Fixed Generate Script

scripts-backup/generate-report.pl

@@ -0,0 +1,240 @@
+#!/usr/bin/env perl
+use strict;
+use warnings;
+use JSON::MaybeXS;
+use LWP::UserAgent;
+use HTTP::Request;
+use MIME::Base64 qw(encode_base64);
+use Date::Parse qw(str2time);
+use POSIX qw(strftime);
+use File::Spec;
+use File::Basename;
+use HTTP::Cookies;
+
+# CONFIG
+my $basedir     = dirname(__FILE__);
+my $input_file  = File::Spec->catfile($basedir, 'web_list.json');
+my $output_file = File::Spec->catfile($basedir, 'web_check.json');
+my $false_html  = File::Spec->catfile($basedir, 'sld-check-false.html');
+my $timeout     = 10;             # timeout secondi
+my $openssl_timeout_bin = (-x '/usr/bin/timeout' ? '/usr/bin/timeout' :
+                           -x '/bin/timeout'     ? '/bin/timeout'     : '');
+
+# ===== helpers =====
+sub read_json_file {
+    my ($path) = @_;
+    open my $fh, '<', $path or die "Cannot open $path: $!\n";
+    local $/;
+    my $json = <$fh>;
+    close $fh;
+    return decode_json($json);
+}
+
+sub write_json_file {
+    my ($path, $data) = @_;
+    open my $out, '>', $path or die "Cannot write $path: $!\n";
+    print $out encode_json($data);
+    close $out;
+}
+
+sub format_date_from_string {
+    my ($raw) = @_;
+    return undef unless defined $raw && $raw ne '';
+    my $ts = str2time($raw);
+    return undef unless $ts;
+    return strftime("%d/%m/%Y", gmtime($ts));
+}
+
+# Run openssl s_client -> parse notBefore notAfter issuer
+sub get_cert_info_openssl {
+    my ($host, $timeout_sec) = @_;
+    my $result = {
+        status => 0,
+        issued => undef,
+        expiry => undef,
+        company => undef,
+        error => undef,
+    };
+
+    # escape host for shell
+    my $esc_host = $host;
+    $esc_host =~ s/'/'\\''/g; # basic escape if used in single quotes
+    my $cmd = sprintf("openssl s_client -connect %s:443 -servername %s -showcerts </dev/null 2>/dev/null | openssl x509 -noout -dates -issuer", $host, $host);
+    if ($openssl_timeout_bin) {
+        $cmd = join(' ', $openssl_timeout_bin, $timeout_sec, $cmd);
+    }
+
+    my $out = qx{$cmd};
+    my $exit = $? >> 8;
+
+    if ($exit != 0 || $out eq '') {
+        $result->{error} = "openssl failed or timed out (exit=$exit)";
+        return $result;
+    }
+
+    my ($notBefore) = $out =~ /notBefore=(.+)/i;
+    my ($notAfter)  = $out =~ /notAfter=(.+)/i;
+    my ($issuer)    = $out =~ /issuer\s*=\s*(.+)/i;
+
+    my $issued_fmt = defined $notBefore ? format_date_from_string($notBefore) : undef;
+    my $expiry_fmt = defined $notAfter  ? format_date_from_string($notAfter)  : undef;
+
+    # extract company from issuer: try O= then CN= else whole issuer
+    my $company = undef;
+    if (defined $issuer) {
+        if ($issuer =~ /O=([^,\/]+)/) {
+            $company = $1;
+        } elsif ($issuer =~ /CN=([^,\/]+)/) {
+            $company = $1;
+        } else {
+            $company = $issuer;
+        }
+        $company =~ s/^\s+|\s+$//g;
+    }
+
+    my $is_valid = 0;
+    if ($expiry_fmt) {
+        my $ts = str2time($notAfter);
+        $is_valid = ($ts && time() < $ts) ? 1 : 0;
+    }
+
+    $result->{status}  = $is_valid;
+    $result->{issued}  = $issued_fmt;
+    $result->{expiry}  = $expiry_fmt;
+    $result->{company} = $company;
+    $result->{error}   = undef;
+    return $result;
+}
+
+# build URL from domain + path; ensure https:// prefix
+sub build_url {
+    my ($domain, $path) = @_;
+    $domain =~ s{^https?://}{}i;
+    $domain =~ s{/$}{}; # remove trailing slash
+    $path = '' unless defined $path;
+    $path = '/' if $path eq '';
+    $path = "/$path" unless $path =~ m{^/};
+    return 'https://' . $domain . $path;
+}
+
+# basic sanitize host (remove scheme and path)
+sub normalize_host {
+    my ($domain) = @_;
+    return undef unless defined $domain;
+    $domain =~ s{^https?://}{}i;
+    $domain =~ s{/.*$}{};     # remove path
+    $domain =~ s/:\d+$//;    # remove port if any
+    return $domain;
+}
+
+# ===== prepare LWP client =====
+my $ua = LWP::UserAgent->new(timeout => $timeout);
+# Browser-like user agent to avoid bot blocking
+$ua->agent("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 ".
