mirror of
https://github.com/PucelaBits/websegura.git
synced 2024-05-29 10:43:27 +02:00
fix: dmarc crawling & broken links (#245)
This commit is contained in:
parent
ff4a6a3c81
commit
d8b3d5e6a8
50
.eleventy.js
50
.eleventy.js
|
@ -66,13 +66,7 @@ const filenameToData = (f) => ({
|
|||
let results;
|
||||
try {
|
||||
results = JSON.parse(
|
||||
fs.readFileSync(
|
||||
`_data/results/${obj.url.replace(
|
||||
new RegExp("\\.", "g"),
|
||||
"!"
|
||||
)}.json`,
|
||||
"utf8"
|
||||
)
|
||||
fs.readFileSync(`_data/results/${obj.url.replace(/\./g, "!")}.json`, "utf8")
|
||||
);
|
||||
} catch (e) {
|
||||
// Los resultados aún no están disponibles.
|
||||
|
@ -141,6 +135,20 @@ const filenameToData = (f) => ({
|
|||
}
|
||||
})();
|
||||
|
||||
function createEmailSummaryFile() {
|
||||
const result = {};
|
||||
const sites = glob.sync("_data/results/dmarc/*.json");
|
||||
for (const site of sites) {
|
||||
const siteData = fs.readFileSync(site, "utf8");
|
||||
if (siteData.length > 0) { // sites where dmarc analysis was not possible are empty
|
||||
const siteName = /^_data\/results\/dmarc\/(.*)\.json$/.exec(site)[1].replace(/!/g, ".");
|
||||
const siteData = JSON.parse(fs.readFileSync(site, "utf8"));
|
||||
result[siteName] = siteData;
|
||||
}
|
||||
}
|
||||
return result;
|
||||
};
|
||||
|
||||
module.exports = function (eleventyConfig) {
|
||||
eleventyConfig.addPassthroughCopy("assets");
|
||||
eleventyConfig.addPassthroughCopy("images");
|
||||
|
@ -210,23 +218,23 @@ module.exports = function (eleventyConfig) {
|
|||
})
|
||||
);
|
||||
|
||||
const dmarcSummary = createEmailSummaryFile();
|
||||
// make the dmarc summary available to the templates instead of writing it to disk
|
||||
eleventyConfig.addCollection("dmarcSummary", () => dmarcSummary);
|
||||
|
||||
// Filters values with DMARC and SPF with specific valid option (true or false)
|
||||
// Only values where SPF AND DMARC is valid, are considered valid
|
||||
// Values where SPF OR DMARC is not valid, are considered invalid
|
||||
// Only policy p=reject is considered valid/secure
|
||||
// FIXME: For some reason the results.dmarc.summary is an Object not and Array
|
||||
eleventyConfig.addFilter("isDmarcValid", (value, valid) => {
|
||||
const filter = valid
|
||||
? (v) => v.spf.valid === valid && v.dmarc.valid === valid && v.dmarc.record.includes('p=reject')
|
||||
: (v) => v.spf.valid === valid || v.dmarc.valid === valid || !v.dmarc.record.includes('p=reject');
|
||||
eleventyConfig.addFilter("dmarc_valid", (value, valid=true) => {
|
||||
const dmarcFilter = valid
|
||||
? (web) => { const v = dmarcSummary[web.url]; return v.spf.valid === valid && v.dmarc.valid === valid && v.dmarc.record.includes('p=reject') }
|
||||
: (web) => { const v = dmarcSummary[web.url]; return v.spf.valid === valid || v.dmarc.valid === valid || !v.dmarc.record.includes('p=reject') };
|
||||
|
||||
return Object.values(value).filter(filter);
|
||||
return value.filter(web => dmarcSummary[web.url])
|
||||
.filter(dmarcFilter);
|
||||
});
|
||||
|
||||
const dmarcSummary = JSON.parse(
|
||||
fs.readFileSync(`_data/results/dmarc/summary.json`, "utf8")
|
||||
);
|
||||
|
||||
eleventyConfig.addFilter("dmarc_secure", (url) => {
|
||||
const dmarc_info = dmarcSummary[url];
|
||||
if (dmarc_info) {
|
||||
|
@ -243,8 +251,16 @@ module.exports = function (eleventyConfig) {
|
|||
}
|
||||
});
|
||||
|
||||
eleventyConfig.addFilter("canonical", (url) => {
|
||||
return url.replace(/^www\./, "")
|
||||
.replace("http:", "")
|
||||
.replace("https:", "")
|
||||
.replace("/", "");
|
||||
});
|
||||
|
||||
// % de webs seguras
|
||||
eleventyConfig.addFilter("safeScore", getSafeScore);
|
||||
|
||||
// % de emails protegidos
|
||||
eleventyConfig.addFilter("emailScore", getEmailScore);
|
||||
|
||||
|
|
11
.github/workflows/analyze_dmarc.yml
vendored
11
.github/workflows/analyze_dmarc.yml
vendored
|
@ -29,8 +29,15 @@ jobs:
