checker: enforce prober-as-observation, move all analysis to rules layer

checker/rules_algorithms.go

@@ -54,7 +54,7 @@ func (r *algorithmFamilyRule) Evaluate(ctx context.Context, obs sdk.ObservationG
 	}
 	var issues []Issue
 	for _, ep := range eps {
-		issues = append(issues, analyseWeakAlgos(ep.Address, r.family, r.extract(&ep), r.table)...)
+		issues = append(issues, analyseWeakAlgos(ep.Addr(), r.family, r.extract(&ep), r.table)...)
 	}
 	if len(issues) == 0 {
 		return []sdk.CheckState{passState(r.passCode, r.passMsg)}
@@ -137,7 +137,7 @@ func (r *strictKexRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter,
 	}
 	var issues []Issue
 	for _, ep := range eps {
-		issues = append(issues, analyseStrictKex(ep.Address, ep.KEX)...)
+		issues = append(issues, analyseStrictKex(ep.Addr(), ep.KEX)...)
 	}
 	if len(issues) == 0 {
 		return []sdk.CheckState{passState("ssh.strict_kex.ok", "Every endpoint advertises the Terrapin mitigation marker.")}
@@ -165,7 +165,7 @@ func (r *preauthCompressionRule) Evaluate(ctx context.Context, obs sdk.Observati
 	}
 	var issues []Issue
 	for _, ep := range eps {
-		issues = append(issues, analysePreauthCompression(ep.Address, ep.CompC2S)...)
+		issues = append(issues, analysePreauthCompression(ep.Addr(), ep.CompC2S)...)
 	}
 	if len(issues) == 0 {
 		return []sdk.CheckState{passState("ssh.preauth_compression.ok", "No endpoint offers pre-authentication zlib compression.")}