secureCodeBox
diff --git a/‎.github/workflows/ci.yaml‎
Lines changed: 8 additions & 0 deletions b/‎.github/workflows/ci.yaml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎integrations/sslyze/parser/.dockerignore‎
Lines changed: 1 addition & 0 deletions b/‎integrations/sslyze/parser/.dockerignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎integrations/sslyze/parser/Dockerfile‎
Lines changed: 10 additions & 0 deletions b/‎integrations/sslyze/parser/Dockerfile‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎integrations/sslyze/parser/__snapshots__/parser.test.js.snap‎
Lines changed: 295 additions & 0 deletions b/‎integrations/sslyze/parser/__snapshots__/parser.test.js.snap‎
Lines changed: 295 additions & 0 deletions
@@ -121,6 +121,14 @@ jobs:
           repository: scbexperimental/parser-ssh-scan
           path: ./integrations/ssh_scan/parser/
           tag_with_ref: true
+      - uses: docker/build-push-action@v1
+        name: "Build & Push SSLyze Parser Image"
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          repository: scbexperimental/parser-sslyze
+          path: ./integrations/sslyze/parser/
+          tag_with_ref: true
       - uses: docker/build-push-action@v1
         name: "Build & Push OWASP Zap Parser Image"
         with:
 
@@ -0,0 +1 @@
+node_modules/
@@ -0,0 +1,10 @@
+FROM node:12-alpine as build
+RUN mkdir -p /home/app
+WORKDIR /home/app
+COPY package.json package-lock.json ./
+RUN npm ci --production
+
+FROM scbexperimental/parser-sdk-nodejs:latest
+WORKDIR /home/app/parser-wrapper/parser/
+COPY --from=build --chown=app:app /home/app/node_modules/ ./node_modules/
+COPY --chown=app:app ./parser.js ./parser.js
@@ -0,0 +1,295 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`parses badssl.com result file correctly 1`] = `
+Array [
+  Object {
+    "attributes": Object {
+      "error": "certificate has expired",
+      "trust_store": "Android (/usr/local/lib/python2.7/site-packages/sslyze/plugins/utils/trust_store/pem_files/google_aosp.pem)",
+    },
+    "category": "Certificate info",
+    "description": "At least one chain certificate is not trusted using the supplied trust store Android. Validation result: certificate has expired",
+    "hint": null,
+    "location": "https://expired.badssl.com:443",
+    "name": "Certificate is not trusted",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "MEDIUM",
+  },
+  Object {
+    "attributes": Object {
+      "error": "certificate has expired",
+      "trust_store": "APPLE (/usr/local/lib/python2.7/site-packages/sslyze/plugins/utils/trust_store/pem_files/apple.pem)",
+    },
+    "category": "Certificate info",
+    "description": "At least one chain certificate is not trusted using the supplied trust store APPLE. Validation result: certificate has expired",
+    "hint": null,
+    "location": "https://expired.badssl.com:443",
+    "name": "Certificate is not trusted",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "MEDIUM",
+  },
+  Object {
+    "attributes": Object {
+      "error": "certificate has expired",
+      "trust_store": "Java (/usr/local/lib/python2.7/site-packages/sslyze/plugins/utils/trust_store/pem_files/oracle_java.pem)",
+    },
+    "category": "Certificate info",
+    "description": "At least one chain certificate is not trusted using the supplied trust store Java. Validation result: certificate has expired",
+    "hint": null,
+    "location": "https://expired.badssl.com:443",
+    "name": "Certificate is not trusted",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "MEDIUM",
+  },
+  Object {
+    "attributes": Object {
+      "error": "certificate has expired",
+      "trust_store": "Mozilla (/usr/local/lib/python2.7/site-packages/sslyze/plugins/utils/trust_store/pem_files/mozilla_nss.pem)",
+    },
+    "category": "Certificate info",
+    "description": "At least one chain certificate is not trusted using the supplied trust store Mozilla. Validation result: certificate has expired",
+    "hint": null,
+    "location": "https://expired.badssl.com:443",
+    "name": "Certificate is not trusted",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "MEDIUM",
+  },
+  Object {
+    "attributes": Object {
+      "error": "certificate has expired",
+      "trust_store": "OPENJDK (/usr/local/lib/python2.7/site-packages/sslyze/plugins/utils/trust_store/pem_files/openjdk.pem)",
+    },
+    "category": "Certificate info",
+    "description": "At least one chain certificate is not trusted using the supplied trust store OPENJDK. Validation result: certificate has expired",
+    "hint": null,
+    "location": "https://expired.badssl.com:443",
+    "name": "Certificate is not trusted",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "MEDIUM",
+  },
+  Object {
+    "attributes": Object {
+      "error": "certificate has expired",
+      "trust_store": "Windows (/usr/local/lib/python2.7/site-packages/sslyze/plugins/utils/trust_store/pem_files/microsoft_windows.pem)",
+    },
+    "category": "Certificate info",
+    "description": "At least one chain certificate is not trusted using the supplied trust store Windows. Validation result: certificate has expired",
+    "hint": null,
+    "location": "https://expired.badssl.com:443",
+    "name": "Certificate is not trusted",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "MEDIUM",
+  },
+  Object {
+    "attributes": Object {},
+    "category": "Certificate info",
+    "description": "Leaf certificate does not support OCSP Must-Staple extension as defined in RFC 6066.",
+    "hint": null,
+    "location": "https://expired.badssl.com:443",
+    "name": "Must-Staple unsupported",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {},
