Created
March 31, 2017 21:49
-
-
Save jcjones/535b5672d075910fdce4f55b9ce57ef7 to your computer and use it in GitHub Desktop.
Search TLS Error Reporting for the top certificates that provoked SEC_ERROR_UNKNOWN_ISSUER
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from moztelemetry import get_pings_properties, get_one_ping_per_client | |
from moztelemetry.dataset import Dataset | |
from collections import defaultdict, Counter | |
ssl_reports = Dataset.from_source("sslreports")\ | |
.where(submissionDate=lambda xx: xx.startswith("201702"))\ | |
.records(sc, sample=0.01) | |
# Filter down to SEC_ERROR_UNKNOWN_ISSUER | |
data=ssl_reports.filter(lambda y: y['meta']['errorCode'] == -8179.0) | |
def process(accum, xx): | |
if 'isAccum' not in accum: | |
# Happens on the first execution | |
emptyValueBootstrapDataset = defaultdict(Counter) | |
emptyValueBootstrapDataset['isAccum'] = True | |
# Recursively bootstrap our accumulator | |
accum = process(emptyValueBootstrapDataset, accum) | |
if 'isAccum' in xx: | |
# Merge intermediate states on the final executions | |
for k1,v1 in xx.iteritems(): | |
if k1 == 'isAccum': | |
continue | |
for k2,v2 in v1.iteritems(): | |
accum[k1][k2] += v2 | |
return accum | |
# Primary analysis | |
try: | |
ping = xx['meta'] | |
accum['certChains'][ping['failedCertChain']] += 1 | |
accum['hostname'][ping['hostname']] += 1 | |
except: | |
print "Missing data? {}".format(xx) | |
return accum | |
x = data.reduce(process) | |
# Show top hostnames | |
for idx, w in enumerate(sorted(x['hostname'], key=x['hostname'].get, reverse=True)): | |
if idx > 10: | |
break | |
print w, x['hostname'][w] | |
# Show top certificates | |
for idx, w in enumerate(sorted(x['certChains'], key=x['certChains'].get, reverse=True)): | |
if idx > 10: | |
break | |
print w, x['certChains'][w] | |
# Write out the certificates to a file in format: | |
# {DER data} {number of occurrances}\n | |
with open("/tmp/output", "w") as out: | |
for w in sorted(x['certChains'], key=x['certChains'].get, reverse=True): | |
count = x['certChains'][w] | |
if count > 10: | |
out.write("{} {}\n".format(w, count)) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment