Adding Vulnerability Scans to Scan #453
Conversation
| HostIp: hostname, | ||
| } | ||
|
|
||
| u, err := url.Parse(tgt.HostIp) |
There was a problem hiding this comment.
It's assumed that hostname will never have a scheme.
There was a problem hiding this comment.
Ah, ok. I'll be sure to take that out.
There was a problem hiding this comment.
Do you need some err handling after this?
anniephan
changed the title
| return | ||
| } | ||
|
|
||
| func BERserkScan(addr, hostname string) (grade Grade, output Output, err error) { |
There was a problem hiding this comment.
looks like Travis failed here, since this function name's first letter is capitalized, add a comment above it or uncapitalized it. Reference: http://www.goinggo.net/2014/03/exportedunexported-identifiers-in-go.html
There was a problem hiding this comment.
Ah, yes. I'll get to that, thanks.
| if serverCipher != 0 { | ||
| certData, err := certinfo.ParseCertificateDomain(hostname) | ||
| if err != nil { | ||
| grade = Bad |
There was a problem hiding this comment.
All these grade = Bad can be removed and return grade, output, err is the same as just return
|
I think it might be best to separate this out into a couple smaller PRs. Mainly I'd pull out the heartbleed check to simplify what's being added a bit and maybe Logjam as that's going to require quite a bit more work to finish. |
|
orphaned PR? |
Part of https://github.com/cloudflare/cfssl/wiki/Adding-Vulnerability-scaning-to-Scan. Extends CFSSL Scan to scan a host for vulnerability to Heartbleed using https://github.com/FiloSottile/Heartbleed.