Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Suppress shellcheck issue SC2178

Browse Source 
Due to a bug, the shellcheck program will complain if a variable is defined as an array but is later used as an ordinary string, even if the two uses are locally defined variables in different contexts. The error message is:

   SC2178: Variable was used as an array but is now assigned a string.

While the warnings are not highlighting any actual problems in testssl.sh, this PR gets rid of the warnings by renaming a few variables.
This commit is contained in:
David Cooper 2020-01-30 13:53:33 -05:00 committed by GitHub
parent 3a73a97b67
commit 19db41742f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 45 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
testssl.sh
View File

@ -4548,10 +4548,10 @@ run_client_simulation() {
local names=() local names=()
local short=() local short=()
local protos=() local protos=()
local ciphers=() local ch_ciphers=()
local ciphersuites=() local ciphersuites=()
local tlsvers=() local tlsvers=()
local sni=() local ch_sni=()
local warning=() local warning=()
local handshakebytes=() local handshakebytes=()
local lowest_protocol=() local lowest_protocol=()
@ -4659,7 +4659,7 @@ run_client_simulation() {
curves[i]="" curves[i]=""
[[ -n "$supported_curves" ]] && curves[i]="-curves ${supported_curves:1}" [[ -n "$supported_curves" ]] && curves[i]="-curves ${supported_curves:1}"
fi fi
options="$(s_client_options "-cipher ${ciphers[i]} -ciphersuites "\'${ciphersuites[i]}\'" ${curves[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]}")" options="$(s_client_options "-cipher ${ch_ciphers[i]} -ciphersuites "\'${ciphersuites[i]}\'" ${curves[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${ch_sni[i]}")"
debugme echo "$OPENSSL s_client $options </dev/null" debugme echo "$OPENSSL s_client $options </dev/null"
$OPENSSL s_client $options </dev/null >$TMPFILE 2>$ERRFILE $OPENSSL s_client $options </dev/null >$TMPFILE 2>$ERRFILE
sclient_connect_successful $? $TMPFILE sclient_connect_successful $? $TMPFILE
@ -4708,7 +4708,7 @@ run_client_simulation() {
debugme pr_local_problem "TLS 1.3 not supported, " debugme pr_local_problem "TLS 1.3 not supported, "
continue continue
fi fi
options="$(s_client_options "$tls -cipher ${ciphers[i]} -ciphersuites "\'${ciphersuites[i]}\'" ${curves[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]}")" options="$(s_client_options "$tls -cipher ${ch_ciphers[i]} -ciphersuites "\'${ciphersuites[i]}\'" ${curves[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${ch_sni[i]}")"
debugme echo "$OPENSSL s_client $options </dev/null" debugme echo "$OPENSSL s_client $options </dev/null"
$OPENSSL s_client $options </dev/null >$TMPFILE 2>$ERRFILE $OPENSSL s_client $options </dev/null >$TMPFILE 2>$ERRFILE
sclient_connect_successful $? $TMPFILE sclient_connect_successful $? $TMPFILE
@ -6217,7 +6217,7 @@ run_server_preference() {
local cipher1="" cipher2="" tls13_cipher1="" tls13_cipher2="" default_proto="" local cipher1="" cipher2="" tls13_cipher1="" tls13_cipher2="" default_proto=""
local prev_cipher="" default_cipher="" local prev_cipher="" default_cipher=""
local limitedsense="" supported_sslv2_ciphers local limitedsense="" supported_sslv2_ciphers
local -a cipher proto local -a offered_cipher offered_proto
local proto_ossl proto_txt proto_hex cipherlist i local proto_ossl proto_txt proto_hex cipherlist i
local -i ret=0 j sclient_success str_len local -i ret=0 j sclient_success str_len
local list_fwd="DHE-RSA-SEED-SHA:SEED-SHA:DES-CBC3-SHA:RC4-MD5:DES-CBC-SHA:RC4-SHA:AES128-SHA:AES128-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-SHA256:ECDHE-RSA-DES-CBC3-SHA:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:ADH-AES256-GCM-SHA384:AECDH-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA" local list_fwd="DHE-RSA-SEED-SHA:SEED-SHA:DES-CBC3-SHA:RC4-MD5:DES-CBC-SHA:RC4-SHA:AES128-SHA:AES128-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-SHA256:ECDHE-RSA-DES-CBC3-SHA:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:ADH-AES256-GCM-SHA384:AECDH-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA"
@ -6504,7 +6504,7 @@ run_server_preference() {
sslv2_sockets "" "true" sslv2_sockets "" "true"
if [[ $? -eq 3 ]] && [[ "$V2_HELLO_CIPHERSPEC_LENGTH" -ne 0 ]]; then if [[ $? -eq 3 ]] && [[ "$V2_HELLO_CIPHERSPEC_LENGTH" -ne 0 ]]; then
# Just arbitrarily pick the first cipher in the cipher-mapping.txt list. # Just arbitrarily pick the first cipher in the cipher-mapping.txt list.
