pub/compliance-scan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: split large functions and reduce code duplication

Browse Source
This commit is contained in:
Heiko
2026-01-20 19:40:29 +01:00
parent adc3287df4
commit 2b27138b2a
2 changed files with 156 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/detailed-guide.md
View File

@@ -322,11 +322,17 @@ tests/
### Database Writing ### Database Writing
| Function | Module | Purpose | | Function | Module | Purpose |
| ---------------------------------------------------------------------------- | ------------------ | --------------------------------------- | | -------------------------------------------------------------------------------------- | ------------------ | ----------------------------------------------- |
| `save_scan_results(db_path, hostname, ports, results, start_time, duration)` | `db/writer.py` | Store all scan results, returns scan_id | | `save_scan_results(db_path, hostname, ports, results, start_time, duration)` | `db/writer.py` | Store all scan results, returns scan_id |
| `check_compliance(db_path, scan_id)` | `db/compliance.py` | Validate compliance, returns statistics | | `check_compliance(db_path, scan_id)` | `db/compliance.py` | Validate compliance, returns statistics |
| `check_schema_version(db_path)` | `db/schema.py` | Verify schema compatibility | | `check_schema_version(db_path)` | `db/schema.py` | Verify schema compatibility |
| `get_schema_version(db_path)` | `db/schema.py` | Get current schema version | | `get_schema_version(db_path)` | `db/schema.py` | Get current schema version |
| `_save_session_features(cursor, scan_id, port, scan_result)` | `db/writer.py` | Save session renegotiation and resumption data |
| `_save_session_renegotiation(cursor, scan_id, port, renegotiation_result)` | `db/writer.py` | Save session renegotiation data |
| `_save_session_resumption(cursor, scan_id, port, resumption_result)` | `db/writer.py` | Save session resumption data |
| `_extract_resumption_data(resumption_result)` | `db/writer.py` | Extract session resumption data from result |
| `_save_cipher_suites(cursor, scan_id, port, scan_result, tls_version)` | `db/writer.py` | Save cipher suites for specific TLS version |
| `_save_cipher_suite_list(cursor, scan_id, port, tls_version, cipher_suites, accepted)` | `db/writer.py` | Helper function to save a list of cipher suites |
### Database Querying ### Database Querying

