Verified Commit 3a256f98 authored by Elger Jonker's avatar Elger Jonker

split tls qualys ratings into encryption quality and trust

parent 57985b70
Pipeline #36440777 passed with stages
in 20 minutes and 12 seconds
......@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2018-11-02 14:51+0000\n"
"POT-Creation-Date: 2018-11-13 15:01+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......
......@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2018-11-02 14:51+0000\n"
"POT-Creation-Date: 2018-11-13 15:01+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......
......@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2018-11-02 14:51+0000\n"
"POT-Creation-Date: 2018-11-13 15:01+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......
......@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2018-11-02 14:51+0000\n"
"POT-Creation-Date: 2018-11-13 15:01+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......@@ -55,10 +55,6 @@ msgstr ""
msgid "Recent Actions for %s"
msgstr ""
#: failmap/monitoryour/templates/monitoryour/index.html:107
msgid "It's time to monitor your government!"
msgstr ""
#: failmap/scanners/models.py:145 failmap/scanners/models.py:146
msgid "endpoint"
msgstr ""
......@@ -71,54 +67,62 @@ msgstr ""
msgid "tlsscan"
msgstr ""
#: failmap/settings.py:887
#: failmap/settings.py:901
msgid "🔧 configuration"
msgstr ""
#: failmap/settings.py:890
#: failmap/settings.py:904
msgid "configuration"
msgstr ""
#: failmap/settings.py:891
#: failmap/settings.py:905
msgid "map configuration"
msgstr ""
#: failmap/settings.py:892
#: failmap/settings.py:906
msgid "import regions"
msgstr ""
#: failmap/settings.py:895
#: failmap/settings.py:909
msgid "🏢 organizations"
msgstr ""
#: failmap/settings.py:904
#: failmap/settings.py:918
msgid "🔬 scanners"
msgstr ""
#: failmap/settings.py:916
#: failmap/settings.py:930
msgid "🗺️ map (autogenerated)"
msgstr ""
#: failmap/settings.py:923
#: failmap/settings.py:937
msgid "🕒 periodic tasks"
msgstr ""
#: failmap/settings.py:931
msgid "ℹ️ helpdesk"
#: failmap/settings.py:959
msgid "☁️ hypersh cloud scans"
msgstr ""
#: failmap/settings.py:960
msgid "Environment variables"
msgstr ""
#: failmap/settings.py:944
msgid "☁️ hypersh cloud scans"
#: failmap/settings.py:961
msgid "Container configuration"
msgstr ""
#: failmap/settings.py:951
#: failmap/settings.py:962
msgid "Container instances"
msgstr ""
#: failmap/settings.py:966
msgid "👾️ the game"
msgstr ""
#: failmap/settings.py:955
#: failmap/settings.py:970
msgid "New organizations"
msgstr ""
#: failmap/settings.py:959
#: failmap/settings.py:974
msgid "New urls"
msgstr ""
......@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2018-11-02 14:51+0000\n"
"POT-Creation-Date: 2018-11-13 15:01+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......@@ -55,10 +55,6 @@ msgstr ""
msgid "Recent Actions for %s"
msgstr ""
#: failmap/monitoryour/templates/monitoryour/index.html:107
msgid "It's time to monitor your government!"
msgstr ""
#: failmap/scanners/models.py:145 failmap/scanners/models.py:146
msgid "endpoint"
msgstr ""
......@@ -71,54 +67,62 @@ msgstr ""
msgid "tlsscan"
msgstr ""
#: failmap/settings.py:887
#: failmap/settings.py:901
msgid "🔧 configuration"
msgstr ""
#: failmap/settings.py:890
#: failmap/settings.py:904
msgid "configuration"
msgstr ""
#: failmap/settings.py:891
#: failmap/settings.py:905
msgid "map configuration"
msgstr ""
#: failmap/settings.py:892
#: failmap/settings.py:906
msgid "import regions"
msgstr ""
#: failmap/settings.py:895
#: failmap/settings.py:909
msgid "🏢 organizations"
msgstr ""
#: failmap/settings.py:904
#: failmap/settings.py:918
msgid "🔬 scanners"
msgstr ""
#: failmap/settings.py:916
#: failmap/settings.py:930
msgid "🗺️ map (autogenerated)"
msgstr ""
#: failmap/settings.py:923
#: failmap/settings.py:937
msgid "🕒 periodic tasks"
msgstr ""
#: failmap/settings.py:931
msgid "ℹ️ helpdesk"
#: failmap/settings.py:959
msgid "☁️ hypersh cloud scans"
msgstr ""
#: failmap/settings.py:960
msgid "Environment variables"
msgstr ""
#: failmap/settings.py:944
msgid "☁️ hypersh cloud scans"
#: failmap/settings.py:961
msgid "Container configuration"
msgstr ""
#: failmap/settings.py:951
#: failmap/settings.py:962
msgid "Container instances"
msgstr ""
#: failmap/settings.py:966
msgid "👾️ the game"
msgstr ""
#: failmap/settings.py:955
#: failmap/settings.py:970
msgid "New organizations"
msgstr ""
#: failmap/settings.py:959
#: failmap/settings.py:974
msgid "New urls"
msgstr ""
......@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2018-11-02 14:51+0000\n"
"POT-Creation-Date: 2018-11-13 15:01+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......@@ -54,10 +54,6 @@ msgstr ""
msgid "Recent Actions for %s"
msgstr ""
#: failmap/monitoryour/templates/monitoryour/index.html:107
msgid "It's time to monitor your government!"
