def scan_jobs_for_scan_command(
cls,
server_info: ServerConnectivityInfo,
extra_arguments: Optional[ScanCommandExtraArgument] = None
) -> List[ScanJob]:
if extra_arguments:
raise ScanCommandWrongUsageError(
"This plugin does not take extra arguments")
return [
ScanJob(function_to_call=_test_compression_support,
function_arguments=[server_info])
]
def scan_jobs_for_scan_command(
cls,
server_info: ServerConnectivityInfo,
extra_arguments: Optional[SessionResumptionSupportExtraArgument] = None,
) -> List[ScanJob]:
if extra_arguments:
number_of_resumption_attempts = extra_arguments.number_of_resumptions_to_attempt
else:
number_of_resumption_attempts = cls._DEFAULT_RESUMPTION_ATTEMPTS
# Test Session ID support
session_id_scan_jobs = [
ScanJob(function_to_call=resume_with_session_id, function_arguments=[server_info])
for _ in range(number_of_resumption_attempts)
]
# Test TLS tickets support
tls_ticket_scan_jobs = [
ScanJob(function_to_call=resume_with_tls_ticket, function_arguments=[server_info])
for _ in range(number_of_resumption_attempts)
]
return session_id_scan_jobs + tls_ticket_scan_jobs
def scan_jobs_for_scan_command(
cls,
server_info: ServerConnectivityInfo,
extra_arguments: Optional[ScanCommandExtraArgument] = None
) -> List[ScanJob]:
# Create a bunch of "do nothing" jobs to imitate a real plugin
did_receive_extra_arguments = extra_arguments is not None
scan_jobs = [
ScanJob(
function_to_call=cls._scan_job_work_function,
function_arguments=["test", 12, did_receive_extra_arguments],
) for _ in range(cls._scan_jobs_count)
]
return scan_jobs
def scan_jobs_for_scan_command(
cls,
server_info: ServerConnectivityInfo,
extra_arguments: Optional[ScanCommandExtraArgument] = None
) -> List[ScanJob]:
if extra_arguments:
raise ScanCommandWrongUsageError(
"This plugin does not take extra arguments")
if not server_info.tls_probing_result.supports_ecdh_key_exchange:
# Nothing to test: the server doesn't support EC key exchange
return [
ScanJob(function_to_call=_raise_elliptic_curve_not_supported,
function_arguments=[])
]
# List of curves are in https://tools.ietf.org/html/rfc4492#section-5.1.1 and
# https://tools.ietf.org/html/rfc8446#section-4.2.7
return [
ScanJob(function_to_call=_test_curve,
function_arguments=[server_info, curve_nid])
for curve_nid in OpenSslEcNidEnum
]
def scan_jobs_for_scan_command(
cls,
server_info: ServerConnectivityInfo,
extra_arguments: Optional[ScanCommandExtraArguments] = None
) -> List[ScanJob]:
if extra_arguments:
raise ScanCommandWrongUsageError(
"This plugin does not take extra arguments")
# Run the test three times to ensure the results are consistent
return [
ScanJob(function_to_call=test_robot,
function_arguments=[server_info])
for _ in range(cls._TEST_ATTEMPTS_NB)
]
def _create_resume_with_session_id_scan_jobs(
server_info: ServerConnectivityInfo,
resumption_attempts_nb: int) -> List[ScanJob]:
# Try with TLS 1.2 even if the server supports TLS 1.3 or higher as session resumption is different with TLS 1.3
if server_info.tls_probing_result.highest_tls_version_supported.value >= TlsVersionEnum.TLS_1_3.value:
tls_version_to_use = TlsVersionEnum.TLS_1_2
else:
tls_version_to_use = server_info.tls_probing_result.highest_tls_version_supported
scan_jobs = [
ScanJob(function_to_call=resume_with_session_id,
function_arguments=[server_info, tls_version_to_use])
for _ in range(resumption_attempts_nb)
]
return scan_jobs
def scan_jobs_for_scan_command(
cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArguments] = None
) -> List[ScanJob]:
if extra_arguments:
raise ScanCommandWrongUsageError("This plugin does not take extra arguments")
# Run one job per cipher suite to test for
all_cipher_suites_to_test = CipherSuitesRepository.get_all_cipher_suites(cls._tls_version)
scan_jobs = [
ScanJob(
function_to_call=connect_with_cipher_suite,
function_arguments=[server_info, cls._tls_version, cipher_suite],
)
for cipher_suite in all_cipher_suites_to_test
]
return scan_jobs
def scan_jobs_for_scan_command(
cls,
server_info: ServerConnectivityInfo,
extra_arguments: Optional[ScanCommandExtraArguments] = None
) -> List[ScanJob]:
if extra_arguments:
raise ScanCommandWrongUsageError(
"This plugin does not take extra arguments")
if server_info.network_configuration.tls_opportunistic_encryption:
raise ScanCommandWrongUsageError(
"Cannot test for HTTP headers on a StartTLS connection.")
return [
ScanJob(function_to_call=_retrieve_and_analyze_http_response,
function_arguments=[server_info])
]
def scan_jobs_for_scan_command(
cls,
server_info: ServerConnectivityInfo,
extra_arguments: Optional[ScanCommandExtraArguments] = None
) -> List[ScanJob]:
if extra_arguments:
raise ValueError("This plugin does not take extra arguments")
# Test Session ID support
session_id_scan_jobs = _create_resume_with_session_id_scan_jobs(
server_info, cls._SESSION_ID_RESUMPTION_ATTEMPTS_NB)
# Test TLS tickets support
tls_ticket_scan_jobs = [
ScanJob(function_to_call=resume_with_tls_ticket,
function_arguments=[server_info])
]
return session_id_scan_jobs + tls_ticket_scan_jobs