Marown/websegura
1
0
Fork 0
mirror of https://github.com/PucelaBits/websegura.git synced 2024-05-29 10:43:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: dmarc crawling & broken links (#245)

Browse Source
This commit is contained in:
Guido García 2021-07-27 00:51:42 +02:00 committed by GitHub
parent ff4a6a3c81
commit d8b3d5e6a8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 100 additions and 101078 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
.eleventy.js
View File

@ -66,13 +66,7 @@ const filenameToData = (f) => ({
let results;
try {
results = JSON.parse(
fs.readFileSync(
`_data/results/${obj.url.replace(
new RegExp("\\.", "g"),
"!"
)}.json`,
"utf8"
)
fs.readFileSync(`_data/results/${obj.url.replace(/\./g, "!")}.json`, "utf8")
);
} catch (e) {
// Los resultados aún no están disponibles.
@ -141,6 +135,20 @@ const filenameToData = (f) => ({
}
})();
function createEmailSummaryFile() {
const result = {};
const sites = glob.sync("_data/results/dmarc/*.json");
for (const site of sites) {
const siteData = fs.readFileSync(site, "utf8");
if (siteData.length > 0) { // sites where dmarc analysis was not possible are empty
const siteName = /^_data\/results\/dmarc\/(.*)\.json$/.exec(site)[1].replace(/!/g, ".");
const siteData = JSON.parse(fs.readFileSync(site, "utf8"));
result[siteName] = siteData;
}
}
return result;
};
module.exports = function (eleventyConfig) {
eleventyConfig.addPassthroughCopy("assets");
eleventyConfig.addPassthroughCopy("images");
@ -210,23 +218,23 @@ module.exports = function (eleventyConfig) {
})
);
const dmarcSummary = createEmailSummaryFile();
// make the dmarc summary available to the templates instead of writing it to disk
eleventyConfig.addCollection("dmarcSummary", () => dmarcSummary);
// Filters values with DMARC and SPF with specific valid option (true or false)
// Only values where SPF AND DMARC is valid, are considered valid
// Values where SPF OR DMARC is not valid, are considered invalid
// Only policy p=reject is considered valid/secure
// FIXME: For some reason the results.dmarc.summary is an Object not and Array
eleventyConfig.addFilter("isDmarcValid", (value, valid) => {
const filter = valid
? (v) => v.spf.valid === valid && v.dmarc.valid === valid && v.dmarc.record.includes('p=reject')
: (v) => v.spf.valid === valid || v.dmarc.valid === valid || !v.dmarc.record.includes('p=reject');
eleventyConfig.addFilter("dmarc_valid", (value, valid=true) => {
const dmarcFilter = valid
? (web) => { const v = dmarcSummary[web.url]; return v.spf.valid === valid && v.dmarc.valid === valid && v.dmarc.record.includes('p=reject') }
: (web) => { const v = dmarcSummary[web.url]; return v.spf.valid === valid || v.dmarc.valid === valid || !v.dmarc.record.includes('p=reject') };
return Object.values(value).filter(filter);
return value.filter(web => dmarcSummary[web.url])
.filter(dmarcFilter);
});
const dmarcSummary = JSON.parse(
fs.readFileSync(`_data/results/dmarc/summary.json`, "utf8")
);
eleventyConfig.addFilter("dmarc_secure", (url) => {
const dmarc_info = dmarcSummary[url];
if (dmarc_info) {
@ -243,8 +251,16 @@ module.exports = function (eleventyConfig) {
}
});
eleventyConfig.addFilter("canonical", (url) => {
return url.replace(/^www\./, "")
.replace("http:", "")
.replace("https:", "")
.replace("/", "");
});
// % de webs seguras
eleventyConfig.addFilter("safeScore", getSafeScore);
// % de emails protegidos
eleventyConfig.addFilter("emailScore", getEmailScore);