msgstr ""
#: failmap/scanners/models.py:145 failmap/scanners/models.py:146
msgid "endpoint"
msgstr ""
......@@ -70,54 +66,62 @@ msgstr ""
msgid "tlsscan"
msgstr ""
#: failmap/settings.py:887
#: failmap/settings.py:901
msgid "🔧 configuration"
msgstr ""
#: failmap/settings.py:890
#: failmap/settings.py:904
msgid "configuration"
msgstr ""
#: failmap/settings.py:891
#: failmap/settings.py:905
msgid "map configuration"
msgstr ""
#: failmap/settings.py:892
#: failmap/settings.py:906
msgid "import regions"
msgstr ""
#: failmap/settings.py:895
#: failmap/settings.py:909
msgid "🏢 organizations"
msgstr ""
#: failmap/settings.py:904
#: failmap/settings.py:918
msgid "🔬 scanners"
msgstr ""
#: failmap/settings.py:916
#: failmap/settings.py:930
msgid "🗺️ map (autogenerated)"
msgstr ""
#: failmap/settings.py:923
#: failmap/settings.py:937
msgid "🕒 periodic tasks"
msgstr ""
#: failmap/settings.py:931
msgid "ℹ️ helpdesk"
#: failmap/settings.py:959
msgid "☁️ hypersh cloud scans"
msgstr ""
#: failmap/settings.py:960
msgid "Environment variables"
msgstr ""
#: failmap/settings.py:944
msgid "☁️ hypersh cloud scans"
#: failmap/settings.py:961
msgid "Container configuration"
msgstr ""
#: failmap/settings.py:951
#: failmap/settings.py:962
msgid "Container instances"
msgstr ""
#: failmap/settings.py:966
msgid "👾️ the game"
msgstr ""
#: failmap/settings.py:955
#: failmap/settings.py:970
msgid "New organizations"
msgstr ""
#: failmap/settings.py:959
#: failmap/settings.py:974
msgid "New urls"
msgstr ""
......@@ -14,8 +14,7 @@ log = logging.getLogger(__package__)
def get_calculation(scan):
# Can be probably more efficient by adding some methods to scan.
scan_type = getattr(scan, "type", "tls_qualys")
calculation = calculation_methods[scan_type](scan)
calculation = calculation_methods[scan.type](scan)
# handle comply or explain
# only when an explanation is given AND the explanation is still valid when creating the report.
......@@ -38,7 +37,7 @@ def get_calculation(scan):
# tracking information for the scan (which also might allow upgrading the scan in the future)
calculation['scan'] = scan.pk
calculation['scan_type'] = scan_type
calculation['scan_type'] = scan.type
return calculation
......@@ -110,9 +109,7 @@ def security_headers_rating_based_on_scan(scan, header='Strict-Transport-Securit
todo: should be enabled(?)