+    "category": "Certificate info",
+    "description": "The chain order sent by the server is invalid.",
+    "hint": null,
+    "location": "https://expired.badssl.com:443",
+    "name": "Chain order invalid",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "LOW",
+  },
+  Object {
+    "attributes": Object {},
+    "category": "Certificate info",
+    "description": "The certificate has not been validated by the certificate authority according to the standardized set of requirements set out in the CA/Browser Forum Extended Validation Certificate Guidelines. (https://wiki.mozilla.org/EV)",
+    "hint": null,
+    "location": "https://expired.badssl.com:443",
+    "name": "No extended validation certificate",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {},
+    "category": "Certificate info",
+    "description": "The server did not send an OCSP response.",
+    "hint": null,
+    "location": "https://expired.badssl.com:443",
+    "name": "No OCSP response",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {},
+    "category": "Resumption",
+    "description": "The server supports session resumption through ticket encapsulation.",
+    "hint": null,
+    "location": "https://expired.badssl.com:443",
+    "name": "Ticket resumption supported",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {
+      "error": null,
+    },
+    "category": "Resumption",
+    "description": "At least one session resumption failed.",
+    "hint": null,
+    "location": "https://expired.badssl.com:443",
+    "name": "Session resumption failed",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "LOW",
+  },
+  Object {
+    "attributes": Object {},
+    "category": "TLSv1",
+    "description": "The server supports at least one cipher suite using the TLSv1 protocol.",
+    "hint": null,
+    "location": "https://expired.badssl.com:443",
+    "name": "TLSv1 supported",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "LOW",
+  },
+  Object {
+    "attributes": Object {},
+    "category": "TLSv1.1",
+    "description": "The server supports at least one cipher suite using the TLSv1.1 protocol.",
+    "hint": null,
+    "location": "https://expired.badssl.com:443",
+    "name": "TLSv1.1 supported",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {},
+    "category": "TLSv1.2",
+    "description": "The server supports at least one cipher suite using the TLSv1.2 protocol.",
+    "hint": null,
+    "location": "https://expired.badssl.com:443",
+    "name": "TLSv1.2 supported",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "INFORMATIONAL",
+  },
+]
+`;
+
+exports[`parses securecodebox.io result file correctly 1`] = `
+Array [
+  Object {
+    "attributes": Object {},
+    "category": "Certificate info",
+    "description": "Leaf certificate does not support OCSP Must-Staple extension as defined in RFC 6066.",
+    "hint": null,
+    "location": "https://securecodebox.io:443",
+    "name": "Must-Staple unsupported",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {},
+    "category": "Certificate info",
+    "description": "The chain order sent by the server is invalid.",
+    "hint": null,
+    "location": "https://securecodebox.io:443",
+    "name": "Chain order invalid",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "LOW",
+  },
+  Object {
+    "attributes": Object {},
+    "category": "Certificate info",
+    "description": "The certificate has not been validated by the certificate authority according to the standardized set of requirements set out in the CA/Browser Forum Extended Validation Certificate Guidelines. (https://wiki.mozilla.org/EV)",
+    "hint": null,
+    "location": "https://securecodebox.io:443",
+    "name": "No extended validation certificate",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {},
+    "category": "Certificate info",
+    "description": "The server sent an OCSP response which is not trusted using the Mozilla trust store.",
+    "hint": null,
+    "location": "https://securecodebox.io:443",
+    "name": "OCSP response not trusted",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "MEDIUM",
+  },
+  Object {
+    "attributes": Object {},
+    "category": "Resumption",
+    "description": "The server supports session resumption through ticket encapsulation.",
+    "hint": null,
+    "location": "https://securecodebox.io:443",
+    "name": "Ticket resumption supported",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {},
+    "category": "Resumption",
+    "description": "At least one session resumption succeeded.",
+    "hint": null,
+    "location": "https://securecodebox.io:443",
+    "name": "Session resumption succeeded",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {},
+    "category": "TLSv1",
+    "description": "The server supports at least one cipher suite using the TLSv1 protocol.",
+    "hint": null,
+    "location": "https://securecodebox.io:443",
+    "name": "TLSv1 supported",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "LOW",
+  },
+  Object {
+    "attributes": Object {},
+    "category": "TLSv1.1",
+    "description": "The server supports at least one cipher suite using the TLSv1.1 protocol.",
+    "hint": null,
+    "location": "https://securecodebox.io:443",
+    "name": "TLSv1.1 supported",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {},
+    "category": "TLSv1.2",
+    "description": "The server supports at least one cipher suite using the TLSv1.2 protocol.",
+    "hint": null,
+    "location": "https://securecodebox.io:443",
+    "name": "TLSv1.2 supported",
+    "osi_layer": "PRESENTATION",
+    "reference": null,
+    "severity": "INFORMATIONAL",
+  },
+]
+`;