11
.github/workflows/analyze_dmarc.yml vendored
View File

@ -29,8 +29,15 @@ jobs:
# Using the API would be more flexible, but this is easier to implement for now.
- name: Check DMARC information about public sites
run: |
SITES=$(find {_data/general.json,_data/{comunidades,provincias}/*.json} | xargs cat | jq -r .webs[].url | sed 's/www.//g')
checkdmarc --skip-tls --timeout 3 ${SITES} | jq 'INDEX(.domain)' > _data/results/dmarc/summary.json
SITES=$(find {_data/general.json,_data/{comunidades,provincias}/*.json} | xargs cat | jq -r .webs[].url)
for site in $SITES;
do
CANONICAL_SITE=$(echo $site | sed 's/^www.//g')
ESCAPED_SITE=$(echo $site | sed 's/\./!/g')
OUTPUT_FILE="_data/results/dmarc/$ESCAPED_SITE.json"
echo "Checking $site to $OUTPUT_FILE"
checkdmarc --skip-tls --nameserver=1.0.0.1 --timeout 3 ${CANONICAL_SITE} > $OUTPUT_FILE
done
# The resulting commit will not trigger another GitHub Actions Workflow run.
# This is due to limitations set by GitHub.

100996
_data/results/dmarc/summary.json
View File

File diff suppressed because it is too large Load Diff

4
_includes/details.njk
View File

@ -60,8 +60,8 @@
<ul class="iconify">
<li><a href="https://observatory.mozilla.org/analyze/{{ web.url }}">🖥 Informe técnico del análisis de la web</a></li>
<li><a href="https://dmarcguide.globalcyberalliance.org/#/tool-select?d={{ web.url | replace('www.', '') }}&r=s&s=none&lang=es"> ✉️ Informe técnico del análisis del email</a></li>
<li><a href="https://dnssec-analyzer.verisignlabs.com/{{ web.url | replace('www.', '') }}">🌐 Informe técnico de la seguridad del nombre de dominio</a></li>
<li><a href="https://dmarcguide.globalcyberalliance.org/#/tool-select?d={{ web.url | canonical }}&r=s&s=none&lang=es"> ✉️ Informe técnico del análisis del email</a></li>
<li><a href="https://dnssec-analyzer.verisignlabs.com/{{ web.url | canonical }}">🌐 Informe técnico de la seguridad del nombre de dominio</a></li>
</ul>
{% if (web.twitter) and (results.score < 70) %}

