search

nabla-c0d3 / sslyze

Fast and powerful SSL/TLS scanning library.
GNU Affero General Public License v3.0
3.28k stars 454 forks source link

[Bug] Exporting results to JSON causes sslyze to crash #593

Closed 0xInfection closed 1 year ago

0xInfection commented 1 year ago

Describe the bug SSLyze crashes on certain targets using self-signed certificates when writing output to JSON.

To Reproduce Steps to reproduce the behavior:

  1. Install latest 5.1.1 sslyze from pip
  2. Run the following command: python3 -m sslyze --certinfo 219.94.245.254:443 --json_out -.
  3. Scan completes, but crashes with: 
    File "/usr/local/lib/python3.7/runpy.py", line 193, in _run_module_as_main
"__main__", mod_spec)
File "/usr/local/lib/python3.7/runpy.py", line 85, in _run_code
exec(code, run_globals)
File "/home/x/.local/lib/python3.7/site-packages/sslyze/__main__.py", line 139, in <module>
main()
File "/home/x/.local/lib/python3.7/site-packages/sslyze/__main__.py", line 78, in main
server_scan_results=[ServerScanResultAsJson.from_orm(result) for result in all_server_scan_results],
File "/home/x/.local/lib/python3.7/site-packages/sslyze/__main__.py", line 78, in <listcomp>
server_scan_results=[ServerScanResultAsJson.from_orm(result) for result in all_server_scan_results],
File "/home/x/.local/lib/python3.7/site-packages/sslyze/json/json_output.py", line 197, in from_orm
scan_result_as_json = AllScanCommandsAttemptsAsJson.from_orm(server_scan_result.scan_result)
File "/home/x/.local/lib/python3.7/site-packages/sslyze/json/json_output.py", line 92, in from_orm
result=scan_command_attempt.result,
File "pydantic/main.py", line 342, in pydantic.main.BaseModel.__init__
pydantic.error_wrappers.ValidationError: 5 validation errors for CertificateInfoScanAttemptAsJson
result -> certificate_deployments -> 0 -> path_validation_results -> 0 -> openssl_error_string
str type expected (type=type_error.str)
result -> certificate_deployments -> 0 -> path_validation_results -> 1 -> openssl_error_string
str type expected (type=type_error.str)
result -> certificate_deployments -> 0 -> path_validation_results -> 2 -> openssl_error_string
str type expected (type=type_error.str)
result -> certificate_deployments -> 0 -> path_validation_results -> 3 -> openssl_error_string
str type expected (type=type_error.str)
result -> certificate_deployments -> 0 -> path_validation_results -> 4 -> openssl_error_string
str type expected (type=type_error.str)

Expected behavior sslyze should not crash and cleanly write the output to the json file.

Python environment (please complete the following information):

Additional context Add any other context about the problem here.

nabla-c0d3 commented 1 year ago

Hello! I am not able to reproduce this crash when I run the exact same command with SSLyze 5.1.3 so I will close this issue. Feel free to re-open it if the issue is still happening on your side. Thanks!