Golang API wrapper for the Mozilla Observatory

Preambule

Like I did for the cryptcheck.fr API in the previous article), please welcome the API wrapper for the Mozilla Observatory API. The Mozilla Observatory is a site which include many tests for websites including TLS (SSLLabs & Cryptcheck) and HTTP-related ones (XSS protection, X-Frame, Content Security Policy and many others).

My Golang API wrapper, now at version 1.0.0 (and using Semantic Versioning to ensure compatibility) is available on Github there.

Installation

Like many Go libraries and utilities, it is very easy to install:

1

$ go get github.com/keltia/observatory/cmd/...

I use this form because in addition to the library itself, there is a small command included.

The current version of the API wrapper is v1.0.0 (see here)

Warning

I have not implemented the full 1.0 API as a few functions do not seem that important to me. I have nonetheless opened an issue about this and comments & discussions are welcome.

Currently Implemented:

Function Arguments Returns
GetGrade site: string the site’s grade: string
GetScore site: string the site’s score: int
GetScanID site: string latest scan ID: int
GetScanReport scanid: int RAW json with full report: []byte
GetSiteHistory site: string All scans: array

Usage

Like the README.md shows, usage is very easy, there are only to main functions, GetGradeand GetDetailedReport. You have to initialize the client first of course:

1
2
3
4
5
6
7

client := observatory.NewClient()
...
grade, err := client.GetGrade("www.example.com")
...
scanid, err := client.GetScanID("www.example.com")
...
report, err := client.GetScanReport(scanid)

You can also pass parameters to NewClient() to change defaults:

1
2
3

cnf := observatory.Config{Timeout: 5, Log:2}
client := observatory.NewClient(cnf)
...

Changeable parameters include the log level for verbosity (Log can be 0, 1 or 2) and whether you want to force a re-check of the site to avoid getting a cached version. (Refresh: true). See the README.md file.

For convenience, I have also written the observatory utility (found in cmd/observatoryof course) if you just want a nice example and a quick reading:

1
2
3
4

 $ observatory golang.org
 observatory Wrapper: 0.2.0 API version 1.0.0

Grade for 'golang.org' is D+

You can run observatory with the -d option, in which case you will get a JSON dump of the whole report. You can send it over to jq for further processing.

If you like this module, you can “star” on github, fork it, etc. It is under the BSD 2-clause license.

Notes

I use the Semantic Versioning numbering scheme for this API to facilitate developers’ usage and maintenance.

It is also vgo-compatible and includes the go.modfile for vgo metadata. See this series of articles for more details. vgo aims to be the future scheme to properly manage module dependencies as proposed by Russ Cox.

Enjoy!

References

api, cryptography, english, golang, mozilla, tls