proto[i]="SSLv2" offered_proto[i]="SSLv2"
supported_sslv2_ciphers="$(grep "Supported cipher: " "$TEMPDIR/$NODEIP.parse_sslv2_serverhello.txt")" supported_sslv2_ciphers="$(grep "Supported cipher: " "$TEMPDIR/$NODEIP.parse_sslv2_serverhello.txt")"
for (( j=0; j < TLS_NR_CIPHERS; j++ )); do for (( j=0; j < TLS_NR_CIPHERS; j++ )); do
if [[ "${TLS_CIPHER_SSLVERS[j]}" == "SSLv2" ]]; then if [[ "${TLS_CIPHER_SSLVERS[j]}" == "SSLv2" ]]; then
@ -6512,18 +6512,18 @@ run_server_preference() {
cipher1="$(tolower "x${cipher1:2:2}${cipher1:7:2}${cipher1:12:2}")" cipher1="$(tolower "x${cipher1:2:2}${cipher1:7:2}${cipher1:12:2}")"
if [[ "$supported_sslv2_ciphers" =~ $cipher1 ]]; then if [[ "$supported_sslv2_ciphers" =~ $cipher1 ]]; then
if ( [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ "${TLS_CIPHER_OSSL_NAME[j]}" != "-" ]] ) || [[ "${TLS_CIPHER_RFC_NAME[j]}" == "-" ]]; then if ( [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ "${TLS_CIPHER_OSSL_NAME[j]}" != "-" ]] ) || [[ "${TLS_CIPHER_RFC_NAME[j]}" == "-" ]]; then
cipher[i]="${TLS_CIPHER_OSSL_NAME[j]}" offered_cipher[i]="${TLS_CIPHER_OSSL_NAME[j]}"
else else
cipher[i]="${TLS_CIPHER_RFC_NAME[j]}" offered_cipher[i]="${TLS_CIPHER_RFC_NAME[j]}"
fi fi
break break
fi fi
fi fi
done done
[[ $DEBUG -ge 2 ]] && tmln_out "Default cipher for ${proto[i]}: ${cipher[i]}" [[ $DEBUG -ge 2 ]] && tmln_out "Default cipher for ${offered_proto[i]}: ${offered_cipher[i]}"
else else
proto[i]="" offered_proto[i]=""
cipher[i]="" offered_cipher[i]=""
fi fi
fi fi
elif ( [[ $proto_ossl == ssl3 ]] && ! "$HAS_SSL3" ) || ( [[ $proto_ossl == tls1_3 ]] && ! "$HAS_TLS13" ); then elif ( [[ $proto_ossl == ssl3 ]] && ! "$HAS_SSL3" ) || ( [[ $proto_ossl == tls1_3 ]] && ! "$HAS_TLS13" ); then
@ -6538,49 +6538,49 @@ run_server_preference() {
else else
tls_sockets "$proto_hex" "$cipherlist" tls_sockets "$proto_hex" "$cipherlist"
if [[ $? -eq 0 ]]; then if [[ $? -eq 0 ]]; then
proto[i]="$proto_txt" offered_proto[i]="$proto_txt"
cipher1=$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt") cipher1=$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
cipher[i]="$cipher1" offered_cipher[i]="$cipher1"
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then
cipher[i]="$(rfc2openssl "$cipher1")" offered_cipher[i]="$(rfc2openssl "$cipher1")"
[[ -z "${cipher[i]}" ]] && cipher[i]="$cipher1" [[ -z "${offered_cipher[i]}" ]] && offered_cipher[i]="$cipher1"
fi fi
[[ $DEBUG -ge 2 ]] && tmln_out "Default cipher for ${proto[i]}: ${cipher[i]}" [[ $DEBUG -ge 2 ]] && tmln_out "Default cipher for ${offered_proto[i]}: ${offered_cipher[i]}"
else else
proto[i]="" offered_proto[i]=""
cipher[i]="" offered_cipher[i]=""
fi fi
fi fi
else else
$OPENSSL s_client $(s_client_options "$STARTTLS -"$proto_ossl" $BUGS -connect $NODEIP:$PORT $PROXY $SNI") </dev/null 2>>$ERRFILE >$TMPFILE $OPENSSL s_client $(s_client_options "$STARTTLS -"$proto_ossl" $BUGS -connect $NODEIP:$PORT $PROXY $SNI") </dev/null 2>>$ERRFILE >$TMPFILE
if sclient_connect_successful $? $TMPFILE; then if sclient_connect_successful $? $TMPFILE; then