|
|||
# Using the API would be more flexible, but this is easier to implement for now.
|
||||
- name: Check DMARC information about public sites
|
||||
run: |
|
||||
SITES=$(find {_data/general.json,_data/{comunidades,provincias}/*.json} | xargs cat | jq -r .webs[].url | sed 's/www.//g')
|
||||
checkdmarc --skip-tls --timeout 3 ${SITES} | jq 'INDEX(.domain)' > _data/results/dmarc/summary.json
|
||||
SITES=$(find {_data/general.json,_data/{comunidades,provincias}/*.json} | xargs cat | jq -r .webs[].url)
|
||||
for site in $SITES;
|
||||
do
|
||||
CANONICAL_SITE=$(echo $site | sed 's/^www.//g')
|
||||
ESCAPED_SITE=$(echo $site | sed 's/\./!/g')
|
||||
OUTPUT_FILE="_data/results/dmarc/$ESCAPED_SITE.json"
|
||||
echo "Checking $site to $OUTPUT_FILE"
|
||||
checkdmarc --skip-tls --nameserver=1.0.0.1 --timeout 3 ${CANONICAL_SITE} > $OUTPUT_FILE
|
||||
done
|
||||
|
||||
# The resulting commit will not trigger another GitHub Actions Workflow run.
|
||||
# This is due to limitations set by GitHub.
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -60,8 +60,8 @@
|
|||
|
||||
<ul class="iconify">
|
||||
<li><a href="https://observatory.mozilla.org/analyze/{{ web.url }}">🖥 Informe técnico del análisis de la web</a></li>
|
||||
<li><a href="https://dmarcguide.globalcyberalliance.org/#/tool-select?d={{ web.url | replace('www.', '') }}&r=s&s=none&lang=es"> ✉️ Informe técnico del análisis del email</a></li>
|
||||
<li><a href="https://dnssec-analyzer.verisignlabs.com/{{ web.url | replace('www.', '') }}">🌐 Informe técnico de la seguridad del nombre de dominio</a></li>
|
||||
<li><a href="https://dmarcguide.globalcyberalliance.org/#/tool-select?d={{ web.url | canonical }}&r=s&s=none&lang=es"> ✉️ Informe técnico del análisis del email</a></li>
|
||||
<li><a href="https://dnssec-analyzer.verisignlabs.com/{{ web.url | canonical }}">🌐 Informe técnico de la seguridad del nombre de dominio</a></li>
|
||||
</ul>
|
||||
|
||||
{% if (web.twitter) and (results.score < 70) %}
|
||||
|
|
|
@ -9,23 +9,22 @@
|
|||
</thead>
|
||||
<tbody>
|
||||
{% for web in webs | sort(reverse=true, attribute = "score") %}
|
||||
{% if web %}
|
||||
{% if web.state === 'FINISHED' %}
|
||||
<tr class="{{ web | color }}">
|
||||
<td>
|
||||
<a href="/w/{{ web.url | replace('.', '!') }}" title="{{ web | abbr }}">
|
||||
{% if not web.url | dmarc_secure %}
|
||||
<span class="phishing" title="Vulnerable a suplantación de identidad de emails"><img src="/images/phishing.png"></span>
|
||||
{% endif %}
|
||||
{% if web.tests_passed < 5 %}☠️{% else %}{{ web.grade }}{% endif %}
|
||||
</a>
|
||||
</td>
|
||||
<td>
|
||||
<a href="/w/{{ web.url | replace('.', '!') }}" title="{{ web.name }}">{{ web.url | replace("www.", "") }}</a>
|
||||
</td>
|
||||
<td>
|
||||
{% if (web.twitter) and (web.score < 70) %}
|
||||
<a class="twitter-share-button" href="https://twitter.com/intent/tweet/?text={{ 'Hola @' + web.twitter + '
|
||||
{% if web.state === 'FINISHED' %}
|
||||
<tr class="{{ web | color }}">
|
||||
<td>
|
||||
<a href="/w/{{ web.url | replace('.', '!') }}" title="{{ web | abbr }}">
|
||||
{% if not web.url | dmarc_secure %}
|
||||
<span class="phishing" title="Vulnerable a suplantación de identidad de emails"><img src="/images/phishing.png"></span>
|
||||
{% endif %}
|
||||
{% if web.tests_passed < 5 %}☠️{% else %}{{ web.grade }}{% endif %}
|
||||
</a>
|
||||
</td>
|
||||
<td>
|
||||
<a href="/w/{{ web.url | replace('.', '!') }}" title="{{ web.name }}">{{ web.url | replace("www.", "") }}</a>
|
||||
</td>
|
||||
<td>
|
||||
{% if (web.twitter) and (web.score < 70) %}
|
||||
<a class="twitter-share-button" href="https://twitter.com/intent/tweet/?text={{ 'Hola @' + web.twitter + '
|
||||
|
||||
🔒 La seguridad de vuestra web y usuarios puede ser comprometida si no actualizáis vuestras conexiones seguras (HTTPS).
