Merge pull request #22 from gattjoe/develop

updated deps, type checking and pylint fixes
MetLife · Aug 11, 2020 · 8ee78ea · 8ee78ea
2 parents 2873904 + 849ad74
commit 8ee78ea
Show file tree

Hide file tree

Showing 6 changed files with 194 additions and 151 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,4 +15,9 @@
 # v2.0.0
 - Upgraded [SSLyze](https://github.com/nabla-c0d3/sslyze) to 3.x
 - Added several TLS 1.2 ciphers to the "policy" scan type as "weak"
-- Added scan type and port to result set
+- Added scan type and port to result set
+
+# v2.1.0
+- Upgraded dnspython to 2.0.x and fixed deprecated call to dns.resolver.query()
+- Upgraded validators to 0.17
+- Various pylint and type checking fixes
diff --git a/SSLChecker/SSLChecker/main.py b/SSLChecker/SSLChecker/main.py
@@ -80,6 +80,7 @@ def pre_scan_check(req: func.HttpRequest) -> Tuple[str, str, str, int, str]:
     scan_type = req.route_params.get('scan')
     view = req.route_params.get('view')
     target = req.route_params.get('target')
+    # Default to TCP 443 if no port is passed
     port = req.route_params.get('port', '443')
     port = verify_port(port)
 
@@ -105,6 +106,8 @@ def pre_scan_check(req: func.HttpRequest) -> Tuple[str, str, str, int, str]:
                             ERROR_MSG_MISSING_DNS_SERVER)
 
     # See if a valid IP was passed, else check if it was a valid DNS name
+    ip = ""
+
     try:
         if ipaddress.IPv4Address(target):
             ip = target
@@ -116,7 +119,11 @@ def pre_scan_check(req: func.HttpRequest) -> Tuple[str, str, str, int, str]:
         """ Try to resolve the DNS name to an IP to ensure it exists.
         We use the IP in the scan so that we can record which one we tested
         which can be useful. """
-        ip = shared_dns.resolve_dns(DNSVIEW.get(view), target)
+
+        # Ignore type error on get(key) as it defaults to None
+        # https://docs.python.org/3/library/stdtypes.html#dict.get
+        # I check that the key exists
+        ip = shared_dns.resolve_dns(DNSVIEW.get(view), target)  # type: ignore
 
     return scan_type, view, target, port, ip
 
@@ -174,7 +181,7 @@ def query_scanner_precheck(url: str,
 
     target = params['target']
     scan_type = 'full'
-    port = '443'
+    port = 443
     nameserver = None
 
     for param in params:
@@ -198,6 +205,8 @@ def query_scanner_precheck(url: str,
             nameserver = INTERNAL_DNS
 
     # See if a valid IP was passed, else check if it was a valid DNS name
+    ip = ""
+
     try:
         if ipaddress.IPv4Address(target):
             ip = target

diff --git a/SSLChecker/requirements.txt b/SSLChecker/requirements.txt
@@ -1,7 +1,7 @@
 azure-functions
-dnspython==1.16.0
+dnspython==2.00.0
 requests==2.22.0
 sslyze==3.0.8
-validators==0.15.0
+validators==0.17.1
 typing-extensions==3.7.4.2
 pytest==5.4.3
diff --git a/SSLChecker/sharedcode/scanner.py b/SSLChecker/sharedcode/scanner.py
@@ -83,8 +83,11 @@ def scan(target, ip, port, view, suite):
     results.set_result(scan_output, "View", view)
 
     scanner = Scanner()
+    # Ignore type error on get(key) as it defaults to None
+    # https://docs.python.org/3/library/stdtypes.html#dict.get
+    # We supply the values in the dict
     server_scan_req = ServerScanRequest(
-        server_info=server_info, scan_commands=CIPHER_SUITES.get(suite)
+        server_info=server_info, scan_commands=CIPHER_SUITES.get(suite)  # type: ignore
     )
     scanner.queue_scan(server_scan_req)
 

diff --git a/SSLChecker/sharedcode/shared_dns.py b/SSLChecker/sharedcode/shared_dns.py
@@ -45,18 +45,20 @@ def _init_resolver(dnsserver: ip, timeout: int, lifetime: int) -> resolver.Resol
 
 
 def resolve_dns(
-    dnsserver: ip, dnsname: fqdn, timeout: int = 3, lifetime: int = 3
-) -> ip:
+        dnsserver: ip, dnsname: fqdn,
+        timeout: int = 3, lifetime: int = 3
+        ) -> ip:
     """ Resolve dns name """
     _iplist = []  # results
 
     res = _init_resolver(dnsserver, timeout, lifetime)
 
     try:
-        answers = res.query(dnsname, "A")  # explicit query for A record
-        for answer in answers:
+        answers = res.resolve(dnsname, search=False)  # explicit query for A record
+        for answer in answers.rrset:
             _iplist.append(answer.address)
         return _iplist[0]  # Return the first IP of the DNS Answer
+
     except resolver.NoAnswer:
         raise DNSError(
             "DNS No Answer", f"No Answer for {dnsname} using nameserver {dnsserver}"
@@ -98,7 +100,7 @@ def parse_name(name: str) -> fqdn:
         dns_name_candidate = parsed_name.path
 
     # The below ensures a valid domain was supplied
-    if domain(dns_name_candidate):
-        return dns_name_candidate
-    else:
+    if not domain(dns_name_candidate):
         raise InvalidFQDN("Invalid FQDN", f"{name} is not a valid FQDN")
+
+    return dns_name_candidate