL)):
grade = 8
# valid cert and 4XX or 5XX response
elif ( data['hostname_match']
and data['http status'] >= 400
and data['redirects'] == False):
grade = 9
# invalid cert and 4XX or 5XX response
elif ( data['hostname_match'] == False
and data['http status'] >= 400
and data['redirects'] == False):
grade = 10
# SSL FAIL
elif ( 'cipher' not in data ):
grade = 11
else:
grade = 12 # mark of the beast
counter.inc(grade)
return (grade)
def calc_ssl_okay(data):
# tests for states and returns an intervalue based on how bad things are
# this might be better served in capitolhttpstester.py but here we are
# this is the scoring mechanism for the survey
import re
from fnmatch import translate as xlate
global entity_counter
grade = 100 # everyone fails hard
emoji = ''
# doodling while getting regex right
body_url = "http://www.%s.gov" % (data['body'])
body_url_r = xlate(body_url + '*')
https_url = data['url']
http_url = https_url.replace("https://", 'http://')
re_g = xlate(http_url + '*')
re_g = re_g.replace('www\.', '(www\.)?')
# best case
if (data['hostname_match'] and data['http status'] == 200
and data['redirects'] == False and data['mixed content'] == False
and data['non-rel links'] == False):
grade = 0
# valid cert non-rel http links
elif (data['hostname_match'] and data['http status'] == 200
and data['redirects'] == False and data['mixed content'] == False
and data['non-rel links'] == True):
grade = 1
# valid cert mixed content
elif (data['hostname_match'] and data['http status'] == 200
and data['redirects'] == False and data['mixed content'] == True):
# and data['non-rel links'] == False): # don't care if non-rel links
grade = 2
# valid cert enforced non-ssl redirect to member site
elif (data['hostname_match'] and data['redirects'] == True
and re.match(re_g, data['redirect_url'], re.I | re.DOTALL)):
grade = 3
# invalid cert enforced non-ssl redirect to member site
elif (data['hostname_match'] == False and data['redirects'] == True
and re.match(re_g, data['redirect_url'], re.I | re.DOTALL)):
grade = 6
# valid cert hard fail to leg body website
elif (data['hostname_match'] and data['redirects'] == True
and re.match(body_url_r, data['redirect_url'], re.I | re.DOTALL)):
grade = 7
# invalid cert but SSL ready
elif (data['hostname_match'] == False and data['http status'] == 200
and data['redirects'] == False and data['mixed content'] == False
and data['non-rel links'] == False):
grade = 4
# invalid cert content fixable
elif (data['hostname_match'] == False and data['http status'] == 200
and data['redirects'] == False):
grade = 5
# invalid cert hard fail to leg body website
elif (data['hostname_match'] == False and data['redirects'] == True
and re.match(body_url_r, data['redirect_url'], re.I | re.DOTALL)):
grade = 8
# valid cert and 4XX or 5XX response
elif (data['hostname_match'] and data['http status'] >= 400
and data['redirects'] == False):
grade = 9
# invalid cert and 4XX or 5XX response
elif (data['hostname_match'] == False and data['http status'] >= 400
and data['redirects'] == False):
grade = 10
# SSL FAIL
elif ('cipher' not in data):
grade = 11
else:
grade = 12 # mark of the beast
counter.inc(grade)
return (grade)
def regex_from_list(names):
# this turns a list of potential globs into a thing that re will work with
from fnmatch import translate as xlate
return "|".join( [xlate(x) for x in names] )