|
||||
⚠️ ¡Por favor, revisadlo cuanto antes!
|
||||
|
@ -33,21 +32,20 @@
|
|||
https://websegura.pucelabits.org'| urlEncode }}{{ path }}{{ '?pk_campaign=HazseloSaber&pk_source=twitter
|
||||
|
||||
#websegura /vía @PucelaBits' | urlEncode }}" target="_blank" rel="noopener" aria-label="Twitter">
|
||||
<span class="icon brands fa-twitter" {% if web.twitter_mentions > 0 %}data-popularity="high" title="Sitio destacado. Súmate a quienes ya han tuiteado"{% endif %}>
|
||||
<span>Tuitear</span>
|
||||
</a>
|
||||
{% endif %}
|
||||
</td>
|
||||
</tr>
|
||||
{% else %}
|
||||
<tr class="unknown">
|
||||
<td title="El análisis de seguridad está pendiente">🕐</td>
|
||||
<td>
|
||||
{{ web.url | replace("www.", "") }}
|
||||
</td>
|
||||
<td></td>
|
||||
</tr>
|
||||
{% endif %}
|
||||
<span class="icon brands fa-twitter" {% if web.twitter_mentions > 0 %}data-popularity="high" title="Sitio destacado. Súmate a quienes ya han tuiteado"{% endif %}>
|
||||
<span>Tuitear</span>
|
||||
</a>
|
||||
{% endif %}
|
||||
</td>
|
||||
</tr>
|
||||
{% else %}
|
||||
<tr class="unknown">
|
||||
<td title="El análisis de seguridad está pendiente">🕐</td>
|
||||
<td>
|
||||
{{ web.url | replace("www.", "") }}
|
||||
</td>
|
||||
<td></td>
|
||||
</tr>
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
|
@ -65,24 +63,22 @@ https://websegura.pucelabits.org'| urlEncode }}{{ path }}{{ '?pk_campaign=Hazsel
|
|||
</thead>
|
||||
<tbody>
|
||||
{% for web in webs %}
|
||||
{% if web %}
|
||||
<tr class="{% if web.domain | dmarc_secure %}safe{% else %}danger{% endif %}">
|
||||
<td>
|
||||
<a href="/w/{{ web.domain | replace('.', '!') }}">
|
||||
{% if not web.domain | dmarc_secure %}
|
||||
<span class="phishing" title="Vulnerable a suplantación de identidad de emails"><img src="/images/phishing.png"></span>
|
||||
{% else %}
|
||||
<span title="Seguro frente a suplantación de identidad de emails">✉️</span>
|
||||
{% endif %}
|
||||
</a>
|
||||
</td>
|
||||
<td>
|
||||
<a href="/w/{{ web.domain | replace('.', '!') }}" title="{{ web.domain }}">@{{ web.domain | replace("www.", "") | replace("http:", "") | replace("https:", "") | replace("/", "")}}</a>
|
||||
</td>
|
||||
</tr>
|
||||
{% endif %}
|
||||
<tr class="{% if web.url | dmarc_secure %}safe{% else %}danger{% endif %}">
|
||||
<td>
|
||||
<a href="/w/{{ web.url | replace('.', '!') }}">
|
||||
{% if not web.url | dmarc_secure %}
|
||||
<span class="phishing" title="Vulnerable a suplantación de identidad de emails"><img src="/images/phishing.png"></span>
|
||||
{% else %}
|
||||
<span title="Seguro frente a suplantación de identidad de emails">✉️</span>
|
||||
{% endif %}
|
||||
</a>
|
||||
</td>
|
||||
<td>
|
||||
<a href="/w/{{ web.url | replace('.', '!') }}" title="{{ web.url }}">@{{ web.url | canonical }}</a>
|
||||
</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
<p class="tablefooter">(Los análisis se actualizan cada 6 días)</p>
|
||||
<p class="tablefooter">(Los análisis se actualizan cada semana)</p>
|
||||
{% endmacro %}
|
||||
|
|
|
@ -27,7 +27,7 @@ title: "#websegura"
|
|||
</strong>
|
||||
sitios</a>
|
||||
no tienen seguridad alguna.<br/>
|
||||
<span class="phishing"><img src="images/phishing.png"></span> <a href="/analisis-email/"><strong>{{ results.dmarc.summary | isDmarcValid(false) | length }}</strong> emails</a> son vulnerables a suplantación de identidad.
