Closed mejofi closed 4 months ago
This one is interesting. It works for me:
> python3 -m ready.ready ur.nl --json --quiet | jq '.checks|keys|map(select(startswith("ssl")))'
[
"ssl_dns_caa",
"ssl_dns_caa_accounturi",
"ssl_dns_caa_validationmethods",
"ssl_hsts",
"ssl_hsts_duration",
"ssl_hsts_preload",
"ssl_hsts_subdomains",
"ssl_tls_1_0",
"ssl_tls_1_1"
]
and
python3 -m ready.ready example.org --json --quiet | jq '.checks|keys|map(select(startswith("ssl")))'
[
"ssl_dns_caa",
"ssl_dns_caa_accounturi",
"ssl_dns_caa_validationmethods",
"ssl_hsts",
"ssl_hsts_duration",
"ssl_hsts_preload",
"ssl_hsts_subdomains",
"ssl_tls_1_0",
"ssl_tls_1_1"
]
If the checks don't return properly it's possible that they aren't included in the output. I'll have a deeper look into them later today and try to get the same output as you.
Yeah, that's what I get here, too;
$ ready ur.nl --json --quiet | jq '.checks|keys|map(select(startswith("ssl")))'
[
"ssl_dns_caa",
"ssl_dns_caa_accounturi",
"ssl_dns_caa_validationmethods",
"ssl_hsts",
"ssl_hsts_duration",
"ssl_hsts_preload",
"ssl_hsts_subdomains",
"ssl_tls_1_0",
"ssl_tls_1_1"
]
But notice that none of these are the actual certificate tests, but the CAA, HSTS, and TLS version tests, instead?
And with a different filter;
$ ready --check-filter=expiry ur.nl
Domain: ur.nl, Domain (no path): ur.nl, First Level Domain: ur.nl
[ OK ] SSL expiry should be less than one year (59 days)
[ OK ] SSL expiry should be greater than five days (59 days)
$ ready --check-filter=expiry --json --quiet ur.nl
{
"domain": "ur.nl",
"score": 100,
"checks": {},
"when": "2024-02-27T20:53:50Z",
"version": "1.2.5"
}
it does not show any tests at all?
Oh right, I see! I've found the issue – those checks weren't returning the result. Thanks for picking this up!
Release incoming.
This should be resolved in the latest release.
> ready brntn.me --json --quiet | jq '.checks|keys|map(select(startswith("ssl")))'
[
"ssl_dns_caa",
"ssl_dns_caa_accounturi",
"ssl_dns_caa_validationmethods",
"ssl_expiry_max",
"ssl_expiry_min",
"ssl_hsts",
"ssl_hsts_duration",
"ssl_hsts_preload",
"ssl_hsts_subdomains",
"ssl_tls_1_0",
"ssl_tls_1_1",
"ssl_trusted"
]
Yup, there it is!
$ ready --check-filter=expiry --json --quiet ur.nl
{
"domain": "ur.nl",
"score": 100,
"checks": {
"ssl_expiry_max": {
"passed": true,
"message": "SSL expiry should be less than one year (59 days)"
},
"ssl_expiry_min": {
"passed": true,
"message": "SSL expiry should be greater than five days (59 days)"
}
},
"when": "2024-02-27T22:15:05Z",
"version": "1.2.6"
}
$ ready ur.nl --json --quiet | jq '.checks|keys|map(select(startswith("ssl")))'
[
"ssl_dns_caa",
"ssl_dns_caa_accounturi",
"ssl_dns_caa_validationmethods",
"ssl_expiry_max",
"ssl_expiry_min",
"ssl_hsts",
"ssl_hsts_duration",
"ssl_hsts_preload",
"ssl_hsts_subdomains",
"ssl_tls_1_0",
"ssl_tls_1_1",
"ssl_trusted"
]
Thanks! 🙂
It looks like the JSON output is missing the results of the SSL certificate tests? Compare this, for example;
with this;
This happens both with and without the use of a
--check-filter
parameter.