-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds support for sslyze>=3.0.0 #214
Conversation
This pull request introduces 1 alert when merging ce0af6c into 59f2bb0 - view on LGTM.com new alerts:
|
c77fdc1
to
8a50ca8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution!
I've tested via the python tests as well as ran the tool locally (Mac OSX Catalina with Python 3.8.3) and got a nice little results.csv file out. Several other folks are reviewing as well - great work!
The codebase needs to be black
ened as well as skeletonized and I'll add an issue for that if one doesn't exist.
Thanks again and great work!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should do a minor version bump before merging this. I tried to do this myself, but I can't commit to this branch, so I think @SaptakS will have to do it. Here's how:
|
GitHub has a feature to allow maintainers to edit forks: |
I haven't done this in the PR because |
That's fine as that is an "us" task, so don't worry about that. It's a long-term maintenance task for this project that we just haven't had the time to do yet. |
Yup, that's absolutely out of the scope of this PR, although thank you for trying! I added follow-on task #215 Skeletonize repository and standardize code formatting. |
Hi @mcdonnnj , is there anything else needed from my side on this PR? |
Review is on my to-do, I will finish it tonight or tomorrow morning. @jsf9k did we want to get anything from @h-m-f-t? Other than that there are no additional blockers from me. |
I'm good here and don't need to review. Thanks @SaptakS! |
- fix comments - use == instead of is Co-authored-by: Nick M. <[email protected]>
- consider all deployments and if all validations succeed, then consider it trusted - use path_validation_results instead of received_certificate_chain to consider if STORE is included in trust_store - check self signed validation in cert_chain till the second last cert since the last cert is root cert and hence is self signed anyways - put all logic inside one loop over path_validation_results
I have rebased, resolved conflicts and pushed. Waiting for the tests to pass. I think someone with permission need to approve the workflows. |
Are the coveralls complaints innocuous? |
Relatively. Coverage decreased because total lines of code increased, but the current configuration doesn't do extensive testing for what is being modified in the first place. It's unreasonable to ask that testing be added from scratch to cover these changes so manual testing will have to suffice. As a result the coveralls complaints will be ignored. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These changes seem correct to me, and I'm inclined to approve. Have you done any testing beyond the (admittedly underwhelming) test suite? What I mean is, have you been using these changes to test against a wide array of servers?
In any event, we should probably do some testing on our end, just to get a warm and fuzzy that everything is still working. I can start looking into that next week.
@jsf9k How's that looking? We're very interested in getting this merged :) |
Hi folks. How was June? How's the review coming? |
Well, Python 3.7 has reached end-of-life. |
Hi folks, Just to help nudge this, my team is trying to use pshtt right now and can't at all at this point (some of the second order dependencies appear to no longer be hosted anymore). Pretty please with sugar on top, can you all merge this PR? |
This needs another rebase on top of Alternatively, you can click the box to allow us to push up changes and I'll take care of it. |
@SaptakS Can you also please bump the minor version by running this command? ./bump_version.sh minor This will need to be done prior to merging. |
Add support for sslyze 3 (superset of PR #214)
#248 was merged with a superset of these changes rebased to Thank you to everyone that contributed to the PR. |
Updates the https_check function to use code that works with sslyze>=3.0.0
Refs: #209
Also, thanks to Ethan's code snippet that helped in this commit.
🧪 Testing
Tested the code using the current test suite of pshtt in debian 10, with python 3.7
Following is the command I ran:
python3 -m pytest
✅ Checklist