tls-guardian/debug_rule_engine.py at master · sht/tls-guardian · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
#!/usr/bin/env python3
"""
Debug script to test the rule engine and see what's happening with the detailed SSL info extraction.
"""
import json
import sys
import os

# Add the current directory to the path so we can import modules
sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))

from rule_engine import evaluate_ssl_policy

def main():
    # Load a sample testssl.sh JSON output
    sample_json = {
        "Invocation": "testssl.sh --fast --jsonfile-pretty /tmp/test.json https://example.com",
        "at": "fd01b2b8b374:/usr/bin/openssl",
        "version": "3.3dev ",
        "openssl": "OpenSSL 3.5.4 from Sat Nov 1 11:22:59 2025",
        "startTime": "1768248476",
        "scanResult": [
            {
                "targetHost": "example.com",
                "ip": "104.18.27.120",
                "port": "443",
                "service": "HTTP",
                "protocols": [
                    {
                        "id": "SSLv2",
                        "severity": "OK",
                        "finding": "not offered"
                    },
                    {
                        "id": "SSLv3",
                        "severity": "OK",
                        "finding": "not offered"
                    },
                    {
                        "id": "TLS1",
                        "severity": "LOW",
                        "finding": "offered (deprecated)"
                    },
                    {
                        "id": "TLS1_1",
                        "severity": "LOW",
                        "finding": "offered (deprecated)"
                    },
                    {
                        "id": "TLS1_2",
                        "severity": "OK",
                        "finding": "offered"
                    },
                    {
                        "id": "TLS1_3",
                        "severity": "OK",
                        "finding": "offered (final)"
                    }
                ],
                "cert_issuer": "Cloudflare",
                "cert_subject": "example.com",
                "cert_keysize": "RSA 2048 bits",
                "cert_sigalg": "SHA256 with RSA",
                "cert_validity": "62 days",
                "heartbleed": [
                    {
                        "id": "heartbleed",
                        "severity": "OK",
                        "finding": "not vulnerable"
                    }
                ],
                "client_simulation": [
                    {
                        "id": "Chrome 101 (Win 10)",
                        "severity": "INFO",
                        "finding": "TLS_AES_128_GCM_SHA256"
                    }
                ]
            }
        ]
    }

    print("Sample JSON loaded.")
    print("Running evaluate_ssl_policy...")

    try:
        status, findings, detailed_info = evaluate_ssl_policy(sample_json)

        print(f"\nStatus: {status}")
        print(f"Number of findings: {len(findings)}")
        print(f"Findings: {findings}")

        print(f"\nDetailed SSL Info:")
        print(f"Protocol Info: {detailed_info.protocol_info}")
        print(f"Cipher Info: {detailed_info.cipher_info}")
        print(f"Certificate Info: {detailed_info.certificate_info}")
        print(f"Vulnerabilities: {detailed_info.vulnerabilities}")
        print(f"Handshake Simulation: {detailed_info.handshake_simulation}")
        print(f"Misc Info: {detailed_info.misc_info}")

    except Exception as e:
        print(f"Error running evaluate_ssl_policy: {e}")
        import traceback
        traceback.print_exc()

if __name__ == "__main__":
    main()