First version of port exposure diagnosis

2024-09-03 20:06:10 +02:00 · 2019-07-30 18:53:17 +02:00 · 2019-07-30 18:53:17 +02:00 · f690ff6e1e
commit f690ff6e1e
parent 35f6b77895
2 changed files with 57 additions and 0 deletions
--- a/data/hooks/diagnosis/14-ports.py
+++ b/data/hooks/diagnosis/14-ports.py
@ -0,0 +1,53 @@
+#!/usr/bin/env python
+
+import os
+import requests
+
+from yunohost.diagnosis import Diagnoser
+
+
+class PortsDiagnoser(Diagnoser):
+
+    id_ = os.path.splitext(os.path.basename(__file__))[0].split("-")[1]
+    cache_duration = 3600
+
+    def run(self):
+
+        # FIXME / TODO : in the future, maybe we want to report different
+        # things per port depending on how important they are
+        # (e.g. XMPP sounds to me much less important than other ports)
+        # Ideally, a port could be related to a service...
+        # FIXME / TODO : for now this list of port is hardcoded, might want
+        # to fetch this from the firewall.yml in /etc/yunohost/
+        ports = [ 22, 25, 53, 80, 443, 587, 993, 5222, 5269 ]
+
+        try:
+            r = requests.post('https://ynhdiagnoser.netlib.re/check-ports', json={'ports': ports}).json()
+            if not "status" in r.keys():
+                raise Exception("Bad syntax for response ? Raw json: %s" % str(r))
+            elif r["status"] == "error":
+                if "content" in r.keys():
+                    raise Exception(r["content"])
+                else:
+                    raise Exception("Bad syntax for response ? Raw json: %s" % str(r))
+            elif r["status"] != "ok" or "ports" not in r.keys() or not isinstance(r["ports"], dict):
+                raise Exception("Bad syntax for response ? Raw json: %s" % str(r))
+        except Exception as e:
+            raise YunohostError("diagnosis_ports_could_not_diagnose", error=e)
+
+        found_issues = False
+        for port in ports:
+            if r["ports"].get(str(port), None) != True:
+                found_issues = True
+                yield dict(meta={"port": port},
+                           status="ERROR",
+                           summary=("diagnosis_ports_unreachable", {"port":port}))
+
+        if not found_issues:
+            yield dict(meta={},
+                       status="SUCCESS",
+                       summary=("diagnosis_ports_ok",{}))
+
+
+def main(args, env, loggers):
+    return PortsDiagnoser(args, env, loggers).diagnose()
--- a/locales/en.json
+++ b/locales/en.json
@ -177,6 +177,10 @@
    "diagnosis_description_dnsrecords": "DNS records",
    "diagnosis_description_services": "Services status check",
    "diagnosis_description_diskusage": "Disk usage",
+    "diagnosis_description_ports": "Ports exposure",
+    "diagnosis_ports_could_not_diagnose": "Could not diagnose if ports are reachable from outside. Error: {error}",
+    "diagnosis_ports_unreachable": "Port {port} is not reachable from outside.",
+    "diagnosis_ports_ok": "Relevant ports are reachable from outside!",
    "domain_cannot_remove_main": "Cannot remove main domain. Set a new main domain first",
    "domain_cert_gen_failed": "Could not generate certificate",
    "domain_created": "Domain created",