Better data collector (#111)

Spomky · web-flow · commit e59fc23fe66b · 2018-03-19T14:05:08.000+01:00
* Better Data Collector

Adds some tables for the list of components.
Better messages and warnings for the deprecated algorithms
diff --git a/src/Bundle/JoseFramework/DataCollector/AlgorithmCollector.php b/src/Bundle/JoseFramework/DataCollector/AlgorithmCollector.php
@@ -44,7 +44,10 @@ public function __construct(AlgorithmManagerFactory $algorithmManagerFactory)
     public function collect(array &$data, Request $request, Response $response, \Exception $exception = null)
     {
         $algorithms = $this->algorithmManagerFactory->all();
-        $data['algorithm']['algorithms'] = [];
+        $data['algorithm'] = [
+            'messages'   => $this->getAlgorithmMessages(),
+            'algorithms' => [],
+        ];
         $signatureAlgorithms = 0;
         $keyEncryptionAlgorithms = 0;
         $contentEncryptionAlgorithms = 0;
@@ -92,4 +95,37 @@ private function getAlgorithmType(Algorithm $algorithm, int &$signatureAlgorithm
                 return 'Unknown';
         }
     }
+
+    /**
+     * @return array
+     */
+    private function getAlgorithmMessages(): array
+    {
+        return [
+            'none' => [
+                'severity' => 'severity-low',
+                'message'  => 'This algorithm is not secured. Please use with caution.',
+            ],
+            'RSA1_5' => [
+                'severity' => 'severity-high',
+                'message'  => 'This algorithm is not secured (known attacks). See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-5">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-5</a>.',
+            ],
+            'ECDH-ES' => [
+                'severity' => 'severity-medium',
+                'message'  => 'This algorithm is very slow when used with curves P-256, P-384, P-521.',
+            ],
+            'ECDH-ES+A128KW' => [
+                'severity' => 'severity-medium',
+                'message'  => 'This algorithm is very slow when used with curves P-256, P-384, P-521.',
+            ],
+            'ECDH-ES+A192KW' => [
+                'severity' => 'severity-medium',
+                'message'  => 'This algorithm is very slow when used with curves P-256, P-384, P-521.',
+            ],
+            'ECDH-ES+A256KW' => [
+                'severity' => 'severity-medium',
+                'message'  => 'This algorithm is very slow when used with curves P-256, P-384, P-521.',
+            ],
+        ];
+    }
 }
diff --git a/src/Bundle/JoseFramework/Resources/views/data_collector/tab/checker.html.twig b/src/Bundle/JoseFramework/Resources/views/data_collector/tab/checker.html.twig
@@ -32,11 +32,24 @@
         {% if collector.getData().checker.header_checkers is empty %}
             No header checker.
         {% else %}
-            <ul>
+            <table>
+                <thead>
+                <tr>
+                    <th>Alias</th>
+                    <th>Checked header</th>
+                    <th>Is protected?</th>
+                </tr>
+                </thead>
+                <tbody>
                 {% for alias, data in collector.getData().checker.header_checkers %}
-                    <li>Alias: {{ alias }}, checked header: {{ data.header }}{% if data.protected %} (protected header){% endif %}</li>
+                    <tr>
+                        <td>{{ alias }}</td>
+                        <td>{{ data.header }}</td>
+                        <td>{% if data.protected %}Yes{% else %}No{% endif %}</td>
+                    </tr>
                 {% endfor %}
-            </ul>
+                </tbody>
+            </table>
         {% endif %}
         <i>Please note that the header "crit" (critical) is always checked.</i>
         <h4>Claim Checker Managers</h4>
@@ -70,11 +83,22 @@
         {% if collector.getData().checker.claim_checkers is empty %}
             No header checker.
