Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-07 09:10:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX #489, clear warning if >=1 HSTS headers are present

Browse Source
This commit is contained in:
Dirk 2016-10-01 10:04:33 +02:00
parent fd83509ae5
commit 09c19b4654
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
testssl.sh
View File

@ -915,6 +915,7 @@ preload() {
run_hsts() { run_hsts() {
local hsts_age_sec local hsts_age_sec
local hsts_age_days local hsts_age_days
local spaces=" "
if [[ ! -s $HEADERFILE ]]; then if [[ ! -s $HEADERFILE ]]; then
run_http_header "$1" || return 3 run_http_header "$1" || return 3
@ -923,7 +924,11 @@ run_hsts() {
pr_bold " Strict Transport Security " pr_bold " Strict Transport Security "
grep -iaw '^Strict-Transport-Security' $HEADERFILE >$TMPFILE grep -iaw '^Strict-Transport-Security' $HEADERFILE >$TMPFILE
if [[ $? -eq 0 ]]; then if [[ $? -eq 0 ]]; then
grep -aciw '^Strict-Transport-Security' $HEADERFILE | egrep -waq "1" || out "(two HSTS header, using 1st one) " if ! grep -aciw '^Strict-Transport-Security' $HEADERFILE | egrep -waq "1" ; then
pr_svrty_medium "misconfiguration: two HSTS headers"
outln " (displaying first one here)."
out "$spaces"
fi
hsts_age_sec=$(sed -e 's/[^0-9]*//g' $TMPFILE | head -1) hsts_age_sec=$(sed -e 's/[^0-9]*//g' $TMPFILE | head -1)
debugme echo "hsts_age_sec: $hsts_age_sec" debugme echo "hsts_age_sec: $hsts_age_sec"
if [[ -n $hsts_age_sec ]]; then if [[ -n $hsts_age_sec ]]; then
@ -990,7 +995,7 @@ run_hpkp() {
else else
hpkp_headers="" hpkp_headers=""
pr_svrty_medium "multiple HPKP headers: " pr_svrty_medium "multiple HPKP headers: "
# https://scotthelme.co.uk is a candidate # https://scotthelme.co.uk was a candidate
#FIXME: should display both Public-Key-Pins+Public-Key-Pins-Report-Only --> egrep -ai -w #FIXME: should display both Public-Key-Pins+Public-Key-Pins-Report-Only --> egrep -ai -w
for i in $(newline_to_spaces "$(egrep -ai '^Public-Key-Pins' $HEADERFILE | awk -F':' '/Public-Key-Pins/ { print $1 }')"); do for i in $(newline_to_spaces "$(egrep -ai '^Public-Key-Pins' $HEADERFILE | awk -F':' '/Public-Key-Pins/ { print $1 }')"); do
pr_italic $i pr_italic $i
@ -8864,4 +8869,4 @@ fi
exit $? exit $?
# $Id: testssl.sh,v 1.551 2016/09/29 18:59:12 dirkw Exp $ # $Id: testssl.sh,v 1.552 2016/10/01 08:04:32 dirkw Exp $