def mixed_internal_anchor_detector(anchors, sec_url): from fnmatch import translate as xlate import re ret = False vul_url=sec_url.replace('https://','http://') vul_url=vul_url+"*" for link in anchors: try: foo = link['href'] except KeyError: continue if re.match(xlate(vul_url), foo, re.I|re.DOTALL): #print "non-relative link: %s" % (foo) return True return ret
def calc_ssl_okay(data): # tests for states and returns an intervalue based on how bad things are # this might be better served in capitolhttpstester.py but here we are # this is the scoring mechanism for the survey import re from fnmatch import translate as xlate global entity_counter grade = 100 # everyone fails hard emoji = '' # doodling while getting regex right body_url = "http://www.%s.gov" % (data['body']) body_url_r = xlate(body_url + '*') https_url = data['url'] http_url = https_url.replace("https://", 'http://') re_g = xlate(http_url + '*') re_g = re_g.replace('www\.', '(www\.)?') # best case if ( data['hostname_match'] and data['http status'] == 200 and data['redirects'] == False and data['mixed content'] == False and data['non-rel links'] == False): grade = 0 # valid cert non-rel http links elif ( data['hostname_match'] and data['http status'] == 200 and data['redirects'] == False and data['mixed content'] == False and data['non-rel links'] == True): grade = 1 # valid cert mixed content elif ( data['hostname_match'] and data['http status'] == 200 and data['redirects'] == False and data['mixed content'] == True): # and data['non-rel links'] == False): # don't care if non-rel links grade = 2 # valid cert enforced non-ssl redirect to member site elif ( data['hostname_match'] and data['redirects'] == True and re.match(re_g, data['redirect_url'], re.I|re.DOTALL)): grade = 3 # invalid cert enforced non-ssl redirect to member site elif ( data['hostname_match'] == False and data['redirects'] == True and re.match(re_g, data['redirect_url'], re.I|re.DOTALL)): grade = 6 # valid cert hard fail to leg body website elif ( data['hostname_match'] and data['redirects'] == True and re.match(body_url_r, data['redirect_url'], re.I|re.DOTALL)): grade = 7 # invalid cert but SSL ready elif ( data['hostname_match'] == False and data['http status'] == 200 and data['redirects'] == False and data['mixed content'] == False and data['non-rel links'] == False): grade = 4 # invalid cert content fixable elif ( data['hostname_match'] == False and data['http status'] == 200 and data['redirects'] == False): grade = 5 # invalid cert hard fail to leg body website elif ( data['hostname_match'] == False and data['redirects'] == True and re.match(body_url_r, data['redirect_url'], re.I|re.DOTALL)): grade = 8 # valid cert and 4XX or 5XX response elif ( data['hostname_match'] and data['http status'] >= 400 and data['redirects'] == False): grade = 9 # invalid cert and 4XX or 5XX response elif ( data['hostname_match'] == False and data['http status'] >= 400 and data['redirects'] == False): grade = 10 # SSL FAIL elif ( 'cipher' not in data ): grade = 11 else: grade = 12 # mark of the beast counter.inc(grade) return (grade)
def calc_ssl_okay(data): # tests for states and returns an intervalue based on how bad things are # this might be better served in capitolhttpstester.py but here we are # this is the scoring mechanism for the survey import re from fnmatch import translate as xlate global entity_counter grade = 100 # everyone fails hard emoji = '' # doodling while getting regex right body_url = "http://www.%s.gov" % (data['body']) body_url_r = xlate(body_url + '*') https_url = data['url'] http_url = https_url.replace("https://", 'http://') re_g = xlate(http_url + '*') re_g = re_g.replace('www\.', '(www\.)?') # best case if (data['hostname_match'] and data['http status'] == 200 and data['redirects'] == False and data['mixed content'] == False and data['non-rel links'] == False): grade = 0 # valid cert non-rel http links elif (data['hostname_match'] and data['http status'] == 200 and data['redirects'] == False and data['mixed content'] == False and data['non-rel links'] == True): grade = 1 # valid cert mixed content elif (data['hostname_match'] and data['http status'] == 200 and data['redirects'] == False and data['mixed content'] == True): # and data['non-rel links'] == False): # don't care if non-rel links grade = 2 # valid cert enforced non-ssl redirect to member site elif (data['hostname_match'] and data['redirects'] == True and re.match(re_g, data['redirect_url'], re.I | re.DOTALL)): grade = 3 # invalid cert enforced non-ssl redirect to member site elif (data['hostname_match'] == False and data['redirects'] == True and re.match(re_g, data['redirect_url'], re.I | re.DOTALL)): grade = 6 # valid cert hard fail to leg body website elif (data['hostname_match'] and data['redirects'] == True and re.match(body_url_r, data['redirect_url'], re.I | re.DOTALL)): grade = 7 # invalid cert but SSL ready elif (data['hostname_match'] == False and data['http status'] == 200 and data['redirects'] == False and data['mixed content'] == False and data['non-rel links'] == False): grade = 4 # invalid cert content fixable elif (data['hostname_match'] == False and data['http status'] == 200 and data['redirects'] == False): grade = 5 # invalid cert hard fail to leg body website elif (data['hostname_match'] == False and data['redirects'] == True and re.match(body_url_r, data['redirect_url'], re.I | re.DOTALL)): grade = 8 # valid cert and 4XX or 5XX response elif (data['hostname_match'] and data['http status'] >= 400 and data['redirects'] == False): grade = 9 # invalid cert and 4XX or 5XX response elif (data['hostname_match'] == False and data['http status'] >= 400 and data['redirects'] == False): grade = 10 # SSL FAIL elif ('cipher' not in data): grade = 11 else: grade = 12 # mark of the beast counter.inc(grade) return (grade)
def regex_from_list(names): # this turns a list of potential globs into a thing that re will work with from fnmatch import translate as xlate return "|".join( [xlate(x) for x in names] )