94
_includes/tabla.njk
View File

@ -9,23 +9,22 @@
</thead>
<tbody>
{% for web in webs | sort(reverse=true, attribute = "score") %}
{% if web %}
{% if web.state === 'FINISHED' %}
<tr class="{{ web | color }}">
<td>
<a href="/w/{{ web.url | replace('.', '!') }}" title="{{ web | abbr }}">
{% if not web.url | dmarc_secure %}
<span class="phishing" title="Vulnerable a suplantación de identidad de emails"><img src="/images/phishing.png"></span>
{% endif %}
{% if web.tests_passed < 5 %}☠️{% else %}{{ web.grade }}{% endif %}
</a>
</td>
<td>
<a href="/w/{{ web.url | replace('.', '!') }}" title="{{ web.name }}">{{ web.url | replace("www.", "") }}</a>
</td>
<td>
{% if (web.twitter) and (web.score < 70) %}
<a class="twitter-share-button" href="https://twitter.com/intent/tweet/?text={{ 'Hola @' + web.twitter + '
{% if web.state === 'FINISHED' %}
<tr class="{{ web | color }}">
<td>
<a href="/w/{{ web.url | replace('.', '!') }}" title="{{ web | abbr }}">
{% if not web.url | dmarc_secure %}
<span class="phishing" title="Vulnerable a suplantación de identidad de emails"><img src="/images/phishing.png"></span>
{% endif %}
{% if web.tests_passed < 5 %}☠️{% else %}{{ web.grade }}{% endif %}
</a>
</td>
<td>
<a href="/w/{{ web.url | replace('.', '!') }}" title="{{ web.name }}">{{ web.url | replace("www.", "") }}</a>
</td>
<td>
{% if (web.twitter) and (web.score < 70) %}
<a class="twitter-share-button" href="https://twitter.com/intent/tweet/?text={{ 'Hola @' + web.twitter + '
🔒 La seguridad de vuestra web y usuarios puede ser comprometida si no actualizáis vuestras conexiones seguras (HTTPS).
⚠️ ¡Por favor, revisadlo cuanto antes!
@ -33,21 +32,20 @@
https://websegura.pucelabits.org'| urlEncode }}{{ path }}{{ '?pk_campaign=HazseloSaber&pk_source=twitter
#websegura /vía @PucelaBits' | urlEncode }}" target="_blank" rel="noopener" aria-label="Twitter">
<span class="icon brands fa-twitter" {% if web.twitter_mentions > 0 %}data-popularity="high" title="Sitio destacado. Súmate a quienes ya han tuiteado"{% endif %}>
<span>Tuitear</span>
</a>
{% endif %}
</td>
</tr>
{% else %}
<tr class="unknown">
<td title="El análisis de seguridad está pendiente">🕐</td>
<td>
{{ web.url | replace("www.", "") }}
</td>
<td></td>
</tr>
{% endif %}
<span class="icon brands fa-twitter" {% if web.twitter_mentions > 0 %}data-popularity="high" title="Sitio destacado. Súmate a quienes ya han tuiteado"{% endif %}>
<span>Tuitear</span>
</a>
{% endif %}
</td>
</tr>
{% else %}
<tr class="unknown">
<td title="El análisis de seguridad está pendiente">🕐</td>
<td>
{{ web.url | replace("www.", "") }}
</td>
<td></td>
</tr>
{% endif %}
{% endfor %}
</tbody>
@ -65,24 +63,22 @@ https://websegura.pucelabits.org'| urlEncode }}{{ path }}{{ '?pk_campaign=Hazsel
</thead>
<tbody>
{% for web in webs %}
{% if web %}
<tr class="{% if web.domain | dmarc_secure %}safe{% else %}danger{% endif %}">
<td>
<a href="/w/{{ web.domain | replace('.', '!') }}">
{% if not web.domain | dmarc_secure %}
<span class="phishing" title="Vulnerable a suplantación de identidad de emails"><img src="/images/phishing.png"></span>
{% else %}
<span title="Seguro frente a suplantación de identidad de emails">✉️</span>
{% endif %}
</a>
</td>
<td>
<a href="/w/{{ web.domain | replace('.', '!') }}" title="{{ web.domain }}">@{{ web.domain | replace("www.", "") | replace("http:", "") | replace("https:", "") | replace("/", "")}}</a>
</td>
</tr>
{% endif %}
<tr class="{% if web.url | dmarc_secure %}safe{% else %}danger{% endif %}">
<td>
<a href="/w/{{ web.url | replace('.', '!') }}">
{% if not web.url | dmarc_secure %}
<span class="phishing" title="Vulnerable a suplantación de identidad de emails"><img src="/images/phishing.png"></span>
{% else %}
<span title="Seguro frente a suplantación de identidad de emails">✉️</span>
{% endif %}
</a>
</td>
<td>
<a href="/w/{{ web.url | replace('.', '!') }}" title="{{ web.url }}">@{{ web.url | canonical }}</a>
</td>
</tr>
{% endfor %}
</tbody>
</table>
<p class="tablefooter">(Los análisis se actualizan cada 6 días)</p>
<p class="tablefooter">(Los análisis se actualizan cada semana)</p>
{% endmacro %}