"""
high = 0
medium = 0
low = 0
high, medium, low = 0, 0, 0
# We add what is done well, so it's more obvious it's checked.
if scan.rating == "True":
......@@ -148,8 +145,7 @@ def security_headers_rating_based_on_scan(scan, header='Strict-Transport-Securit
def http_plain_rating_based_on_scan(scan):
high = 0
medium = 0
high, medium, low = 0, 0, 0
# changed the ratings in the database. They are not really correct.
# When there is no https at all, it's worse than having broken https. So rate them the same.
......@@ -173,7 +169,7 @@ def http_plain_rating_based_on_scan(scan):
"last_scan": scan.last_scan_moment.isoformat(),
"high": high,
"medium": medium,
"low": 0,
"low": low,
}
return calculation
......@@ -181,9 +177,7 @@ def http_plain_rating_based_on_scan(scan):
def ftp_rating_based_on_scan(scan):
# outdated, insecure
high = 0
medium = 0
low = 0
high, medium, low = 0, 0, 0
# changed the ratings in the database. They are not really correct.
# When there is no https at all, it's worse than having broken https. So rate them the same.
......@@ -230,9 +224,7 @@ def dnssec_rating_based_on_scan(scan):
def tls_qualys_rating_based_on_scan(scan):
high = 0
medium = 0
low = 0
high, medium, low = 0, 0, 0
"""
Qualys gets multiple endpoints
......@@ -290,6 +282,57 @@ def tls_qualys_rating_based_on_scan(scan):
return calculation
def tls_qualys_certificate_trusted_rating_based_on_scan(scan):
high, medium, low = 0, 0, 0
explanations = {
"not trusted": "Certificate is not trusted.",
"trusted": "Certificate is trusted.",
}
explanation = explanations[scan.rating]
if scan.rating == "not trusted":
high += 1
return calc(scan, explanation, high, medium, low)
def tls_qualys_encryption_quality_rating_based_on_scan(scan):
high, medium, low = 0, 0, 0
explanations = {
"F": "Broken Transport Security, rated F",
"C": "Less than optimal Transport Security, rated C.",
"B": "Less than optimal Transport Security, rated B.",
"A-": "Good Transport Security, rated A-.",
"A": "Good Transport Security, rated A.",
"A+": "Perfect Transport Security, rated A+.",
}
explanation = explanations[scan.rating]
if scan.rating in ["F"]:
high += 1
if scan.rating in ["B", "C"]:
low += 1
return calc(scan, explanation, high, medium, low)
def calc(scan, explanation, high, medium, low):
return {
"type": scan.type,
"explanation": explanation,
"since": scan.rating_determined_on.isoformat(),
"last_scan": scan.last_scan_moment.isoformat(),
"high": high,
"medium": medium,
"low": low,
}
# don't re-create the dict every time.
calculation_methods = {
'Strict-Transport-Security': security_headers_rating_based_on_scan,
......@@ -299,5 +342,7 @@ calculation_methods = {
'plain_https': http_plain_rating_based_on_scan,
'tls_qualys': tls_qualys_rating_based_on_scan,
'DNSSEC': dnssec_rating_based_on_scan,
'ftp': ftp_rating_based_on_scan
'ftp': ftp_rating_based_on_scan,
'tls_qualys_certificate_trusted': tls_qualys_certificate_trusted_rating_based_on_scan,
'tls_qualys_encryption_quality': tls_qualys_encryption_quality_rating_based_on_scan
}
This diff is collapsed.
This diff is collapsed.
......@@ -22,10 +22,13 @@ from .models import (Configuration, MapDataCache, OrganizationRating, UrlRating,
log = logging.getLogger(__package__)
ENDPOINT_SCAN_TYPES = ["Strict-Transport-Security", "X-Content-Type-Options", "X-Frame-Options",
"X-XSS-Protection", "tls_qualys", "plain_https", "ftp"]
ENDPOINT_SCAN_TYPES = ['Strict-Transport-Security', 'X-Content-Type-Options', 'X-Frame-Options',
'X-XSS-Protection', 'tls_qualys', 'plain_https', 'ftp', 'tls_qualys_certificate_trusted',
'tls_qualys_encryption_quality']
URL_SCAN_TYPES = ['DNSSEC']
ALL_SCAN_TYPES = URL_SCAN_TYPES + ENDPOINT_SCAN_TYPES
FAILMAP_STARTED = datetime(year=2016, month=1, day=1, hour=13, minute=37, second=42, tzinfo=pytz.utc)
"""
......@@ -202,14 +205,9 @@ def significant_moments(organizations: List[Organization] = None, urls: List[Url
