From 1fc756c414a2684f2beed8d1a20aa69c3eb67084 Mon Sep 17 00:00:00 2001 From: devStorm <59678453+developStorm@users.noreply.github.com> Date: Thu, 11 Apr 2024 15:56:03 -0700 Subject: [PATCH 1/2] refactor: improve and align ftp tls error msg --- modules/ftp/scanner.go | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/modules/ftp/scanner.go b/modules/ftp/scanner.go index 4ff3ce8b..eff27fb5 100644 --- a/modules/ftp/scanner.go +++ b/modules/ftp/scanner.go @@ -216,14 +216,14 @@ func (ftp *Connection) GetFTPSCertificates() error { ftpsReady, err := ftp.SetupFTPS() if err != nil { - return err + return fmt.Errorf("error setting up FTPS: %w", err) } if !ftpsReady { return nil } var conn *zgrab2.TLSConnection if conn, err = ftp.config.TLSFlags.GetTLSConnection(ftp.conn); err != nil { - return err + return fmt.Errorf("error setting up TLS connection: %w", err) } ftp.results.TLSLog = conn.GetLog() @@ -232,20 +232,20 @@ func (ftp *Connection) GetFTPSCertificates() error { // AUTH TLS succeeds, but the handshake fails, dumping // "error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher" // to the socket. - return err + return fmt.Errorf("TLS handshake failed: %w", err) } ftp.conn = conn return nil } // Scan performs the configured scan on the FTP server, as follows: -// * Read the banner into results.Banner (if it is not a 2XX response, bail) -// * If the FTPAuthTLS flag is not set, finish. -// * Send the AUTH TLS command to the server. If the response is not 2XX, then -// send the AUTH SSL command. If the response is not 2XX, then finish. -// * Perform ths TLS handshake / any configured TLS scans, populating -// results.TLSLog. -// * Return SCAN_SUCCESS, &results, nil +// - Read the banner into results.Banner (if it is not a 2XX response, bail) +// - If the FTPAuthTLS flag is not set, finish. +// - Send the AUTH TLS command to the server. If the response is not 2XX, then +// send the AUTH SSL command. If the response is not 2XX, then finish. +// - Perform ths TLS handshake / any configured TLS scans, populating +// results.TLSLog. +// - Return SCAN_SUCCESS, &results, nil func (s *Scanner) Scan(t zgrab2.ScanTarget) (status zgrab2.ScanStatus, result interface{}, thrown error) { var err error conn, err := t.Open(&s.config.BaseFlags) @@ -279,7 +279,7 @@ func (s *Scanner) Scan(t zgrab2.ScanTarget) (status zgrab2.ScanStatus, result in } if s.config.FTPAuthTLS && is200Banner { if err := ftp.GetFTPSCertificates(); err != nil { - return zgrab2.SCAN_APPLICATION_ERROR, &ftp.results, err + return zgrab2.TryGetScanStatus(err), &ftp.results, err } } return zgrab2.SCAN_SUCCESS, &ftp.results, nil From ab5b8b1baf3fbb3e43f69acbf69d9eeca7c53566 Mon Sep 17 00:00:00 2001 From: devStorm <59678453+developStorm@users.noreply.github.com> Date: Fri, 12 Apr 2024 11:04:46 -0700 Subject: [PATCH 2/2] refactor: wrap all err in ftp Scan() --- modules/ftp/scanner.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/ftp/scanner.go b/modules/ftp/scanner.go index eff27fb5..ce41611b 100644 --- a/modules/ftp/scanner.go +++ b/modules/ftp/scanner.go @@ -250,7 +250,7 @@ func (s *Scanner) Scan(t zgrab2.ScanTarget) (status zgrab2.ScanStatus, result in var err error conn, err := t.Open(&s.config.BaseFlags) if err != nil { - return zgrab2.TryGetScanStatus(err), nil, err + return zgrab2.TryGetScanStatus(err), nil, fmt.Errorf("error opening connection: %w", err) } cn := conn defer func() { @@ -261,13 +261,13 @@ func (s *Scanner) Scan(t zgrab2.ScanTarget) (status zgrab2.ScanStatus, result in if s.config.ImplicitTLS { tlsConn, err := s.config.TLSFlags.GetTLSConnection(conn) if err != nil { - return zgrab2.TryGetScanStatus(err), nil, err + return zgrab2.TryGetScanStatus(err), nil, fmt.Errorf("error setting up TLS connection: %w", err) } results.ImplicitTLS = true results.TLSLog = tlsConn.GetLog() err = tlsConn.Handshake() if err != nil { - return zgrab2.TryGetScanStatus(err), nil, err + return zgrab2.TryGetScanStatus(err), nil, fmt.Errorf("TLS handshake failed: %w", err) } cn = tlsConn } @@ -275,11 +275,11 @@ func (s *Scanner) Scan(t zgrab2.ScanTarget) (status zgrab2.ScanStatus, result in ftp := Connection{conn: cn, config: s.config, results: results} is200Banner, err := ftp.GetFTPBanner() if err != nil { - return zgrab2.TryGetScanStatus(err), &ftp.results, err + return zgrab2.TryGetScanStatus(err), &ftp.results, fmt.Errorf("error reading FTP banner: %w", err) } if s.config.FTPAuthTLS && is200Banner { if err := ftp.GetFTPSCertificates(); err != nil { - return zgrab2.TryGetScanStatus(err), &ftp.results, err + return zgrab2.TryGetScanStatus(err), &ftp.results, fmt.Errorf("error getting FTPS certificates: %w", err) } } return zgrab2.SCAN_SUCCESS, &ftp.results, nil