142
src/sslysze_scan/db/writer.py
View File

@@ -252,30 +252,32 @@ def _save_cipher_suites(
if not cipher_result: if not cipher_result:
return return
# Insert accepted cipher suites # Save accepted and rejected cipher suites
for accepted_cipher in cipher_result.accepted_cipher_suites: _save_cipher_suite_list(
cursor.execute( cursor, scan_id, port, tls_version, cipher_result.accepted_cipher_suites, True
"""
INSERT INTO scan_cipher_suites (
scan_id, port, tls_version, cipher_suite_name, accepted,
iana_value, key_size, is_anonymous
) VALUES (?, ?, ?, ?, ?, ?, ?, ?)
""",
(
scan_id,
port,
tls_version,
accepted_cipher.cipher_suite.name,
True,
None, # IANA value mapping would go here
accepted_cipher.cipher_suite.key_size,
accepted_cipher.cipher_suite.is_anonymous,
),
) )
# Insert rejected cipher suites (if available)
if hasattr(cipher_result, "rejected_cipher_suites"): if hasattr(cipher_result, "rejected_cipher_suites"):
for rejected_cipher in cipher_result.rejected_cipher_suites: _save_cipher_suite_list(
cursor,
scan_id,
port,
tls_version,
cipher_result.rejected_cipher_suites,
False,
)
def _save_cipher_suite_list(
cursor: sqlite3.Cursor,
scan_id: int,
port: int,
tls_version: str,
cipher_suites: list,
accepted: bool,
) -> None:
"""Helper function to save a list of cipher suites."""
for cipher in cipher_suites:
cursor.execute( cursor.execute(
""" """
INSERT INTO scan_cipher_suites ( INSERT INTO scan_cipher_suites (
@@ -287,11 +289,11 @@ def _save_cipher_suites(
scan_id, scan_id,
port, port,
tls_version, tls_version,
rejected_cipher.cipher_suite.name, cipher.cipher_suite.name,
False, accepted,
None, None, # IANA value mapping would go here
rejected_cipher.cipher_suite.key_size, cipher.cipher_suite.key_size,
rejected_cipher.cipher_suite.is_anonymous, cipher.cipher_suite.is_anonymous,
), ),
) )
@@ -726,8 +728,24 @@ def _save_session_features(
# Session Renegotiation # Session Renegotiation
renegotiation_attempt = scan_result.scan_result.session_renegotiation renegotiation_attempt = scan_result.scan_result.session_renegotiation
if renegotiation_attempt.status == ScanCommandAttemptStatusEnum.COMPLETED: if renegotiation_attempt.status == ScanCommandAttemptStatusEnum.COMPLETED:
renegotiation_result = renegotiation_attempt.result _save_session_renegotiation(cursor, scan_id, port, renegotiation_attempt.result)
if renegotiation_result:
# Session Resumption
resumption_attempt = scan_result.scan_result.session_resumption
if resumption_attempt.status == ScanCommandAttemptStatusEnum.COMPLETED:
_save_session_resumption(cursor, scan_id, port, resumption_attempt.result)
def _save_session_renegotiation(
cursor: sqlite3.Cursor,
scan_id: int,
port: int,
renegotiation_result: Any,
) -> None:
"""Save session renegotiation data."""
if not renegotiation_result:
return
client_initiated = ( client_initiated = (
hasattr(renegotiation_result, "is_client_renegotiation_supported") hasattr(renegotiation_result, "is_client_renegotiation_supported")
and renegotiation_result.is_client_renegotiation_supported and renegotiation_result.is_client_renegotiation_supported
@@ -736,6 +754,7 @@ def _save_session_features(
hasattr(renegotiation_result, "supports_secure_renegotiation") hasattr(renegotiation_result, "supports_secure_renegotiation")
and renegotiation_result.supports_secure_renegotiation and renegotiation_result.supports_secure_renegotiation
) )
cursor.execute( cursor.execute(
""" """
INSERT INTO scan_session_features ( INSERT INTO scan_session_features (
@@ -758,11 +777,46 @@ def _save_session_features(
), ),
) )
# Session Resumption
resumption_attempt = scan_result.scan_result.session_resumption def _save_session_resumption(
if resumption_attempt.status == ScanCommandAttemptStatusEnum.COMPLETED: cursor: sqlite3.Cursor,
resumption_result = resumption_attempt.result scan_id: int,
if resumption_result: port: int,
resumption_result: Any,
) -> None:
"""Save session resumption data."""
if not resumption_result:
return
session_id_supported, ticket_supported, attempted, successful = (
_extract_resumption_data(resumption_result)
)
cursor.execute(
"""
INSERT INTO scan_session_features (
scan_id, port, feature_type, client_initiated, secure,
session_id_supported, ticket_supported,
attempted_resumptions, successful_resumptions, details
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
""",
(
scan_id,
port,
"session_resumption",
None,
None,
session_id_supported,
ticket_supported,
attempted,
successful,
None,
),
)
def _extract_resumption_data(resumption_result: Any) -> tuple[bool, bool, int, int]:
"""Extract session resumption data from result."""
session_id_supported = False session_id_supported = False
ticket_supported = False ticket_supported = False
attempted = 0 attempted = 0
@@ -795,27 +849,7 @@ def _save_session_features(
if hasattr(ticket_resumption, "successful_resumptions_count"): if hasattr(ticket_resumption, "successful_resumptions_count"):
successful += ticket_resumption.successful_resumptions_count successful += ticket_resumption.successful_resumptions_count
cursor.execute( return session_id_supported, ticket_supported, attempted, successful
"""
INSERT INTO scan_session_features (
scan_id, port, feature_type, client_initiated, secure,
session_id_supported, ticket_supported,
attempted_resumptions, successful_resumptions, details
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
""",
(
scan_id,
port,
"session_resumption",
None,
None,
session_id_supported,
ticket_supported,
attempted,
successful,
None,
),
)
def _save_http_headers( def _save_http_headers(