6
pages/index.njk
View File

@ -27,7 +27,7 @@ title: "#websegura"
</strong>
sitios</a>
no tienen seguridad alguna.<br/>
<span class="phishing"><img src="images/phishing.png"></span> <a href="/analisis-email/"><strong>{{ results.dmarc.summary | isDmarcValid(false) | length }}</strong> emails</a> son vulnerables a suplantación de identidad.
<span class="phishing"><img src="images/phishing.png"></span> <a href="/analisis-email/"><strong>{{ all | dmarc_valid(false) | length }}</strong> emails</a> son vulnerables a suplantación de identidad.
</p>
<div class="score-container">
@ -40,10 +40,10 @@ title: "#websegura"
<div class="score-container">
<div class="score-bar">
<div class="score-progress" data-score="{{ results.dmarc.summary | emailScore }}"></div>
<div class="score-progress" data-score="{{ collections.dmarcSummary | emailScore }}"></div>
</div>
<p><strong>{{ results.dmarc.summary | emailScore }}%</strong> de los emails protegidos</p>
<p><strong>{{ collections.dmarcSummary | emailScore }}%</strong> de los emails protegidos</p>
</div>
<p>

17
pages/ranking-email.njk
View File

@ -16,21 +16,21 @@ title: "#emailseguro: Observatorio de seguridad de email"
<p class="subtitle">Analizamos
<strong>
{{ results.dmarc.summary | length }}
{{ collections.dmarcSummary | length }}
</strong>
emails públicos para saber si están protegidos frente a <a href="/faq/#que-significa-que-los-emails-son-vulnerables-a-suplantacion-de-identidad">suplantación de identidad</a>.</p>
<p class="centered">🎖️ Sólo
<a href="#hall-of-fame">
<strong>
{{ results.dmarc.summary | isDmarcValid(true) | length }}
{{ all | dmarc_valid | length }}
</strong>
emails</a>
son seguros frente a suplatación de identidad.<br/>
son seguros frente a suplantación de identidad.<br/>
<span class="phishing"><img src="/images/phishing.png"></span>
<a href="#hall-of-shame">
<strong>
{{ results.dmarc.summary | isDmarcValid(false) | length }}
{{ all | dmarc_valid(false) | length }}
</strong>
emails</a>
son vulnerables frente a suplantación de identidad.
@ -38,27 +38,26 @@ title: "#emailseguro: Observatorio de seguridad de email"
<div class="score-container">
<div class="score-bar">
<div class="score-progress" data-score="{{ results.dmarc.summary | emailScore }}"></div>
<div class="score-progress" data-score="{{ collections.dmarcSummary | emailScore }}"></div>
</div>
<p><strong>{{ results.dmarc.summary | emailScore }}%</strong> de los emails protegidos</p>
<p><strong>{{ collections.dmarcSummary | emailScore }}%</strong> de los emails protegidos</p>
</div>
<section>
<div class="table-wrapper" id="resultados">
<h2 id="hall-of-fame">🎖️ Hall de la fama</h2>
<p>Estos correos tienen protección contra <a href="/faq/#que-significa-que-los-emails-son-vulnerables-a-suplantacion-de-identidad">suplantación de identidad</a>.</p>
{{ tablaEmail(results.dmarc.summary | isDmarcValid(true), path=page.url) }}
{{ tablaEmail(all | dmarc_valid, path=page.url) }}
<p>
<a href="https://github.com/PucelaBits/websegura#a%C3%B1adir-una-web">+ Añadir un dominio nuevo</a>
</p>
<h2 id="hall-of-shame">☠️ Hall de la vergüenza</h2>
<p>Estos correos <strong>son vulnerables</strong> a <a href="/faq/#que-significa-que-los-emails-son-vulnerables-a-suplantacion-de-identidad">suplantación de identidad</a></p>
{{ tablaEmail(results.dmarc.summary | isDmarcValid(false), path=page.url) }}
{{ tablaEmail(all | dmarc_valid(false), path=page.url) }}
<p>
<a href="https://github.com/PucelaBits/websegura#a%C3%B1adir-una-web">+ Añadir un dominio nuevo</a>
</p>
</div>
</section>