proto[i]=$(get_protocol $TMPFILE) offered_proto[i]=$(get_protocol $TMPFILE)
cipher[i]=$(get_cipher $TMPFILE) offered_cipher[i]=$(get_cipher $TMPFILE)
[[ ${cipher[i]} == "0000" ]] && cipher[i]="" # Hack! [[ ${offered_cipher[i]} == "0000" ]] && offered_cipher[i]="" # Hack!
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]] && [[ -n "${cipher[i]}" ]]; then if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]] && [[ -n "${offered_cipher[i]}" ]]; then
cipher[i]="$(openssl2rfc "${cipher[i]}")" offered_cipher[i]="$(openssl2rfc "${offered_cipher[i]}")"
[[ -z "${cipher[i]}" ]] && cipher[i]=$(get_cipher $TMPFILE) [[ -z "${offered_cipher[i]}" ]] && offered_cipher[i]=$(get_cipher $TMPFILE)
fi fi
[[ $DEBUG -ge 2 ]] && tmln_out "Default cipher for ${proto[i]}: ${cipher[i]}" [[ $DEBUG -ge 2 ]] && tmln_out "Default cipher for ${offered_proto[i]}: ${offered_cipher[i]}"
else else
proto[i]="" offered_proto[i]=""
cipher[i]="" offered_cipher[i]=""
fi fi
fi fi
[[ -n "${cipher[i]}" ]] && add_tls_offered "$proto_ossl" yes [[ -n "${offered_cipher[i]}" ]] && add_tls_offered "$proto_ossl" yes
i=$((i + 1)) i=$((i + 1))
done done
for i in 1 2 3 4 5 6; do for i in 1 2 3 4 5 6; do
if [[ -n "${cipher[i]}" ]]; then # cipher not empty if [[ -n "${offered_cipher[i]}" ]]; then # cipher not empty
if [[ -z "$prev_cipher" ]] || [[ "$prev_cipher" != "${cipher[i]}" ]]; then if [[ -z "$prev_cipher" ]] || [[ "$prev_cipher" != "${offered_cipher[i]}" ]]; then
[[ -n "$prev_cipher" ]] && outln [[ -n "$prev_cipher" ]] && outln
str_len=${#cipher[i]} str_len=${#offered_cipher[i]}
out " " out " "
if [[ "$COLOR" -le 2 ]]; then if [[ "$COLOR" -le 2 ]]; then
out "${cipher[i]}" out "${offered_cipher[i]}"
else else
pr_cipher_quality "${cipher[i]}" pr_cipher_quality "${offered_cipher[i]}"
fi fi
out ":" out ":"
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then
@ -6595,10 +6595,10 @@ run_server_preference() {
else else
out ", " # same cipher --> only print out protocol behind it out ", " # same cipher --> only print out protocol behind it
fi fi
out "${proto[i]}" out "${offered_proto[i]}"
prev_cipher="${cipher[i]}" prev_cipher="${offered_cipher[i]}"
fi fi
fileout "cipher_order_${proto[i]}" "INFO" "${cipher[i]} at ${proto[i]} $limitedsense" fileout "cipher_order_${offered_proto[i]}" "INFO" "${offered_cipher[i]} at ${offered_proto[i]} $limitedsense"
done done
outln "\n No further cipher order check has been done as order is determined by the client" outln "\n No further cipher order check has been done as order is determined by the client"
outln outln
@ -8971,7 +8971,7 @@ run_server_defaults() {
local -i certs_found=0 local -i certs_found=0
local -i ret=0 local -i ret=0
local -a previous_hostcert previous_hostcert_txt previous_hostcert_type local -a previous_hostcert previous_hostcert_txt previous_hostcert_type
local -a previous_hostcert_issuer previous_intermediates previous_ordering_problem keysize cipher local -a previous_hostcert_issuer previous_intermediates previous_ordering_problem keysize tested_cipher
