Replace flake8 and black with ruff

pyproject.toml

@@ -0,0 +1,12 @@
+[tool.ruff]
+line-length = 120
+
+[tool.mypy]
+python_version = "3.8"
+ignore_missing_imports = true
+strict_optional = true
+disallow_untyped_defs = true
+
+[[tool.mypy.overrides]]
+module = "tests.*"
+disallow_untyped_defs = false

requirements-dev.txt

@@ -1,17 +1,13 @@
-mypy==1.4.1
-flake8>=5,<7
+mypy==1.8
+ruff==0.2.2
 invoke>=2,<3
 pytest>=7.4,<8
 sphinx
 sphinx-rtd-theme
 twine>=4,<5
 sphinx-autodoc-typehints
-black==22.10.0
 pytest-cov
 faker
 
-# For mypy
-types-pyOpenSSL
-
-# For building the Windows executable
-cx-freeze==6.15.8; sys.platform == 'win32'
+# For building the Windows executable; cx-freeze is not compatible with Python 3.12 yet
+cx-freeze==6.15.15; sys.platform == 'win32' and python_version < '3.12'

sslyze/__main__.py

@@ -104,7 +104,6 @@ def main() -> None:
     if not parsed_command_line.check_against_mozilla_config:
         print("    Disabled; use --mozilla_config={old, intermediate, modern}.\n")
     else:
-
         print(
             f'    Checking results against Mozilla\'s "{parsed_command_line.check_against_mozilla_config}"'
             f" configuration. See https://ssl-config.mozilla.org/ for more details.\n"

sslyze/cli/command_line_parser.py

@@ -32,7 +32,6 @@
 
 
 class CommandLineParsingError(Exception):
-
     PARSING_ERROR_FORMAT = "  Command line error: {0}\n  Use -h for help."
 
     def get_error_msg(self) -> str:

sslyze/connection_helpers/http_request_generator.py

@@ -2,7 +2,6 @@
 
 
 class HttpRequestGenerator:
-
     HTTP_GET_FORMAT = (
         "GET {path} HTTP/1.1\r\n"
         "Host: {host}\r\n"

sslyze/connection_helpers/opportunistic_tls_helpers.py

@@ -177,31 +177,27 @@ def prepare_socket_for_tls_handshake(self, sock: socket.socket) -> None:
 
 
 class _ImapHelper(_GenericOpportunisticTlsHelper):
-
     ERR_NO_STARTTLS = "IMAP START TLS was rejected"
 
     START_TLS_CMD = b". STARTTLS\r\n"
     START_TLS_OK = b". OK"
 
 
 class _Pop3Helper(_GenericOpportunisticTlsHelper):
-
     ERR_NO_STARTTLS = "POP START TLS was rejected"
 
     START_TLS_CMD = b"STLS\r\n"
     START_TLS_OK = b"+OK"
 
 
 class _FtpHelper(_GenericOpportunisticTlsHelper):
-
     ERR_NO_STARTTLS = "FTP AUTH TLS was rejected"
 
     START_TLS_CMD = b"AUTH TLS\r\n"
     START_TLS_OK = b"234"
 
 
 class _PostgresHelper(_GenericOpportunisticTlsHelper):
-
     ERR_NO_STARTTLS = "Postgres AUTH TLS was rejected"
 
     START_TLS_CMD = b"\x00\x00\x00\x08\x04\xD2\x16\x2F"

sslyze/json/pydantic_utils.py

@@ -19,7 +19,7 @@ class BaseModelWithOrmModeAndForbid(BaseModel):
 
 
 def _handle_enum_name(enum_value: Any) -> str:
-    if type(enum_value) is str:
+    if isinstance(enum_value, str):
         return enum_value
     else:
         return enum_value.name

sslyze/json/scan_attempt_json.py

@@ -8,7 +8,8 @@
 # Must be subclassed in order to add the result field
 class ScanCommandAttemptAsJson(BaseModel, ABC):
     model_config = ConfigDict(
-        extra="forbid", from_attributes=True  # Fields must match between the JSON representation and the actual objects
+        extra="forbid",
+        from_attributes=True,  # Fields must match between the JSON representation and the actual objects
     )
 
     status: ScanCommandAttemptStatusEnum

sslyze/plugins/certificate_info/_cli_connector.py

@@ -25,7 +25,6 @@
 class _CertificateInfoCliConnector(
     ScanCommandCliConnector["CertificateInfoScanResult", "CertificateInfoExtraArgument"]
 ):
-
     _cli_option = "certinfo"
     _cli_description = "Retrieve and analyze a server's certificate(s) to verify its validity."
 

