From beae0ce19562dbf9a611c6607445d970a9d5d3ac Mon Sep 17 00:00:00 2001 From: Karsten Weiss Date: Wed, 14 Sep 2016 12:11:51 +0200 Subject: [PATCH 1/3] run_{rp,application}_banner(): Fix unassigned variables. This commit fixes the following two instances of referenced but not assigned variables: ``` In testssl.sh line 1159: rp_banners="$rp_bannersline" ^-- SC2154: rp_bannersline is referenced but not assigned. In testssl.sh line 1193: app_banners="$app_bannersline" ^-- SC2154: app_bannersline is referenced but not assigned. ``` Found by ShellCheck. --- testssl.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testssl.sh b/testssl.sh index 5c9619e..fdf2f21 100755 --- a/testssl.sh +++ b/testssl.sh @@ -1156,7 +1156,7 @@ run_rp_banner() { first=false fi emphasize_stuff_in_headers "$line" - rp_banners="$rp_bannersline" + rp_banners="${rp_banners}${line}" done < $TMPFILE fileout "rp_header" "INFO" "Reverse proxy banner(s) found: $rp_banners" fi @@ -1190,7 +1190,7 @@ run_application_banner() { first=false fi emphasize_stuff_in_headers "$line" - app_banners="$app_bannersline" + app_banners="${app_banners}${line}" done fileout "app_banner" "WARN" "Application Banners found: $app_banners" fi From 6a6d4880d6b576055d3088a298a1715d2b556a60 Mon Sep 17 00:00:00 2001 From: Karsten Weiss Date: Wed, 14 Sep 2016 12:16:37 +0200 Subject: [PATCH 2/3] run_application_banner(): Fix modified in subshell bug. Refactor the while loop so it doesn't use a subshell anymore. Also use "read -r" to prevent backslash escaping. ``` In testssl.sh line 1193: app_banners="$app_bannersline" ^-- SC2030: Modification of app_banners is local (to subshell caused by pipeline). In testssl.sh line 1195: fileout "app_banner" "WARN" "Application Banners found: $app_banners" ^-- SC2031: app_banners was modified in a subshell. That change might be lost. ``` Found by ShellCheck. --- testssl.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testssl.sh b/testssl.sh index fdf2f21..8ae0b3a 100755 --- a/testssl.sh +++ b/testssl.sh @@ -1182,7 +1182,7 @@ run_application_banner() { outln "--" fileout "app_banner" "INFO" "No Application Banners found" else - cat $TMPFILE | while read line; do + while IFS='' read -r line; do line=$(strip_lf "$line") if ! $first; then out "$spaces" @@ -1191,7 +1191,7 @@ run_application_banner() { fi emphasize_stuff_in_headers "$line" app_banners="${app_banners}${line}" - done + done < "$TMPFILE" fileout "app_banner" "WARN" "Application Banners found: $app_banners" fi tmpfile_handle $FUNCNAME.txt From 42e9406ee1e92d02889fa8a5dd605efd0cafc5cc Mon Sep 17 00:00:00 2001 From: Karsten Weiss Date: Wed, 14 Sep 2016 12:23:18 +0200 Subject: [PATCH 3/3] run_rp_banner(): Fix indentation. --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index 8ae0b3a..d9a1679 100755 --- a/testssl.sh +++ b/testssl.sh @@ -1147,7 +1147,7 @@ run_rp_banner() { if [[ $? -ne 0 ]]; then outln "--" fileout "rp_header" "INFO" "No reverse proxy banner found" - else + else while read line; do line=$(strip_lf "$line") if ! $first; then