From 18c5f273c3334c9869abf87b3a6ae6618ebf7b7a Mon Sep 17 00:00:00 2001
From: Florian Schuetz <y@y.ly>
Date: Tue, 21 Jun 2016 21:24:24 +0200
Subject: [PATCH] HSTS: check if max-age is present and nonzero

---
 testssl.sh | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 61e7790..e7ca22c 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -885,9 +885,18 @@ run_hsts() {
      if [[ $? -eq 0 ]]; then
           grep -aciw '^Strict-Transport-Security' $HEADERFILE | egrep -waq "1" || out "(two HSTS header, using 1st one) "
           hsts_age_sec=$(sed -e 's/[^0-9]*//g' $TMPFILE | head -1)
-#FIXME: test for number!
-          hsts_age_days=$(( hsts_age_sec / 86400))
-          if [[ $hsts_age_days -gt $HSTS_MIN ]]; then
+          if [[ -n $hsts_age_sec ]]; then
+               hsts_age_days=$(( hsts_age_sec / 86400))
+          else
+               hsts_age_days=-1
+          fi
+          if [[ $hsts_age_days -eq -1 ]]; then
+               pr_svrty_medium "HSTS max-age is required but missing. Setting 15552000 s (180 days) or more is recommended"
+               fileout "hsts_time" "MEDIUM" "HSTS max-age missing. 15552000 s (180 days) or more recommnded"
+          elif [[ $hsts_age_days -eq 0 ]]; then
+               pr_svrty_medium "HSTS max-age is set to 0. HSTS is disabled"
+               fileout "hsts_time" "MEDIUM" "HSTS max-age set to 0. HSTS is disabled"
+          elif [[ $hsts_age_days -gt $HSTS_MIN ]]; then
                pr_done_good "$hsts_age_days days" ; out "=$hsts_age_sec s"
                fileout "hsts_time" "OK" "HSTS timeout $hsts_age_days days (=$hsts_age_sec seconds) > $HSTS_MIN days"
           else