local -a ocsp_response_binary ocsp_response ocsp_response_status sni_used tls_version ct local -a ocsp_response_binary ocsp_response ocsp_response_status sni_used tls_version ct
local -a ciphers_to_test certificate_type local -a ciphers_to_test certificate_type
local -a -i success local -a -i success
@ -9148,7 +9148,7 @@ run_server_defaults() {
fi fi
if ! "$match_found"; then if ! "$match_found"; then
certs_found=$(( certs_found + 1)) certs_found=$(( certs_found + 1))
cipher[certs_found]=${ciphers_to_test[n]} tested_cipher[certs_found]=${ciphers_to_test[n]}
keysize[certs_found]=$(awk '/Server public key/ { print $(NF-1) }' $TMPFILE) keysize[certs_found]=$(awk '/Server public key/ { print $(NF-1) }' $TMPFILE)
# If an OCSP response was sent, then get the full # If an OCSP response was sent, then get the full
# response so that certificate_info() can determine # response so that certificate_info() can determine
@ -9210,7 +9210,7 @@ run_server_defaults() {
# Now that all of the server's certificates have been found, determine for # Now that all of the server's certificates have been found, determine for
# each certificate whether certificate transparency information is provided. # each certificate whether certificate transparency information is provided.
for (( i=1; i <= certs_found; i++ )); do for (( i=1; i <= certs_found; i++ )); do
ct[i]="$(certificate_transparency "${previous_hostcert_txt[i]}" "${ocsp_response[i]}" "$certs_found" "${cipher[i]}" "${sni_used[i]}" "${tls_version[i]}")" ct[i]="$(certificate_transparency "${previous_hostcert_txt[i]}" "${ocsp_response[i]}" "$certs_found" "${tested_cipher[i]}" "${sni_used[i]}" "${tls_version[i]}")"
# If certificate_transparency() called tls_sockets() and found a "signed certificate timestamps" extension, # If certificate_transparency() called tls_sockets() and found a "signed certificate timestamps" extension,
# then add it to $TLS_EXTENSIONS, since it may not have been found by determine_tls_extensions(). # then add it to $TLS_EXTENSIONS, since it may not have been found by determine_tls_extensions().
[[ $certs_found -gt 1 ]] && [[ "${ct[i]}" == TLS\ extension ]] && extract_new_tls_extensions "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" [[ $certs_found -gt 1 ]] && [[ "${ct[i]}" == TLS\ extension ]] && extract_new_tls_extensions "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt"
@ -9389,7 +9389,7 @@ run_server_defaults() {
echo "${previous_intermediates[i]}" > $TEMPDIR/intermediatecerts.pem echo "${previous_intermediates[i]}" > $TEMPDIR/intermediatecerts.pem
echo "${previous_hostcert_issuer[i]}" > $TEMPDIR/hostcert_issuer.pem echo "${previous_hostcert_issuer[i]}" > $TEMPDIR/hostcert_issuer.pem
certificate_info "$i" "$certs_found" "${previous_hostcert_txt[i]}" \ certificate_info "$i" "$certs_found" "${previous_hostcert_txt[i]}" \
"${cipher[i]}" "${keysize[i]}" "${previous_hostcert_type[i]}" \ "${tested_cipher[i]}" "${keysize[i]}" "${previous_hostcert_type[i]}" \
"${ocsp_response_binary[i]}" "${ocsp_response[i]}" \ "${ocsp_response_binary[i]}" "${ocsp_response[i]}" \
