2019-06-11 22:24:35 +00:00
|
|
|
require "helper"
|
|
|
|
require "inspec/resource"
|
|
|
|
require "inspec/resources/ssl"
|
|
|
|
require "sslshake"
|
|
|
|
|
|
|
|
describe "Inspec::Resources::SSL" do
|
|
|
|
it "verify cipher enabled" do
|
|
|
|
SSLShake.expects(:hello).at_least_once.returns({ "cipher_suite" => "TLS_RSA_WITH_AES_128_CBC_SHA", "success" => true })
|
|
|
|
resource = load_resource("ssl", host: "localhost").ciphers(/rsa/i)
|
2017-10-06 17:38:22 +00:00
|
|
|
_(resource.enabled?).must_equal true
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify cipher disabled" do
|
|
|
|
SSLShake.expects(:hello).at_least_once.returns({ "error" => "SSL Alert." })
|
|
|
|
resource = load_resource("ssl", host: "localhost").ciphers(/rc4/i)
|
2017-10-06 17:38:22 +00:00
|
|
|
_(resource.enabled?).must_equal false
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify protocol enabled" do
|
|
|
|
SSLShake.expects(:hello).at_least_once.returns({ "version" => "tls1.2", "success" => true })
|
|
|
|
resource = load_resource("ssl", host: "localhost").protocols("tls1.2")
|
2017-10-06 17:38:22 +00:00
|
|
|
_(resource.enabled?).must_equal true
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify protocol disabled" do
|
|
|
|
SSLShake.expects(:hello).at_least_once.returns({ "error" => "Failed to parse response. Cannot handle SSLv2 responses" })
|
|
|
|
resource = load_resource("ssl", host: "localhost").protocols("ssl2")
|
2017-10-06 17:38:22 +00:00
|
|
|
_(resource.enabled?).must_equal false
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify host reachable" do
|
|
|
|
SSLShake.expects(:hello).at_least_once.returns({ "success" => true })
|
|
|
|
resource = load_resource("ssl", host: "localhost")
|
2017-10-06 17:38:22 +00:00
|
|
|
_(resource.enabled?).must_equal true
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify host unreachable" do
|
|
|
|
SSLShake.expects(:hello).at_least_once.returns({ "error" => "Connection error Errno::ECONNREFUSED, can't connect to localhost:443." })
|
|
|
|
resource = load_resource("ssl", host: "localhost")
|
2017-10-06 17:38:22 +00:00
|
|
|
_(resource.enabled?).must_equal false
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "error with nil host" do
|
|
|
|
resource = load_resource("ssl", host: nil)
|
2017-10-06 17:38:22 +00:00
|
|
|
err = proc { resource.enabled? }.must_raise(RuntimeError)
|
2019-06-11 22:24:35 +00:00
|
|
|
err.message.must_equal "Cannot determine host for SSL test. Please specify it or use a different target."
|
2017-10-06 17:38:22 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify sslshake resources" do
|
|
|
|
resource = load_resource("ssl", host: "localhost")
|
|
|
|
_(resource.protocols.uniq).must_equal ["ssl2", "ssl3", "tls1.0", "tls1.1", "tls1.2"]
|
|
|
|
_(resource.ciphers.include?("TLS_RSA_WITH_AES_128_CBC_SHA256")).must_equal true
|
2019-01-21 22:59:56 +00:00
|
|
|
[681, 993].must_include(resource.ciphers.count)
|
2017-10-06 17:38:22 +00:00
|
|
|
end
|
|
|
|
end
|