def init_domain(domain, environment, options): hosts_to_scan = [] cached_data = [] cache_dir = options.get('_', {}).get('cache_dir', './cache') # If we have pshtt data, skip domains which pshtt saw as not # supporting HTTPS at all. if utils.domain_doesnt_support_https(domain, cache_dir=cache_dir): logging.warning('\tHTTPS not supported for {}'.format(domain)) else: # If we have pshtt data and it says canonical endpoint uses # www and the given domain is bare, add www. if utils.domain_uses_www(domain, cache_dir=cache_dir): hostname = 'www.%s' % domain else: hostname = domain hosts_to_scan.append({ 'hostname': hostname, 'port': 443, 'starttls_smtp': False }) # If we have trustymail data, see if there are any mail servers # that support STARTTLS that we should scan mail_servers_to_test = utils.domain_mail_servers_that_support_starttls(domain, cache_dir=cache_dir) for mail_server in mail_servers_to_test: # Check if we already have results for this mail server, # possibly from a different domain. # # I have found that SMTP servers (as compared to HTTP/HTTPS # servers) are MUCH more sensitive to having multiple # connections made to them. In testing the various cyphers we # make a lot of connections, and multiple government domains # often use the same SMTP servers, so it makes sense to check # if we have already hit this mail server when testing a # different domain. cached_value = None if FAST_CACHE_KEY in environment: cached_value = environment[FAST_CACHE_KEY].get(mail_server, None) if cached_value is None: logging.debug('Adding {} to list to be scanned'.format(mail_server)) hostname_and_port = mail_server.split(':') hosts_to_scan.append({ 'hostname': hostname_and_port[0], 'port': int(hostname_and_port[1]), 'starttls_smtp': True }) else: logging.debug('Using cached data for {}'.format(mail_server)) cached_data.append(cached_value) if not hosts_to_scan: logging.warning('\tNo hosts to scan for {}'.format(domain)) return { 'hosts_to_scan': hosts_to_scan, 'cached_data': cached_data }
def init_domain(domain, environment, options): hosts_to_scan = [] cache_dir = options.get("_", {}).get("cache_dir", "./cache") # If we have pshtt data, skip domains which pshtt saw as not # supporting HTTPS at all. if utils.domain_doesnt_support_https(domain, cache_dir=cache_dir): logging.warn('\tHTTPS not supported for {}'.format(domain)) else: # If we have pshtt data and it says canonical endpoint uses # www and the given domain is bare, add www. if utils.domain_uses_www(domain, cache_dir=cache_dir): hostname = "www.%s" % domain else: hostname = domain hosts_to_scan.append({ 'hostname': hostname, 'port': 443, 'starttls_smtp': False }) # If we have trustymail data, see if there are any mail servers # that support STARTTLS that we should scan mail_servers_to_test = utils.domain_mail_servers_that_support_starttls( domain, cache_dir=cache_dir) for mail_server in mail_servers_to_test: hostname_and_port = mail_server.split(':') hosts_to_scan.append({ 'hostname': hostname_and_port[0], 'port': hostname_and_port[1], 'starttls_smtp': True }) if not hosts_to_scan: logging.warn('\tNo hosts to scan for {}'.format(domain)) return {'hosts_to_scan': hosts_to_scan}