"${ocsp_response_status[i]}" "${sni_used[i]}" "${ct[i]}" \ "${ocsp_response_status[i]}" "${sni_used[i]}" "${ct[i]}" \
"${previous_ordering_problem[i]}" "${previous_ordering_problem[i]}"
@ -19548,7 +19548,7 @@ create_mass_testing_cmdline() {
local testing_type="$1" local testing_type="$1"
local cmd test_number local cmd test_number
local outfile_arg local outfile_arg
local -i nr_cmds=0 index=0 local -i nr_cmds=0 i=0
local skip_next=false local skip_next=false
MASS_TESTING_CMDLINE=() MASS_TESTING_CMDLINE=()
@ -19560,7 +19560,7 @@ create_mass_testing_cmdline() {
# uses '=' for supplying a value we just skip next parameter (we don't use 'parse_opt_equal_sign' here) # uses '=' for supplying a value we just skip next parameter (we don't use 'parse_opt_equal_sign' here)
debugme echo "${CMDLINE_ARRAY[@]}" debugme echo "${CMDLINE_ARRAY[@]}"
for cmd in "${CMDLINE_ARRAY[@]}"; do for cmd in "${CMDLINE_ARRAY[@]}"; do
"$skip_next" && skip_next=false && index+=1 && continue "$skip_next" && skip_next=false && i+=1 && continue
if [[ "$cmd" =~ --file ]] || [[ "$cmd" =~ -iL ]]; then if [[ "$cmd" =~ --file ]] || [[ "$cmd" =~ -iL ]]; then
# Don't include the "--file[=...] or -iL argument in the child's command # Don't include the "--file[=...] or -iL argument in the child's command
# line, but do include "--warnings=batch". # line, but do include "--warnings=batch".
@ -19583,7 +19583,7 @@ create_mass_testing_cmdline() {
[[ "$cmd" == --jsonfile ]] && skip_next=true [[ "$cmd" == --jsonfile ]] && skip_next=true
[[ "$cmd" == -oj ]] && skip_next=true [[ "$cmd" == -oj ]] && skip_next=true
elif "$JSONHEADER" && ( [[ "$cmd" =~ --outFile ]] || [[ "$cmd" =~ -oA ]] ); then elif "$JSONHEADER" && ( [[ "$cmd" =~ --outFile ]] || [[ "$cmd" =~ -oA ]] ); then
outfile_arg="$(parse_opt_equal_sign "$cmd" "${CMDLINE_ARRAY[index+1]}")" outfile_arg="$(parse_opt_equal_sign "$cmd" "${CMDLINE_ARRAY[i+1]}")"
>"$TEMPDIR/jsonfile_child.json" >"$TEMPDIR/jsonfile_child.json"
MASS_TESTING_CMDLINE[nr_cmds]="-oJ=$TEMPDIR/jsonfile_child.json" MASS_TESTING_CMDLINE[nr_cmds]="-oJ=$TEMPDIR/jsonfile_child.json"
nr_cmds+=1 nr_cmds+=1
@ -19594,7 +19594,7 @@ create_mass_testing_cmdline() {
[[ "$cmd" == --outFile ]] && skip_next=true [[ "$cmd" == --outFile ]] && skip_next=true
[[ "$cmd" == -oA ]] && skip_next=true [[ "$cmd" == -oA ]] && skip_next=true
elif "$JSONHEADER" && ( [[ "$cmd" =~ --outfile ]] || [[ "$cmd" =~ -oa ]] ); then elif "$JSONHEADER" && ( [[ "$cmd" =~ --outfile ]] || [[ "$cmd" =~ -oa ]] ); then
outfile_arg="$(parse_opt_equal_sign "$cmd" "${CMDLINE_ARRAY[index+1]}")" outfile_arg="$(parse_opt_equal_sign "$cmd" "${CMDLINE_ARRAY[i+1]}")"
>"$TEMPDIR/jsonfile_child.json" >"$TEMPDIR/jsonfile_child.json"
MASS_TESTING_CMDLINE[nr_cmds]="-oj=$TEMPDIR/jsonfile_child.json" MASS_TESTING_CMDLINE[nr_cmds]="-oj=$TEMPDIR/jsonfile_child.json"
nr_cmds+=1 nr_cmds+=1
@ -19684,7 +19684,7 @@ create_mass_testing_cmdline() {
esac esac
nr_cmds+=1 nr_cmds+=1
fi fi
index+=1 i+=1
done done
# Now add the command line arguments for the specific test to the command line. # Now add the command line arguments for the specific test to the command line.