         {% else %}
-            <ul>
+            <table>
+                <thead>
+                <tr>
+                    <th>Alias</th>
+                    <th>Checked claim</th>
+                </tr>
+                </thead>
+                <tbody>
                 {% for alias, data in collector.getData().checker.claim_checkers %}
-                    <li>Alias: {{ alias }}, checked claim: {{ data.claim }}</li>
+                    <tr>
+                        <td>{{ alias }}</td>
+                        <td>{{ data.claim }}</td>
+                    </tr>
                 {% endfor %}
-            </ul>
+                </tbody>
+            </table>
         {% endif %}
     </div>
 </div>
diff --git a/src/Bundle/JoseFramework/Resources/views/data_collector/tab/jwe.html.twig b/src/Bundle/JoseFramework/Resources/views/data_collector/tab/jwe.html.twig
@@ -19,17 +19,27 @@
                         <ul>
                             {% for algorithm in data.key_encryption_algorithms %}
                                 <li>
-                                        <span{% if algorithm == 'RSA1_5' %} class="severity-high"{% elseif 'ECDH-ES' in algorithm %} class="severity-medium"{% endif %}>
-                                            {{ algorithm }}
-                                        </span>
+                                    <span{% if algorithm in collector.getData().algorithm.messages|keys %}
+                                     class="{{ collector.getData().algorithm.messages[algorithm]['severity'] }}"
+                                        {% else %}
+                                        {% endif %}>
+                                        {{ algorithm }}
+                                    </span>
                                 </li>
                             {% endfor %}
                         </ul>
                     </td>
                     <td>
                         <ul>
                             {% for algorithm in data.content_encryption_algorithms %}
-                                <li>{{ algorithm }}</li>
+                                <li>
+                                    <span{% if algorithm in collector.getData().algorithm.messages|keys %}
+                                        class="{{ collector.getData().algorithm.messages[algorithm]['severity'] }}"
+                                            {% else %}
+                                            {% endif %}>
+                                        {{ algorithm }}
+                                    </span>
+                                </li>
                             {% endfor %}
                         </ul>
                     </td>
@@ -142,29 +152,97 @@
         {% set encryptionAlgorithms = collector.getData().algorithm.algorithms %}
         {% if encryptionAlgorithms['Key Encryption'] is defined %}
             <h4>Available Key Encryption Algorithms</h4>
-            <ul>
+            <table>
+                <thead>
+                <tr>
+                    <th>Name</th>
+                    <th>Alias</th>
+                    <th>Message</th>
+                </tr>
+                </thead>
+                <tbody>
                 {% for alias, alg in encryptionAlgorithms['Key Encryption'] %}
-                    <li><span{% if alg.name == 'RSA1_5' %} class="severity-high"{% elseif 'ECDH-ES' in alg.name %} class="severity-medium"{% endif %}>{{ alg.name }} (alias: <i>{{ alias }})</i>{% if alg.name == 'RSA1_5' %}. This algorithm is not secured (known attacks).{% elseif 'ECDH-ES' in alg.name %}. This algorithm is very slow when used with curves P-256, P-384, P-521.{% endif %}</span></li>
+                    <tr>
+                        <td {% if alg.name in collector.getData().algorithm.messages|keys %}
+                            class="{{ collector.getData().algorithm.messages[alg.name]['severity'] }}"
+                                {% endif %}>{{ alg.name }}</td>
+                        <td {% if alg.name in collector.getData().algorithm.messages|keys %}
+                            class="{{ collector.getData().algorithm.messages[alg.name]['severity'] }}"
+                                {% endif %}>{{ alias }}</td>
+                        <td {% if alg.name in collector.getData().algorithm.messages|keys %}
+                            class="{{ collector.getData().algorithm.messages[alg.name]['severity'] }}"
+                                {% endif %}>
+                            {% if alg.name in collector.getData().algorithm.messages|keys %}
+                                {{ collector.getData().algorithm.messages[alg.name]['message']|raw }}