sslyze/plugins/certificate_info/json_output.py

@@ -125,7 +125,6 @@ def _handle_object(cls, data: Any) -> Any:
 
 
 class _SubjAltNameAsJson(BaseModel):
-
     dns_names: List[str]
     ip_addresses: List[str] = []
 

sslyze/plugins/compression_plugin.py

@@ -40,7 +40,6 @@ class CompressionScanAttemptAsJson(ScanCommandAttemptAsJson):
 
 
 class _CompressionCliConnector(ScanCommandCliConnector[CompressionScanResult, None]):
-
     _cli_option = "compression"
     _cli_description = "Test a server for TLS compression support, which can be leveraged to perform a CRIME attack."
 

sslyze/plugins/early_data_plugin.py

@@ -41,7 +41,6 @@ class EarlyDataScanAttemptAsJson(ScanCommandAttemptAsJson):
 
 
 class _EarlyDataCliConnector(ScanCommandCliConnector[EarlyDataScanResult, None]):
-
     _cli_option = "early_data"
     _cli_description = "Test a server for TLS 1.3 early data support."
 

sslyze/plugins/elliptic_curves_plugin.py

@@ -106,7 +106,6 @@ class SupportedEllipticCurvesScanAttemptAsJson(ScanCommandAttemptAsJson):
 
 
 class _SupportedEllipticCurvesCliConnector(ScanCommandCliConnector[SupportedEllipticCurvesScanResult, None]):
-
     _cli_option = "elliptic_curves"
     _cli_description = "Test a server for supported elliptic curves."
 

sslyze/plugins/fallback_scsv_plugin.py

@@ -39,7 +39,6 @@ class FallbackScsvScanAttemptAsJson(ScanCommandAttemptAsJson):
 
 
 class _FallbackScsvCliConnector(ScanCommandCliConnector[FallbackScsvScanResult, None]):
-
     _cli_option = "fallback"
     _cli_description = "Test a server for the TLS_FALLBACK_SCSV mechanism to prevent downgrade attacks."
 

sslyze/plugins/heartbleed_plugin.py

@@ -46,7 +46,6 @@ class HeartbleedScanAttemptAsJson(ScanCommandAttemptAsJson):
 
 
 class _HeartbleedCliConnector(ScanCommandCliConnector[HeartbleedScanResult, None]):
-
     _cli_option = "heartbleed"
     _cli_description = "Test a server for the OpenSSL Heartbleed vulnerability."
 

sslyze/plugins/http_headers_plugin.py

@@ -117,7 +117,6 @@ class HttpHeadersScanAttemptAsJson(ScanCommandAttemptAsJson):
 
 
 class _HttpHeadersCliConnector(ScanCommandCliConnector[HttpHeadersScanResult, None]):
-
     _cli_option = "http_headers"
     _cli_description = "Test a server for the presence of security-related HTTP headers."
 

sslyze/plugins/openssl_ccs_injection_plugin.py

@@ -47,7 +47,6 @@ class OpenSslCcsInjectionScanAttemptAsJson(ScanCommandAttemptAsJson):
 
 
 class _OpenSslCcsInjectionCliConnector(ScanCommandCliConnector[OpenSslCcsInjectionScanResult, None]):
-
     _cli_option = "openssl_ccs"
     _cli_description = "Test a server for the OpenSSL CCS Injection vulnerability (CVE-2014-0224)."
 

