JSONDecodeError when using sslyze 4.0.4

Question

JSONDecodeError when using sslyze 4.0.4

d-steffan opened this issue 3 years ago · comments

faraday-cli: 1.0.2
sslyze: 4.0.4

The checked webserver exists and calling sslyze without faraday-cli returns valid results. The JSON at /usr/bin/faraday-cli/None is saved and contains valid data.

faraday-cli sslyze 127.0.0.1:8834
💻 Processing Sslyze JSON command

<sslyze stuff>

       Wrote JSON output to "/usr/bin/faraday-cli/None".
EXCEPTION of type 'JSONDecodeError' occurred with message: 'Expecting value: line 2 column 2 (char 2)'

The first few lines (head) of the JSON file are:

{
    "server_connectivity_errors": [],
    "server_scan_results": [
        {
            "scan_commands": [
                "certificate_info",
                "elliptic_curves",
                "heartbleed",
                "openssl_ccs_injection",
                "robot",

In case the char used for indentation is the problem, heres the hexdump of head:

00000000: 7b0a 2020 2020 2273 6572 7665 725f 636f  {.    "server_co
00000010: 6e6e 6563 7469 7669 7479 5f65 7272 6f72  nnectivity_error
00000020: 7322 3a20 5b5d 2c0a 2020 2020 2273 6572  s": [],.    "ser
00000030: 7665 725f 7363 616e 5f72 6573 756c 7473  ver_scan_results
00000040: 223a 205b 0a20 2020 2020 2020 207b 0a20  ": [.        {. 
00000050: 2020 2020 2020 2020 2020 2022 7363 616e             "scan
00000060: 5f63 6f6d 6d61 6e64 7322 3a20 5b0a 2020  _commands": [.  
00000070: 2020 2020 2020 2020 2020 2020 2020 2263                "c
00000080: 6572 7469 6669 6361 7465 5f69 6e66 6f22  ertificate_info"
00000090: 2c0a 2020 2020 2020 2020 2020 2020 2020  ,.              
000000a0: 2020 2265 6c6c 6970 7469 635f 6375 7276    "elliptic_curv
000000b0: 6573 222c 0a20 2020 2020 2020 2020 2020  es",.           
000000c0: 2020 2020 2022 6865 6172 7462 6c65 6564       "heartbleed
000000d0: 222c 0a20 2020 2020 2020 2020 2020 2020  ",.             
000000e0: 2020 2022 6f70 656e 7373 6c5f 6363 735f     "openssl_ccs_
000000f0: 696e 6a65 6374 696f 6e22 2c0a 2020 2020  injection",.    
00000100: 2020 2020 2020 2020 2020 2020 2272 6f62              "rob
00000110: 6f74 222c 0a                             ot",.

Nicolas Rebagliati · Answer 1 · Wed Mar 10 2021 21:34:53 GMT+0800 (China Standard Time)

You executed a sslyze command and that generated the error and created a file called "/usr/bin/faraday-cli/None"??

Can you send us the full command (change the domain or other sensitive information)?

d-steffan · Answer 2 · Wed Mar 10 2021 21:35:11 GMT+0800 (China Standard Time)

if i process_report it also fails unless i change the extension to .json:

[ws:testcli]> process_report /usr/bin/faraday-cli/None
❌ Failed to detect report: /usr/bin/faraday-cli/None
[ws:testcli]> shell mv /usr/bin/faraday-cli/None /usr/bin/faraday-cli/None.json
[ws:testcli]> process_report /usr/bin/faraday-cli/None.json
📄 Processing Sslyze JSON report
⬆ Sending data to workspace: testcli
✔ Done

unfortunately setting the json_out in sslyze doesn't work for faraday, it always exports the file as "None"

d-steffan · Answer 3 · Wed Mar 10 2021 21:36:12 GMT+0800 (China Standard Time)

You executed a sslyze command and that generated the error and created a file called "/usr/bin/faraday-cli/None"??

Can you send us the full command (change the domain or other sensitive information)?

the full command is in my first comment:

faraday-cli sslyze 127.0.0.1:8834

d-steffan · Answer 4 · Wed Mar 10 2021 21:38:24 GMT+0800 (China Standard Time)

[ws:testcli]> sslyze 127.0.0.1:8834 --json_out=/tmp/sslyze-report.json
💻 Processing Sslyze JSON command

 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   127.0.0.1:8834                      => 127.0.0.1 

<sslyze stuff>

 SCAN COMPLETED IN 12.14 S
 -------------------------

       Wrote JSON output to "/usr/bin/faraday-cli/None".
EXCEPTION of type 'JSONDecodeError' occurred with message: 'Expecting value: line 2 column 2 (char 2)'

seems like faraday-cli overwrites --json_out ?

Nicolas Rebagliati · Answer 5 · Wed Mar 10 2021 21:41:22 GMT+0800 (China Standard Time)

[ws:testcli]> sslyze 127.0.0.1:8834 --json_out=/tmp/sslyze-report.json
💻 Processing Sslyze JSON command

 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   127.0.0.1:8834                      => 127.0.0.1 

<sslyze stuff>

 SCAN COMPLETED IN 12.14 S
 -------------------------

       Wrote JSON output to "/usr/bin/faraday-cli/None".
EXCEPTION of type 'JSONDecodeError' occurred with message: 'Expecting value: line 2 column 2 (char 2)'

seems like faraday-cli overwrites --json_out ?

Yes, the plugins generally modifiy the commands to send the output files to a specific place.
So the output can be parsed after.
Les me see the issue here, its probably a bug in the sslyze plugin and not the cli

Nicolas Rebagliati · Answer 6 · Wed Mar 10 2021 21:46:13 GMT+0800 (China Standard Time)

@d-steffan Yes the bug is in the plugin.
Here is a way to debug, with faraday-plugin you can test a command and see the modified command without executing it.

faraday-plugins process-command -dr "sslyze 127.0.0.1:8834"
Command:  sslyze --json_out None 127.0.0.1:8834

Look how it changes the command but is sets None as the output.

For a workaround run the command manually and us process_report like you did in the example.
I will open an issue in faraday-plugins.
Thanks

d-steffan · Answer 7 · Wed Mar 10 2021 21:48:24 GMT+0800 (China Standard Time)

Alright, thanks for the quick response and have a nice day!

Nicolas Rebagliati · Answer 8 · Thu Mar 11 2021 00:06:22 GMT+0800 (China Standard Time)

@d-steffan I have fixed the issue, run

pip install -U faraday-plugins