#33 Add CascadingRules to the sslyze scanner

Author: J12934

…uent-scans/tmpCascadingRules/sslyze.yaml …anners/sslyze/cascading-rules/https.yamlhooks/declarative-subsequent-scans/tmpCascadingRules/sslyze.yaml renamed to scanners/sslyze/cascading-rules/https.yaml hooks/declarative-subsequent-scans/tmpCascadingRules/sslyze.yaml renamed to scanners/sslyze/cascading-rules/https.yaml

@@ -1,17 +1,16 @@
 apiVersion: "cascading.experimental.securecodebox.io/v1"
 kind: CascadingRule
 metadata:
-  name: "tls-scans"
+  name: "https-tls-scans"
 spec:
   matches:
     anyOf:
       - category: "Open Port"
         attributes:
           port: 443
-          service: "https"
       - category: "Open Port"
         attributes:
           service: "https"
   scanSpec:
-    name: "sslyze"
-    parameters: ["--regular", "{{attributes.hostname}}"]
+    scanType: "sslyze"
+    parameters: ["--regular", "{{attributes.hostname}}:{{attributes.port}}"]

scanners/sslyze/cascading-rules/mail.yaml

@@ -0,0 +1,50 @@
+apiVersion: "cascading.experimental.securecodebox.io/v1"
+kind: CascadingRule
+metadata:
+  name: "smtps-tls-scans"
+spec:
+  matches:
+    anyOf:
+      - category: "Open Port"
+        attributes:
+          port: 465
+      - category: "Open Port"
+        attributes:
+          service: "smtps"
+  scanSpec:
+    scanType: "sslyze"
+    parameters: ["--regular", "{{attributes.hostname}}:{{attributes.port}}"]
+---
+apiVersion: "cascading.experimental.securecodebox.io/v1"
+kind: CascadingRule
+metadata:
+  name: "pop3s-tls-scans"
+spec:
+  matches:
+    anyOf:
+      - category: "Open Port"
+        attributes:
+          port: 995
+      - category: "Open Port"
+        attributes:
+          service: "pop3s"
+  scanSpec:
+    scanType: "sslyze"
+    parameters: ["--regular", "{{attributes.hostname}}:{{attributes.port}}"]
+---
+apiVersion: "cascading.experimental.securecodebox.io/v1"
+kind: CascadingRule
+metadata:
+  name: "imaps-tls-scans"
+spec:
+  matches:
+    anyOf:
+      - category: "Open Port"
+        attributes:
+          port: 993
+      - category: "Open Port"
+        attributes:
+          service: "imaps"
+  scanSpec:
+    scanType: "sslyze"
+    parameters: ["--regular", "{{attributes.hostname}}:{{attributes.port}}"]

scanners/sslyze/templates/cascading-rules.yaml

@@ -0,0 +1,8 @@
+# The CascadingRules are not directly in the /templates directory as their curly bracket syntax clashes with helms templates ... :( 
+# We import them as raw files to avoid these clashes as escaping them is even more messy
+{{ range $path, $_ :=  .Files.Glob  "cascading-rules/*" }}
+# Include File
+{{ $.Files.Get $path }}
+# Separate multiple files
+---
+{{ end }}