sslyze/plugins/openssl_cipher_suites/_cli_connector.py

@@ -11,7 +11,6 @@
 
 
 class _CipherSuitesCliConnector(ScanCommandCliConnector["CipherSuitesScanResult", None]):
-
     _title_in_output: ClassVar[str]
 
     @classmethod

sslyze/plugins/openssl_cipher_suites/implementation.py

@@ -45,49 +45,42 @@ def is_tls_version_supported(self) -> bool:
 
 
 class _Sslv20CliConnector(_CipherSuitesCliConnector):
-
     _cli_option = "sslv2"
     _cli_description = "Test a server for SSL 2.0 support."
     _title_in_output = "SSL 2.0 Cipher Suites"
 
 
 class _Sslv30CliConnector(_CipherSuitesCliConnector):
-
     _cli_option = "sslv3"
     _cli_description = "Test a server for SSL 3.0 support."
     _title_in_output = "SSL 3.0 Cipher Suites"
 
 
 class _Tlsv10CliConnector(_CipherSuitesCliConnector):
-
     _cli_option = "tlsv1"
     _cli_description = "Test a server for TLS 1.0 support."
     _title_in_output = "TLS 1.0 Cipher Suites"
 
 
 class _Tlsv11CliConnector(_CipherSuitesCliConnector):
-
     _cli_option = "tlsv1_1"
     _cli_description = "Test a server for TLS 1.1 support."
     _title_in_output = "TLS 1.1 Cipher Suites"
 
 
 class _Tlsv12CliConnector(_CipherSuitesCliConnector):
-
     _cli_option = "tlsv1_2"
     _cli_description = "Test a server for TLS 1.2 support."
     _title_in_output = "TLS 1.2 Cipher Suites"
 
 
 class _Tlsv13CliConnector(_CipherSuitesCliConnector):
-
     _cli_option = "tlsv1_3"
     _cli_description = "Test a server for TLS 1.3 support."
     _title_in_output = "TLS 1.3 Cipher Suites"
 
 
 class _CipherSuitesScanImplementation(ScanCommandImplementation[CipherSuitesScanResult, None]):
-
     # The SSL version corresponding to the scan command
     _tls_version: ClassVar[TlsVersionEnum]
 

sslyze/plugins/robot/_robot_tester.py

@@ -51,7 +51,6 @@ class RobotPmsPaddingPayloadEnum(Enum):
 
 
 class _RobotTlsRecordPayloads:
-
     # From https://github.com/robotattackorg/robot-detect and testssl.sh
     # The high level idea of an oracle attack is to send several payloads that are slightly wrong, in different ways,
     # hoping that the server is going to give a different response (a TLS alert, a connection reset, no data, etc.) for

sslyze/plugins/robot/implementation.py

@@ -43,7 +43,6 @@ class RobotScanAttemptAsJson(ScanCommandAttemptAsJson):
 
 
 class _RobotCliConnector(ScanCommandCliConnector[RobotScanResult, None]):
-
     _cli_option = "robot"
     _cli_description = "Test a server for the ROBOT vulnerability."
 

sslyze/plugins/session_renegotiation_plugin.py

@@ -49,7 +49,6 @@ class _ScanJobResultEnum(Enum):
 
 
 class _SessionRenegotiationCliConnector(ScanCommandCliConnector[SessionRenegotiationScanResult, None]):
-
     _cli_option = "reneg"
     _cli_description = "Test a server for for insecure TLS renegotiation and client-initiated renegotiation."
 

sslyze/plugins/session_resumption/implementation.py

@@ -80,7 +80,6 @@ def _resumption_result_to_console_output(
 class _SessionResumptionSupportCliConnector(
     ScanCommandCliConnector[SessionResumptionSupportScanResult, SessionResumptionSupportExtraArgument]
 ):
-
     _cli_option = "resum"
     _cli_description = "Test a server for TLS 1.2 session resumption support using session IDs and TLS tickets."
 

