switch mql tls epoch fields into a time fields
Closed this issue · 3 comments
ehaselwanter commented
the date related fields put out epoch integers
tls.certificates[0].notafter: 1643697211
would be awesome to switch to time fields to support something like:
tls.certificates.all( expiration > 30 * time.day)
chris-rock commented
Thank you @ehaselwanter for reporting, l love the idea.
chris-rock commented
Thank you @ehaselwanter for reporting. We updated the tls resource:
notAfter and notBefore are proper time fields now:
tls("mondoo.io").certificates { notBefore notAfter }
tls.certificates: [
0: {
notAfter: 2022-02-25 18:25:20 +0000 UTC
notBefore: 2021-11-27 18:25:21 +0000 UTC
}
1: {
notAfter: 2025-09-15 16:00:00 +0000 UTC
notBefore: 2020-09-04 00:00:00 +0000 UTC
}
2: {
notAfter: 2024-09-30 18:14:03 +0000 UTC
notBefore: 2021-01-20 19:14:03 +0000 UTC
}
]This enables the use of normal timestamp operations work with it:
tls("mondoo.io").certificates { notAfter }
tls("mondoo.io").certificates { notAfter - time.now }
tls(“mondoo.io”).certificates { notAfter - time.now > 30 * time.day }To make things easier, we expose the expiration time directly via a new field expiresIn:
tls("mondoo.io").certificates { expiresIn }
tls.certificates: [
0: {
expiresIn: 73 days 3 hours 55 minutes 6 seconds
}
1: {
expiresIn: 1371 days 1 hours 29 minutes 46 seconds
}
2: {
expiresIn: 1021 days 3 hours 43 minutes 49 seconds
}
]To check that all certificates have a expiration time longer than 30 days, run the following query:
tls("mondoo.io").certificates { expiresIn > 30 * time.day }
tls.certificates: [
0: {
expiresIn > <ref>: true
}
1: {
expiresIn > <ref>: true
}
2: {
expiresIn > <ref>: true
}
]In addition, mondoo ships with a new TLS policy:
mondoo scan -t host://mondoo.io --incognito --policy '//policy.api.mondoo.app/policies/mondoo-tls-baseline'Read more about this change for 5.17.1 in our release docs
Please let us know if anything else is missing.
ehaselwanter commented
Wow. Super nice! :)