+                            {% endif %}
+                        </td>
+                    </tr>
                 {% endfor %}
-            </ul>
+                </tbody>
+            </table>
             <h4>Available Content Encryption Algorithms</h4>
-            <ul>
+            <table>
+                <thead>
+                <tr>
+                    <th>Name</th>
+                    <th>Alias</th>
+                    <th>Message</th>
+                </tr>
+                </thead>
+                <tbody>
                 {% for alias, alg in encryptionAlgorithms['Content Encryption'] %}
-                    <li>{{ alg.name }} (alias: <i>{{ alias }})</i></li>
+                    <tr>
+                        <td {% if alg.name in collector.getData().algorithm.messages|keys %}
+                            class="{{ collector.getData().algorithm.messages[alg.name]['severity'] }}"
+                                {% endif %}>{{ alg.name }}</td>
+                        <td {% if alg.name in collector.getData().algorithm.messages|keys %}
+                            class="{{ collector.getData().algorithm.messages[alg.name]['severity'] }}"
+                                {% endif %}>{{ alias }}</td>
+                        <td {% if alg.name in collector.getData().algorithm.messages|keys %}
+                            class="{{ collector.getData().algorithm.messages[alg.name]['severity'] }}"
+                                {% endif %}>
+                            {% if alg.name in collector.getData().algorithm.messages|keys %}
+                                {{ collector.getData().algorithm.messages[alg.name]['message']|raw }}
+                            {% endif %}
+                        </td>
+                    </tr>
                 {% endfor %}
-            </ul>
+                </tbody>
+            </table>
             <h4>Compression Methods</h4>
-            <ul>
+            <table>
+                <thead>
+                <tr>
+                    <th>Name</th>
+                    <th>Alias</th>
+                </tr>
+                </thead>
+                <tbody>
                 {% for alias, name in collector.getData().jwe.compression_methods %}
-                    <li>{{ name }} (alias: <i>{{ alias }})</i></li>
+                    <tr>
+                        <td>{{ name }}</td>
+                        <td>{{ alias }}</td>
+                    </tr>
                 {% endfor %}
-            </ul>
+                </tbody>
+            </table>
             <h4>JWE Serialization Modes</h4>
-            <ul>
+            <table>
+                <thead>
+                <tr>
+                    <th>Name</th>
+                    <th>Alias</th>
+                </tr>
+                </thead>
+                <tbody>
                 {% for alias, name in collector.getData().jwe.jwe_serialization %}
-                    <li>{{ name }} (alias: <i>{{ alias }})</i></li>
+                    <tr>
+                        <td>{{ name }}</td>
+                        <td>{{ alias }}</td>
+                    </tr>
                 {% endfor %}
-            </ul>
+                </tbody>
+            </table>
         {% else %}
             The is no encryption algorithm. Did you installed "web-token/jwt-encryption-bundle"?
         {% endif %}
diff --git a/src/Bundle/JoseFramework/Resources/views/data_collector/tab/jws.html.twig b/src/Bundle/JoseFramework/Resources/views/data_collector/tab/jws.html.twig
@@ -16,7 +16,14 @@
                     <td>
                         <ul>
                             {% for algorithm in data.signature_algorithms %}
-                                <li><span{% if algorithm == 'none' %} class="severity-low"{% endif %}>{{ algorithm }}</span></li>
+                                <li>
+                                    <span{% if algorithm in collector.getData().algorithm.messages|keys %}
+                                        class="{{ collector.getData().algorithm.messages[algorithm]['severity'] }}"
+                                            {% else %}
+                                            {% endif %}>
+                                        {{ algorithm }}
+                                    </span>
+                                </li>
                             {% endfor %}
                         </ul>
                     </td>
@@ -39,7 +46,13 @@
                     <td>
                         <ul>
                             {% for algorithm in data.signature_algorithms %}
-                                <li><span{% if algorithm == 'none' %} class="severity-low"{% endif %}>{{ algorithm }}</span></li>