sslyze/server_connectivity.py

@@ -281,7 +281,6 @@ def _detect_support_for_tls_1_2_or_below(
     network_config: ServerNetworkConfiguration,
     tls_version: TlsVersionEnum,
 ) -> _TlsVersionDetectionResult:
-
     if tls_version == TlsVersionEnum.SSL_2_0:
         # DEFAULT excludes SSLv2 ciphers in OpenSSL 1.0.2
         default_cipher_list = "SSLv2"

tasks.py

@@ -15,9 +15,15 @@ def test(ctx: Context) -> None:
 
 @task
 def lint(ctx: Context) -> None:
-    ctx.run("flake8 .")
+    ctx.run("ruff format . --check")
+    ctx.run("ruff check .")
     ctx.run("mypy .")
-    ctx.run("black -l 120 sslyze tests api_sample.py tasks.py --check")
+
+
+@task
+def autoformat(ctx: Context) -> None:
+    ctx.run("ruff format .")
+    ctx.run("ruff check . --fix")
 
 
 @task

tests/plugins_tests/certificate_info/test_symantec.py

@@ -34,9 +34,7 @@ def test_good(self):
 R7vu2UObYzI35CU=
 -----END CERTIFICATE-----
 
-                """.encode(
-                    encoding="ascii"
-                ),
+                """.encode(encoding="ascii"),
                 default_backend(),
             ),
             # Google Internet Authority G3
@@ -67,9 +65,7 @@ def test_good(self):
 7a8IVk6wuy6pm+T7HT4LY8ibS5FEZlfAFLSW8NwsVz9SBK2Vqn1N0PIMn5xA6NZV
 c7o835DLAFshEWfC7TIe3g==
 -----END CERTIFICATE-----
-                """.encode(
-                    encoding="ascii"
-                ),
+                """.encode(encoding="ascii"),
                 default_backend(),
             ),
             # GlobalSign Root CA
@@ -96,9 +92,7 @@ def test_good(self):
 AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
 TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
 -----END CERTIFICATE-----
-                """.encode(
-                    encoding="ascii"
-                ),
+                """.encode(encoding="ascii"),
                 default_backend(),
             ),
         ]
@@ -167,9 +161,7 @@ def test_march_2018(self):
 QzQuVEXo8FVfMP9wqDEQe1IeOePcYMFEBt4/evEneUvEX2MNLc+wMt8qf44pxryp
 8NIYplnoidK7+W1YRQcFUhx/3xbyoBB2fEHCsvyYGw==
 -----END CERTIFICATE-----
-                """.encode(
-                    encoding="ascii"
-                ),
+                """.encode(encoding="ascii"),
                 default_backend(),
             ),
             # GeoTrust DV SSL
@@ -199,9 +191,7 @@ def test_march_2018(self):
 SGGFixD0wYi/f1+KwtfNK5RcHzRKCK/rromoSHVVlR27wJoBufQDIj7U5lIwDWe5
 wJH9LUwwjr2MpQSRu6Srfw/Yb/BmAMmjXPWwj4PmnFrmtrnFvL7kAg==
 -----END CERTIFICATE-----
-                """.encode(
-                    encoding="ascii"
-                ),
+                """.encode(encoding="ascii"),
                 default_backend(),
             ),
             # GeoTrust Global CA
@@ -246,9 +236,7 @@ def test_september_2018(self):
 Aw5rmaztWlYO64YS7z4am5d9h2rrF1rfgv9Mc3caxAUO3sJZDRyhYaj+7BUgv8HR
 otJHkjr2ASPp31Yf
 -----END CERTIFICATE-----
-                """.encode(
-                    encoding="ascii"
-                ),
+                """.encode(encoding="ascii"),
                 default_backend(),
             ),
             # RapidSSL SHA 256
@@ -279,9 +267,7 @@ def test_september_2018(self):
 Px8G8k/Ll6BKWcZ40egDuYVtLLrhX7atKz4lecWLVtXjCYDqwSfC2Q7sRwrp0Mr8
 2A==
 -----END CERTIFICATE-----
-                """.encode(
-                    encoding="ascii"
-                ),
+                """.encode(encoding="ascii"),
                 default_backend(),
             ),
             # GeoTrust Global CA