cds-snc / tracker Goto Github PK
View Code? Open in Web Editor NEWCheck whether a Government of Canada domain is adhering to best security practices.
License: Other
Check whether a Government of Canada domain is adhering to best security practices.
License: Other
Write documentation outlining what happens in the processing stage to map domains onto their owners.
Currently the descriptions for the cli arguments are fairly spotty, they need to be touched up and detail added.
Current domain list has quite a few domains and organizations that likely don't need to be included, since our current list is what will be going into beta, it needs to be cleaned up
When tracker crashes, there is limited logging to support troubleshooting. Suggest bundling cached scan results so that if/when tracker crashes, there is a log of what data caused it to crash.
Tracker Insert process is used to update the database with a new domains.csv, ciphers.csv or owners.csv. Updates are appended to the existing database. If one of the csv files removes an entry, the data still remains in the database. Thus, there is no option to remove old domains, ciphers, owners that are no longer valid.
A manual process is required to drop the tables before the new files are uploaded using the Tracker Insert process. Scans would then be using the latest information when it is pulled from the database prior to execution.
We need some
Just throwing this in as a place holder, specifically within tracker/data/cli.py def run,
we're currently nuking the entire dataset at runtime which while great for freshness, is stealing away some valuable historical data.
Suggest we take a look at the backend and see how we could at least set aside previous scan results/reports/etc, even if there is no clean way to present the data currently.
#totallynotworking
Update and transfer existing data defintions into the repo where it can be useful
Following issue occurs:
File "/opt/apps/tracker/.venv/lib/python3.6/site-packages/nassl/ssl_client.py", line 165, in set_underlying_socket
raise RuntimeError('A socket was already set')
RuntimeError: A socket was already set
Proposed resolution is update the SSLYZE component.
Please capture the cert expiry date as part of the crawl so that reports and alerts can be generated from the info.
https://github.com/cds-snc/tracker/blob/master/data/processing.py#L298
Probably just want to wrap this in a try/except, and or do a quick check 'if in' to determine whether this even a valid ownership domain before continuing.
reproduce:
canada.ca in owner, and not in the domains list.
Assuming we control the input, I'd say not a huge deal, but since we don't, we probably want to assume faulty inbound data and recover gracefully where we can.
(From cds-snc/pulse#139)
Use case:
Even if we feed the scanner with a root endpoint that is secured and properly redirect to the eventual secure endpoint, tracker seems to set the canonical url to httpswww. Where there are httpswww configuration issues, it significantly impact the root domain scan result because the httpswww is chosen.
Question:
should Tracker choose to scan the secure root endpoint if Live instead of httpswww?
HSTS max age check for compliance should be changed to 18 weeks (10886400 seconds)
Incorrect relative path
pip3 install -r ../../domain-scan/requirements.txt
pip3 install -r ../../domain-scan/requirements-scanners.txt
directory user would be at this step would generate the wrong path
export DOMAIN_SCAN_PATH=$(pwd)/domain-scan/scan
export DOMAIN_GATHER_PATH=$(pwd)/domain-scan/gather
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.