+           "(KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36");
+$ua->default_header('Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8');
+$ua->cookie_jar(HTTP::Cookies->new());    # maintain cookies
+$ua->max_redirect(7);
+
+# ===== main =====
+die "Input file $input_file not found\n" unless -f $input_file;
+my $domains = read_json_file($input_file);
+die "Input JSON must be an array\n" unless ref($domains) eq 'ARRAY';
+
+my @results;
+my $any_fail = 0;
+my $total_ssl_ok = 0;
+my $total_content_ok = 0;
+
+foreach my $entry (@$domains) {
+    # read fields (tolleranza nomi)
+    my $host = $entry->{host} // '';
+    my $domain = $entry->{domain} // '';
+    my $path = exists $entry->{path} ? $entry->{path} : '';
+    my $word = $entry->{'word-to-check'} // '';
+    my $basic_auth = $entry->{basic_auth} ? 1 : 0;
+    my $user = $entry->{basic_auth_name} // undef;
+    my $pass = $entry->{basic_auth_pass} // $entry->{basic_auth_password} // $entry->{basic_auth_passwd} // undef;
+
+    # build url & ssl host
+    my $url = build_url($domain, $path);
+    my $ssl_host = normalize_host($domain) || $host || '';
+
+    # get cert info (openssl s_client)
+    my $ssl_info = get_cert_info_openssl($ssl_host, $timeout);
+
+    # content check via LWP::UserAgent
+    my $word_ok = 0;
+    my $http_code = undef;
+    my $content_err = undef;
+
+    # prepare request
+    my $req = HTTP::Request->new(GET => $url);
+    # add headers that often avoid 403
+    $req->header('Accept-Language' => 'en-US,en;q=0.9');
+
+    if ($basic_auth && defined $user && defined $pass) {
+        my $b64 = encode_base64("$user:$pass", '');
+        $req->header('Authorization' => "Basic $b64");
+    }
+
+    my $res = eval { $ua->request($req) };
+    if ($@ or !defined $res) {
+        $content_err = $@ || 'request failed';
+        $word_ok = 0;
+    } else {
+        $http_code = $res->code;
+        if ($res->is_success) {
+            my $body = $res->decoded_content(charset => 'none');
+            $word_ok = (index($body, $word) >= 0) ? 1 : 0;
+        } else {
+            $content_err = "HTTP $http_code - " . ($res->message // '');
+            $word_ok = 0;
+        }
+    }
+
+    $total_ssl_ok++    if $ssl_info->{status} == 1;
+    $total_content_ok++ if $word_ok == 1;
+    $any_fail = 1 if ($ssl_info->{status} == 0 || $word_ok == 0);
+
+    push @results, {
+        host            => $host,
+        domain          => $domain,
+        path            => ($path eq '' ? '/' : $path),
+        wordtocheck     => $word,
+        wordcheck_ok    => $word_ok,
+        sslcheck_ok     => $ssl_info->{status} // 0,
+        'ssl-released'  => $ssl_info->{issued},
+        'ssl-expiry'    => $ssl_info->{expiry},
+        'ssl-company'   => $ssl_info->{company},
+        # debug fields
+        content_http_code => defined $http_code ? "$http_code" : undef,
+        content_error     => $content_err,
+        ssl_error         => $ssl_info->{error},
+    };
+}
+
+# write output
+open my $outfh, '>', $output_file or die "Cannot write $output_file: $!\n";
+print $outfh encode_json(\@results);
+close $outfh;
+
+# manage sld-check-false.html
+if ($any_fail) {
+    if (open my $fh, '>', $false_html) {
+        print $fh "<html><body><h1>WARNING: some checks failed</h1>\n";
+        print $fh "<p>Generated by check_web_final.pl</p>\n";
+        print $fh "</body></html>\n";
+        close $fh;
+    } else {
+        warn "Cannot write $false_html: $!\n";
+    }
+} else {
+    unlink $false_html if -f $false_html;
+}
+
+# summary
+print "Check completato. Risultati salvati in $output_file\n";
+print "Totali: SSL ok = $total_ssl_ok, Content ok = $total_content_ok\n";
+
+exit 0;