# after the update no calls to __get__ at all.
# qualys_rating=0 means "Unable to connect to the server" and is not returned with a score. This happens in old
# datasets.
if config.REPORT_INCLUDE_HTTP_TLS_QUALYS:
tls_qualys_scans = TlsQualysScan.objects.all().filter(endpoint__url__in=urls).exclude(qualys_rating=0).\
prefetch_related("endpoint").defer("endpoint__url")
tls_qualys_scans = latest_rating_per_day_only(tls_qualys_scans)
tls_qualys_scan_dates = [x.rating_determined_on for x in tls_qualys_scans]
else:
tls_qualys_scans = []
tls_qualys_scan_dates = []
# we don't store tls_qualys scans in a separate table anymore
tls_qualys_scans = []
tls_qualys_scan_dates = []
allowed_to_report = []
if config.REPORT_INCLUDE_HTTP_MISSING_TLS:
......@@ -226,6 +224,9 @@ def significant_moments(organizations: List[Organization] = None, urls: List[Url
allowed_to_report.append("DNSSEC")
if config.REPORT_INCLUDE_FTP:
allowed_to_report.append("ftp")
if config.REPORT_INCLUDE_HTTP_TLS_QUALYS:
allowed_to_report.append("tls_qualys_certificate_trusted")
allowed_to_report.append("tls_qualys_encryption_quality")
generic_scans = EndpointGenericScan.objects.all().filter(type__in=allowed_to_report, endpoint__url__in=urls).\
prefetch_related("endpoint").defer("endpoint__url")
......@@ -617,9 +618,6 @@ def rate_timeline(timeline, url: Url):
while dead_endpoint in previous_endpoints:
previous_endpoints.remove(dead_endpoint)
endpoint_scan_types = ["Strict-Transport-Security", "X-Content-Type-Options", "X-Frame-Options",
"X-XSS-Protection", "tls_qualys", "plain_https", "ftp"]
total_endpoints, high_endpoints, medium_endpoints, low_endpoints = 0, 0, 0, 0
explained_high_endpoints, explained_medium_endpoints, explained_low_endpoints = 0, 0, 0
......@@ -639,11 +637,12 @@ def rate_timeline(timeline, url: Url):
these_endpoint_scans['tls_qualys'] = scan
if isinstance(scan, EndpointGenericScan):
if scan.type in ['Strict-Transport-Security', 'X-Content-Type-Options',
'X-Frame-Options', 'X-XSS-Protection', 'plain_https', 'ftp']:
'X-Frame-Options', 'X-XSS-Protection', 'plain_https', 'ftp',
'tls_qualys_certificate_trusted', 'tls_qualys_encryption_quality']:
these_endpoint_scans[scan.type] = scan
# enrich the ratings with previous ratings, without overwriting them.
for endpoint_scan_type in endpoint_scan_types:
for endpoint_scan_type in ENDPOINT_SCAN_TYPES:
if endpoint_scan_type not in these_endpoint_scans:
if endpoint.id in previous_endpoint_ratings:
if endpoint_scan_type in previous_endpoint_ratings[endpoint.id]:
......@@ -674,7 +673,7 @@ def rate_timeline(timeline, url: Url):
endpoint_high, endpoint_medium, endpoint_low = 0, 0, 0
explained_endpoint_high, explained_endpoint_medium, explained_endpoint_low = 0, 0, 0
for endpoint_scan_type in endpoint_scan_types:
for endpoint_scan_type in ENDPOINT_SCAN_TYPES:
if endpoint_scan_type in these_endpoint_scans:
if endpoint_scan_type not in given_ratings[label]:
calculation = get_calculation(these_endpoint_scans[endpoint_scan_type])
......@@ -1324,11 +1323,8 @@ def get_url_score_modular(url: Url, when: datetime = None):
else:
continue
scan_types = ["Strict-Transport-Security", "X-Content-Type-Options", "X-Frame-Options", "X-XSS-Protection",
"tls_qualys", "plain_https", "ftp"]
calculations = []
for scan_type in scan_types:
for scan_type in ALL_SCAN_TYPES:
calculation = endpoint_to_points_and_calculation(endpoint, when, scan_type)
if calculation:
calculations.append(calculation)
......@@ -1422,15 +1418,10 @@ def endpoint_to_points_and_calculation(endpoint: Endpoint, when: datetime, scan_
try:
scan = ""
if scan_type in ["Strict-Transport-Security", "X-Content-Type-Options",
"X-Frame-Options", "X-XSS-Protection"]:
"X-Frame-Options", "X-XSS-Protection", "plain_https", "ftp", 'tls_qualys_encryption_quality',
'tls_qualys_certificate_trusted']:
scan = EndpointGenericScan.objects.filter(endpoint=endpoint, rating_determined_on__lte=when,
type=scan_type).latest('rating_determined_on')
if scan_type == "plain_https":
scan = EndpointGenericScan.objects.filter(endpoint=endpoint, rating_determined_on__lte=when,
type="plain_https").latest('rating_determined_on')
if scan_type == "ftp":
scan = EndpointGenericScan.objects.filter(endpoint=endpoint, rating_determined_on__lte=when,
type="ftp").latest('rating_determined_on')
if scan_type == "tls_qualys":
scan = TlsQualysScan.objects.filter(endpoint=endpoint, rating_determined_on__lte=when
).latest('rating_determined_on')
......@@ -1868,7 +1859,7 @@ def calculate_map_data(days: int = 366):
# all vulnerabilities
filters = ["security_headers_strict_transport_security", "security_headers_x_content_type_options", "ftp", "DNSSEC",
"security_headers_x_frame_options", "security_headers_x_xss_protection", "tls_qualys", "plain_https",
'']
'', 'tls_qualys_certificate_trusted', 'tls_qualys_encryption_quality']
map_configurations = Configuration.objects.all().filter(
is_displayed=True).order_by('display_order').values('country', 'organization_type__name', 'organization_type')
......
......@@ -52,7 +52,10 @@ var dynamic_translations = function(){
gettext('FTP Server supports TLS encryption protocol.');
gettext('FTP Server does not support encrypted transport or has protocol issues.');
gettext('An FTP connection could not be established properly. Not possible to verify encryption.');
gettext('not trusted');
gettext('trusted');
gettext('Certificate is not trusted.');
gettext('Certificate is trusted.');
// vulnerabilities:
gettext('report_header_tls_qualys');
......@@ -63,6 +66,8 @@ var dynamic_translations = function(){
gettext('report_header_security_headers_strict_transport_security');
gettext('report_header_DNSSEC');
gettext('report_header_ftp');
gettext('report_header_tls_qualys_certificate_trusted');
gettext('report_header_tls_qualys_encryption_quality');
// some categories:
gettext('category_menu_municipality');
......@@ -85,6 +90,8 @@ var dynamic_translations = function(){
gettext('tls_qualys');
gettext('DNSSEC');
gettext('ftp');
gettext('tls_qualys_encryption_quality');
gettext('tls_qualys_certificate_trusted');
// and germany
gettext('category_menu_bundesland');
......
......@@ -108,7 +108,8 @@ const report_mixin = {
let xxss = this.worstof("security_headers_x_xss_protection", url.endpoints);
let xcto = this.worstof("security_headers_x_content_type_options", url.endpoints);
let xfo = this.worstof("security_headers_x_frame_options", url.endpoints);
let https = this.worstof("tls_qualys", url.endpoints);
let https_trust = this.worstof("tls_qualys_certificate_trusted", url.endpoints);
let https_quality = this.worstof("tls_qualys_encryption_quality", url.endpoints);
let hsts = this.worstof("security_headers_strict_transport_security", url.endpoints);
let plain_https = this.worstof("plain_https", url.endpoints);
......@@ -116,7 +117,8 @@ const report_mixin = {
let findings =
`<td class='text-center' style='background-color: ${dnssec.bgcolor}'>${dnssec.text}</td>` +
`<td class='text-center' style='background-color: ${https.bgcolor}'>${https.text}</td>` +
`<td class='text-center' style='background-color: ${https_trust.bgcolor}'>${https_trust.text}</td>` +
`<td class='text-center' style='background-color: ${https_quality.bgcolor}'>${https_quality.text}</td>` +
`<td class='text-center' style='background-color: ${plain_https.bgcolor}'>${plain_https.text}</td>` +
`<td class='text-center' style='background-color: ${hsts.bgcolor}'>${hsts.text}</td>` +
`<td class='text-center' style='background-color: ${xfo.bgcolor}'>${xfo.text}</td>` +
......@@ -203,9 +205,13 @@ const report_mixin = {
hsts.bgcolor = this.colorizebg(rating.high, rating.medium, rating.low);
hsts.text = this.rating_text(rating);
}
if (rating.type === "tls_qualys"){
https.bgcolor = this.colorizebg(rating.high, rating.medium, rating.low);
https.text = this.rating_text(rating);
if (rating.type === "tls_qualys_certificate_trusted"){
https_trust.bgcolor = this.colorizebg(rating.high, rating.medium, rating.low);
https_trust.text = this.rating_text(rating);
}
if (rating.type === "tls_qualys_encryption_quality"){
https_quality.bgcolor = this.colorizebg(rating.high, rating.medium, rating.low);
https_quality.text = this.rating_text(rating);
}
if (rating.type === "plain_https"){
plain_https.bgcolor = this.colorizebg(rating.high, rating.medium, rating.low);
......@@ -452,7 +458,10 @@ const report_mixin = {