+                                <li>
+                                    <span{% if algorithm in collector.getData().algorithm.messages|keys %}
+                                        class="{{ collector.getData().algorithm.messages[algorithm]['severity'] }}"
+                                            {% endif %}>
+                                        {{ algorithm }}
+                                    </span>
+                                </li>
                             {% endfor %}
                         </ul>
                     </td>
@@ -81,19 +94,53 @@
         {% set signatureAlgorithms = collector.getData().algorithm.algorithms %}
         {% if signatureAlgorithms['Signature'] is defined %}
             <h4>Available Signature Algorithms</h4>
-            <ul>
+            <table>
+                <thead>
+                <tr>
+                    <th>Name</th>
+                    <th>Alias</th>
+                    <th>Message</th>
+                </tr>
+                </thead>
+                <tbody>
                 {% for alias, alg in signatureAlgorithms['Signature'] %}
-                    <li><span{% if alg.name == 'none' %} class="severity-low"{% endif %}>{{ alg.name }} (alias: <i>{{ alias }})</i>{% if alg.name == 'none' %}. This algorithm is not secured. Please use with caution{% endif %}</span></li>
+                    <tr>
+                        <td {% if alg.name in collector.getData().algorithm.messages|keys %}
+                            class="{{ collector.getData().algorithm.messages[alg.name]['severity'] }}"
+                                {% endif %}>{{ alg.name }}</td>
+                        <td {% if alg.name in collector.getData().algorithm.messages|keys %}
+                            class="{{ collector.getData().algorithm.messages[alg.name]['severity'] }}"
+                                {% endif %}>{{ alias }}</td>
+                        <td {% if alg.name in collector.getData().algorithm.messages|keys %}
+                            class="{{ collector.getData().algorithm.messages[alg.name]['severity'] }}"
+                                {% endif %}>
+                            {% if alg.name in collector.getData().algorithm.messages|keys %}
+                                {{ collector.getData().algorithm.messages[alg.name]['message']|raw }}
+                            {% endif %}
+                        </td>
+                    </tr>
                 {% endfor %}
-            </ul>
+                </tbody>
+            </table>
             <h4>Serialization Modes</h4>
-            <ul>
+            <table>
+                <thead>
+                <tr>
+                    <th>Name</th>
+                    <th>Alias</th>
+                </tr>
+                </thead>
+                <tbody>
                 {% for alias, name in collector.getData().jws.jws_serialization %}
-                    <li>{{ name }} (alias: <i>{{ alias }})</i></li>
+                    <tr>
+                        <td>{{ name }}</td>
+                        <td>{{ alias }}</td>
+                    </tr>
                 {% endfor %}
-            </ul>
+                </tbody>
+            </table>
         {% else %}
-            The is no signature algorithm. Did you installed "web-token/jwt-signature-bundle"?
+            There is no signature algorithm. Did you installed "web-token/jwt-signature-bundle"?
         {% endif %}
     </div>
 </div>
diff --git a/src/Bundle/JoseFramework/Resources/views/data_collector/template.html.twig b/src/Bundle/JoseFramework/Resources/views/data_collector/template.html.twig
@@ -56,15 +56,15 @@
 
     <style>
         .severity-low {
-            background: yellow;
+            background-color: yellow;
             color: #000;
         }
         .severity-medium {
-            background: orange;
+            background-color: orange;
             color: #000;
         }
         .severity-high {
-            background: #B0413E;
+            background-color: #B0413E;
             color: #FFF;
             font-weight: bold;
         }

Original file line number	Diff line number	Diff line change
`@@ -56,15 +56,15 @@`
`56`	`56`
`57`	`57`	`<style>`
`58`	`58`	`.severity-low {`
`59`		`- background: yellow;`
	`59`	`+ background-color: yellow;`
`60`	`60`	`color: #000;`
`61`	`61`	`}`
`62`	`62`	`.severity-medium {`
`63`		`- background: orange;`
	`63`	`+ background-color: orange;`
`64`	`64`	`color: #000;`
`65`	`65`	`}`
`66`	`66`	`.severity-high {`
`67`		`- background: #B0413E;`
	`67`	`+ background-color: #B0413E;`
`68`	`68`	`color: #FFF;`
`69`	`69`	`font-weight: bold;`
`70`	`70`	`}`