Giters

nabla-c0d3 / sslyze

Fast and powerful SSL/TLS scanning library.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Bug] Exporting results to JSON causes sslyze to crash

0xInfection opened this issue · comments

commented

Describe the bug
SSLyze crashes on certain targets using self-signed certificates when writing output to JSON.

To Reproduce
Steps to reproduce the behavior:

  1. Install latest 5.1.1 sslyze from pip
  2. Run the following command: python3 -m sslyze --certinfo 219.94.245.254:443 --json_out -.
  3. Scan completes, but crashes with:
File "/usr/local/lib/python3.7/runpy.py", line 193, in _run_module_as_main
  "__main__", mod_spec)
File "/usr/local/lib/python3.7/runpy.py", line 85, in _run_code
  exec(code, run_globals)
File "/home/x/.local/lib/python3.7/site-packages/sslyze/__main__.py", line 139, in <module>
  main()
File "/home/x/.local/lib/python3.7/site-packages/sslyze/__main__.py", line 78, in main
  server_scan_results=[ServerScanResultAsJson.from_orm(result) for result in all_server_scan_results],
File "/home/x/.local/lib/python3.7/site-packages/sslyze/__main__.py", line 78, in <listcomp>
  server_scan_results=[ServerScanResultAsJson.from_orm(result) for result in all_server_scan_results],
File "/home/x/.local/lib/python3.7/site-packages/sslyze/json/json_output.py", line 197, in from_orm
  scan_result_as_json = AllScanCommandsAttemptsAsJson.from_orm(server_scan_result.scan_result)
File "/home/x/.local/lib/python3.7/site-packages/sslyze/json/json_output.py", line 92, in from_orm
  result=scan_command_attempt.result,
File "pydantic/main.py", line 342, in pydantic.main.BaseModel.__init__
pydantic.error_wrappers.ValidationError: 5 validation errors for CertificateInfoScanAttemptAsJson
result -> certificate_deployments -> 0 -> path_validation_results -> 0 -> openssl_error_string
str type expected (type=type_error.str)
result -> certificate_deployments -> 0 -> path_validation_results -> 1 -> openssl_error_string
str type expected (type=type_error.str)
result -> certificate_deployments -> 0 -> path_validation_results -> 2 -> openssl_error_string
str type expected (type=type_error.str)
result -> certificate_deployments -> 0 -> path_validation_results -> 3 -> openssl_error_string
str type expected (type=type_error.str)
result -> certificate_deployments -> 0 -> path_validation_results -> 4 -> openssl_error_string
str type expected (type=type_error.str)

Expected behavior
sslyze should not crash and cleanly write the output to the json file.

Python environment (please complete the following information):

  • OS: Debian 11 (bullseye)
  • Python version: v3.7.15

Additional context
Add any other context about the problem here.

commented

Hello!
I am not able to reproduce this crash when I run the exact same command with SSLyze 5.1.3 so I will close this issue. Feel free to re-open it if the issue is still happening on your side. Thanks!