if (rating.type === "security_headers_strict_transport_security")
return '<a href="https://securityheaders.io/?q=' + url.url + '" target="_blank" class="btn-sm ,"><i class="fas fa-clipboard-check"></i> ' + gettext('Second opinion') + ' (securityheaders.io)</a> ' +
'<a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security" target="_blank" class="btn-sm"><i class="fas fa-book"></i> ' + gettext('Documentation') + ' (wikipedia)</a> ';
if (rating.type === "tls_qualys")
if (rating.type === "tls_qualys_certificate_trusted")
return '<a href="https://www.ssllabs.com/ssltest/analyze.html?d=' + url.url + '&hideResults=on&latest" target="_blank" class="btn-sm ,"><i class="fas fa-clipboard-check"></i> ' + gettext('Second opinion') + ' (qualys)</a> ' +
'<a href="https://en.wikipedia.org/wiki/Transport_Layer_Security" target="_blank" class="btn-sm ,"><i class="fas fa-book"></i> ' + gettext('Documentation') + ' (wikipedia)</a> ';
if (rating.type === "tls_qualys_encryption_quality")
return '<a href="https://www.ssllabs.com/ssltest/analyze.html?d=' + url.url + '&hideResults=on&latest" target="_blank" class="btn-sm ,"><i class="fas fa-clipboard-check"></i> ' + gettext('Second opinion') + ' (qualys)</a> ' +
'<a href="https://en.wikipedia.org/wiki/Transport_Layer_Security" target="_blank" class="btn-sm ,"><i class="fas fa-book"></i> ' + gettext('Documentation') + ' (wikipedia)</a> ';
if (rating.type === "security_headers_x_xss_protection")
......@@ -864,7 +873,8 @@ function views() {
}
});
this.vulnerability_graph('timeline_tls_qualys_vulnerabilities', data.tls_qualys, 'hl');
this.vulnerability_graph('timeline_tls_qualys_certificate_trusted_vulnerabilities', data.tls_qualys_certificate_trusted, 'h');
this.vulnerability_graph('timeline_tls_qualys_encryption_quality_vulnerabilities', data.tls_qualys_encryption_quality, 'hl');
this.vulnerability_graph('timeline_missing_https_encryption_vulnerabilities', data.plain_https, 'hm');
this.vulnerability_graph('timeline_hsts_vulnerabilities', data.security_headers_strict_transport_security, 'm');
this.vulnerability_graph('timeline_xfo_vulnerabilities', data.security_headers_x_frame_options, 'm');
......@@ -1271,11 +1281,18 @@ function views() {
});
// todo: https://css-tricks.com/intro-to-vue-5-animations/
window.vueLatestTlsQualys = new Vue({
name: "latest_tls_qualys",
window.vueLatestTlsQualysCertificateTrust = new Vue({
name: "latest_tls_qualys_certificate_trusted",
mixins: [latest_mixin, state_mixin],
el: '#latest_tls_qualys_certificate_trusted',
data: {scan: "tls_qualys_certificate_trusted", element_id: "latest_tls_qualys_certificate_trusted"}
});
window.vueLatestTlsQualysEncryptionQuality = new Vue({
name: "latest_tls_qualys_encryption_quality",
mixins: [latest_mixin, state_mixin],
el: '#latest_tls_qualys',
data: {scan: "tls_qualys", element_id: "latest_tls_qualys"}
el: '#latest_tls_qualys_encryption_quality',
data: {scan: "tls_qualys_encryption_quality", element_id: "latest_tls_qualys_encryption_quality"}
});
window.vueLatestPlainHttps = new Vue({
......@@ -1363,7 +1380,8 @@ function views() {
data: {
data: null,
tls_qualys: {high: 0, medium:0, low: 0},
tls_qualys_certificate_trusted: {high: 0, medium:0, low: 0},
tls_qualys_encryption_quality: {high: 0, medium:0, low: 0},
security_headers_strict_transport_security: {high: 0, medium:0, low: 0},