AssertionError when target cannot be resolved and parsed_command_line.servers_to_scans is empty

[brigancc]

Describe the bug
Assertion error when running SSLyze against a target that does not resolve. Additionally, when using --json_out=- no JSON is produced, which is not how SSLyze v4 worked (see below for comparison). This causes tools that expect valid JSON output to fail.

To Reproduce
Steps to reproduce the behavior:

1. Install SSLyze using pip install --no-cache-dir --compile -U sslyze
2. Run the following command sslyze idonotexistttt.com
3. See error

Expected behavior
Python should not throw an error, but should instead display a proper error message AND generate valid JSON that can be parsed.

SSLyze v5.0.2

root@3fa08cffa6fd:/# sslyze --json_out=- idonotexistttt.com
Traceback (most recent call last):
  File "/usr/local/bin/sslyze", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.10/site-packages/sslyze/__main__.py", line 59, in main
    assert all_server_scan_requests
AssertionError

SSLyze v4.1.0

root@6f551893bcc5:/# sslyze --json_out=- idonotexistttt.com
{
    "server_connectivity_errors": [
        {
            "error_message": "Could not resolve hostname idonotexistttt.com",
            "server_string": "idonotexistttt.com:443"
        }
    ],
    "server_scan_results": [],
    "sslyze_url": "https://github.com/nabla-c0d3/sslyze",
    "sslyze_version": "4.1.0",
    "total_scan_time": 0.020884037017822266
}

Python environment (please complete the following information):
docker run -it --entrypoint=/bin/bash python:3.10.2

Additional context
None.

[brigancc]

The AssertionError happens because at parsed_command_line.servers_to_scans is empty at this point. Dumping parsed_command_line below you can see it's processed and the error messages are all in there, but there's no check to see if there are any servers that can be scanned. The script should quit before reaching this point since there are no scans to queue.

sslyze/sslyze/__main__.py

Line 51 in 8255872

for server_location, network_config in parsed_command_line.servers_to_scans:

ParsedCommandLine(invalid_servers=[InvalidServerStringError(server_string='idonotexistttt.com:443', error_message='Could not resolve hostname idonotexistttt.com')], servers_to_scans=[], scan_commands={<ScanCommand.SSL_2_0_CIPHER_SUITES: 'ssl_2_0_cipher_suites'>, <ScanCommand.CERTIFICATE_INFO: 'certificate_info'>, <ScanCommand.HEARTBLEED: 'heartbleed'>, <ScanCommand.TLS_1_1_CIPHER_SUITES: 'tls_1_1_cipher_suites'>, <ScanCommand.TLS_1_2_CIPHER_SUITES: 'tls_1_2_cipher_suites'>, <ScanCommand.ROBOT: 'robot'>, <ScanCommand.OPENSSL_CCS_INJECTION: 'openssl_ccs_injection'>, <ScanCommand.TLS_1_0_CIPHER_SUITES: 'tls_1_0_cipher_suites'>, <ScanCommand.TLS_COMPRESSION: 'tls_compression'>, <ScanCommand.SSL_3_0_CIPHER_SUITES: 'ssl_3_0_cipher_suites'>, <ScanCommand.ELLIPTIC_CURVES: 'elliptic_curves'>, <ScanCommand.TLS_1_3_CIPHER_SUITES: 'tls_1_3_cipher_suites'>, <ScanCommand.SESSION_RENEGOTIATION: 'session_renegotiation'>}, scan_commands_extra_arguments=ScanCommandsExtraArguments(certificate_info=None, session_resumption=None), json_path_out=None, should_print_json_to_console=True, should_disable_console_output=True, per_server_concurrent_connections_limit=None, concurrent_server_scans_limit=None, check_against_mozilla_config=<MozillaTlsConfigurationEnum.INTERMEDIATE: 'intermediate'>)

[brigancc]

This might be a good candidate for an additional CI/CD test: a server doesn't exist or doesn't resolve

[nabla-c0d3]

Thanks for the report; it will be fixed in the next release.

[nabla-c0d3]

This was fixed in v5.0.3.