From 09c19b4654c4bb85cf9f42d18fe741f484f18488 Mon Sep 17 00:00:00 2001 From: Dirk Date: Sat, 1 Oct 2016 10:04:33 +0200 Subject: [PATCH] FIX #489, clear warning if >=1 HSTS headers are present --- testssl.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/testssl.sh b/testssl.sh index d195703..3bf60ad 100755 --- a/testssl.sh +++ b/testssl.sh @@ -915,6 +915,7 @@ preload() { run_hsts() { local hsts_age_sec local hsts_age_days + local spaces=" " if [[ ! -s $HEADERFILE ]]; then run_http_header "$1" || return 3 @@ -923,7 +924,11 @@ run_hsts() { pr_bold " Strict Transport Security " grep -iaw '^Strict-Transport-Security' $HEADERFILE >$TMPFILE if [[ $? -eq 0 ]]; then - grep -aciw '^Strict-Transport-Security' $HEADERFILE | egrep -waq "1" || out "(two HSTS header, using 1st one) " + if ! grep -aciw '^Strict-Transport-Security' $HEADERFILE | egrep -waq "1" ; then + pr_svrty_medium "misconfiguration: two HSTS headers" + outln " (displaying first one here)." + out "$spaces" + fi hsts_age_sec=$(sed -e 's/[^0-9]*//g' $TMPFILE | head -1) debugme echo "hsts_age_sec: $hsts_age_sec" if [[ -n $hsts_age_sec ]]; then @@ -990,7 +995,7 @@ run_hpkp() { else hpkp_headers="" pr_svrty_medium "multiple HPKP headers: " - # https://scotthelme.co.uk is a candidate + # https://scotthelme.co.uk was a candidate #FIXME: should display both Public-Key-Pins+Public-Key-Pins-Report-Only --> egrep -ai -w for i in $(newline_to_spaces "$(egrep -ai '^Public-Key-Pins' $HEADERFILE | awk -F':' '/Public-Key-Pins/ { print $1 }')"); do pr_italic $i @@ -8864,4 +8869,4 @@ fi exit $? -# $Id: testssl.sh,v 1.551 2016/09/29 18:59:12 dirkw Exp $ +# $Id: testssl.sh,v 1.552 2016/10/01 08:04:32 dirkw Exp $