|
||||
<span class="phishing"><img src="images/phishing.png"></span> <a href="/analisis-email/"><strong>{{ all | dmarc_valid(false) | length }}</strong> emails</a> son vulnerables a suplantación de identidad.
|
||||
</p>
|
||||
|
||||
<div class="score-container">
|
||||
|
@ -40,10 +40,10 @@ title: "#websegura"
|
|||
|
||||
<div class="score-container">
|
||||
<div class="score-bar">
|
||||
<div class="score-progress" data-score="{{ results.dmarc.summary | emailScore }}"></div>
|
||||
<div class="score-progress" data-score="{{ collections.dmarcSummary | emailScore }}"></div>
|
||||
</div>
|
||||
|
||||
<p><strong>{{ results.dmarc.summary | emailScore }}%</strong> de los emails protegidos</p>
|
||||
<p><strong>{{ collections.dmarcSummary | emailScore }}%</strong> de los emails protegidos</p>
|
||||
</div>
|
||||
|
||||
<p>
|
||||
|
|
|
@ -16,21 +16,21 @@ title: "#emailseguro: Observatorio de seguridad de email"
|
|||
|
||||
<p class="subtitle">Analizamos
|
||||
<strong>
|
||||
{{ results.dmarc.summary | length }}
|
||||
{{ collections.dmarcSummary | length }}
|
||||
</strong>
|
||||
emails públicos para saber si están protegidos frente a <a href="/faq/#que-significa-que-los-emails-son-vulnerables-a-suplantacion-de-identidad">suplantación de identidad</a>.</p>
|
||||
|
||||
<p class="centered">🎖️ Sólo
|
||||
<a href="#hall-of-fame">
|
||||
<strong>
|
||||
{{ results.dmarc.summary | isDmarcValid(true) | length }}
|
||||
{{ all | dmarc_valid | length }}
|
||||
</strong>
|
||||
emails</a>
|
||||
son seguros frente a suplatación de identidad.<br/>
|
||||
son seguros frente a suplantación de identidad.<br/>
|
||||
<span class="phishing"><img src="/images/phishing.png"></span>
|
||||
<a href="#hall-of-shame">
|
||||
<strong>
|
||||
{{ results.dmarc.summary | isDmarcValid(false) | length }}
|
||||
{{ all | dmarc_valid(false) | length }}
|
||||
</strong>
|
||||
emails</a>
|
||||
son vulnerables frente a suplantación de identidad.
|
||||
|
@ -38,27 +38,26 @@ title: "#emailseguro: Observatorio de seguridad de email"
|
|||
|
||||
<div class="score-container">
|
||||
<div class="score-bar">
|
||||
<div class="score-progress" data-score="{{ results.dmarc.summary | emailScore }}"></div>
|
||||
<div class="score-progress" data-score="{{ collections.dmarcSummary | emailScore }}"></div>
|
||||
</div>
|
||||
|
||||
<p><strong>{{ results.dmarc.summary | emailScore }}%</strong> de los emails protegidos</p>
|
||||
<p><strong>{{ collections.dmarcSummary | emailScore }}%</strong> de los emails protegidos</p>
|
||||
</div>
|
||||
|
||||
<section>
|
||||
<div class="table-wrapper" id="resultados">
|
||||
<h2 id="hall-of-fame">🎖️ Hall de la fama</h2>
|
||||
<p>Estos correos tienen protección contra <a href="/faq/#que-significa-que-los-emails-son-vulnerables-a-suplantacion-de-identidad">suplantación de identidad</a>.</p>
|
||||
{{ tablaEmail(results.dmarc.summary | isDmarcValid(true), path=page.url) }}
|
||||
{{ tablaEmail(all | dmarc_valid, path=page.url) }}
|
||||
<p>
|
||||
<a href="https://github.com/PucelaBits/websegura#a%C3%B1adir-una-web">+ Añadir un dominio nuevo</a>
|
||||
</p>
|
||||
|
||||
<h2 id="hall-of-shame">☠️ Hall de la vergüenza</h2>
|
||||
<p>Estos correos <strong>son vulnerables</strong> a <a href="/faq/#que-significa-que-los-emails-son-vulnerables-a-suplantacion-de-identidad">suplantación de identidad</a></p>
|
||||
{{ tablaEmail(results.dmarc.summary | isDmarcValid(false), path=page.url) }}
|
||||
{{ tablaEmail(all | dmarc_valid(false), path=page.url) }}
|
||||
<p>
|
||||
<a href="https://github.com/PucelaBits/websegura#a%C3%B1adir-una-web">+ Añadir un dominio nuevo</a>
|
||||
</p>
|
||||
</div>
|
||||
|
||||
</section>
|
||||
|
|
Loading…
Reference in New Issue
Block a user