Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-11 11:10:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'drwetter/2.9dev' into 2.9dev

Browse Source
This commit is contained in:
AlGreed 2017-04-06 22:57:37 +02:00
commit 1afebe79d1
4 changed files with 631 additions and 598 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
t/01_badssl.com.t
View File

@ -16,6 +16,7 @@ my (
pass("Running testssl.sh against badssl.com to create a baseline (may take 2~3 minutes)"); $tests++; pass("Running testssl.sh against badssl.com to create a baseline (may take 2~3 minutes)"); $tests++;
my $okout = `./testssl.sh -S -e -U --jsonfile tmp.json --color 0 badssl.com`; my $okout = `./testssl.sh -S -e -U --jsonfile tmp.json --color 0 badssl.com`;
my $okjson = json('tmp.json'); my $okjson = json('tmp.json');
unlink 'tmp.json';
cmp_ok(@$okjson,'>',10,"We have more then 10 findings"); $tests++; cmp_ok(@$okjson,'>',10,"We have more then 10 findings"); $tests++;
# Expiration # Expiration
@ -23,6 +24,7 @@ pass("Running testssl against expired.badssl.com"); $tests++;
$out = `./testssl.sh -S --jsonfile tmp.json --color 0 expired.badssl.com`; $out = `./testssl.sh -S --jsonfile tmp.json --color 0 expired.badssl.com`;
like($out, qr/Certificate Expiration\s+expired\!/,"The certificate should be expired"); $tests++; like($out, qr/Certificate Expiration\s+expired\!/,"The certificate should be expired"); $tests++;
$json = json('tmp.json'); $json = json('tmp.json');
unlink 'tmp.json';
$found = 0; $found = 0;
foreach my $f ( @$json ) { foreach my $f ( @$json ) {
if ( $f->{id} eq "expiration" ) { if ( $f->{id} eq "expiration" ) {
@ -39,6 +41,7 @@ pass("Running testssl against self-signed.badssl.com"); $tests++;
$out = `./testssl.sh -S --jsonfile tmp.json --color 0 self-signed.badssl.com`; $out = `./testssl.sh -S --jsonfile tmp.json --color 0 self-signed.badssl.com`;
like($out, qr/Certificate Expiration\s+\d+/,"The certificate should not be expired"); $tests++; like($out, qr/Certificate Expiration\s+\d+/,"The certificate should not be expired"); $tests++;
$json = json('tmp.json'); $json = json('tmp.json');
unlink 'tmp.json';
$found = 0; $found = 0;
foreach my $f ( @$json ) { foreach my $f ( @$json ) {
if ( $f->{id} eq "expiration" ) { if ( $f->{id} eq "expiration" ) {
@ -79,6 +82,7 @@ is($found,1,"We had a finding for this in the JSON output"); $tests++;
#$out = `./testssl.sh -S --jsonfile tmp.json --color 0 wrong.host.badssl.com`; #$out = `./testssl.sh -S --jsonfile tmp.json --color 0 wrong.host.badssl.com`;
#unlike($out, qr/Certificate Expiration\s+expired\!/,"The certificate should not be expired"); $tests++; #unlike($out, qr/Certificate Expiration\s+expired\!/,"The certificate should not be expired"); $tests++;
#$json = json('tmp.json'); #$json = json('tmp.json');
#unlink 'tmp.json';
#$found = 0; #$found = 0;
#foreach my $f ( @$json ) { #foreach my $f ( @$json ) {
# if ( $f->{id} eq "expiration" ) { # if ( $f->{id} eq "expiration" ) {
@ -95,6 +99,7 @@ pass("Running testssl against incomplete-chain.badssl.com"); $tests++;
$out = `./testssl.sh -S --jsonfile tmp.json --color 0 incomplete-chain.badssl.com`; $out = `./testssl.sh -S --jsonfile tmp.json --color 0 incomplete-chain.badssl.com`;
like($out, qr/Chain of trust.*?NOT ok\s+\(chain incomplete\)/,"Chain of trust should fail because of incomplete"); $tests++; like($out, qr/Chain of trust.*?NOT ok\s+\(chain incomplete\)/,"Chain of trust should fail because of incomplete"); $tests++;
$json = json('tmp.json'); $json = json('tmp.json');
unlink 'tmp.json';
$found = 0; $found = 0;
foreach my $f ( @$json ) { foreach my $f ( @$json ) {
if ( $f->{id} eq "chain_of_trust" ) { if ( $f->{id} eq "chain_of_trust" ) {
@ -113,6 +118,7 @@ is($found,1,"We had a finding for this in the JSON output"); $tests++;
#$out = `./testssl.sh -e -U --jsonfile tmp.json --color 0 cbc.badssl.com`; #$out = `./testssl.sh -e -U --jsonfile tmp.json --color 0 cbc.badssl.com`;
#like($out, qr/Chain of trust.*?NOT ok\s+\(chain incomplete\)/,"Chain of trust should fail because of incomplete"); $tests++; #like($out, qr/Chain of trust.*?NOT ok\s+\(chain incomplete\)/,"Chain of trust should fail because of incomplete"); $tests++;
#$json = json('tmp.json'); #$json = json('tmp.json');
#unlink 'tmp.json';
#$found = 0; #$found = 0;
#foreach my $f ( @$json ) { #foreach my $f ( @$json ) {
# if ( $f->{id} eq "chain_of_trust" ) { # if ( $f->{id} eq "chain_of_trust" ) {

2
t/100_report_structure.t
View File

@ -19,6 +19,7 @@ $tests = 0;
pass("Running testssl.sh against badssl.com to create a JSON report with severity level equal greater than LOW (may take 2~3 minutes)"); $tests++; pass("Running testssl.sh against badssl.com to create a JSON report with severity level equal greater than LOW (may take 2~3 minutes)"); $tests++;
$out = `./testssl.sh -S -e -U --jsonfile tmp.json --severity LOW --color 0 badssl.com`; $out = `./testssl.sh -S -e -U --jsonfile tmp.json --severity LOW --color 0 badssl.com`;
$json = json('tmp.json'); $json = json('tmp.json');
unlink 'tmp.json';
$found = 0; $found = 0;
cmp_ok(@$json,'>',0,"At least 1 finding is expected"); $tests++; cmp_ok(@$json,'>',0,"At least 1 finding is expected"); $tests++;
foreach my $f ( @$json ) { foreach my $f ( @$json ) {
@ -33,6 +34,7 @@ is($found,0,"We should not have any finding with INFO level"); $tests++;
pass("Running testssl.sh against badssl.com to create a JSON-PRETTY report with severity level equal greater than LOW (may take 2~3 minutes)"); $tests++; pass("Running testssl.sh against badssl.com to create a JSON-PRETTY report with severity level equal greater than LOW (may take 2~3 minutes)"); $tests++;
$out = `./testssl.sh -S -e -U --jsonfile-pretty tmp.json --severity LOW --color 0 badssl.com`; $out = `./testssl.sh -S -e -U --jsonfile-pretty tmp.json --severity LOW --color 0 badssl.com`;
$json_pretty = json('tmp.json'); $json_pretty = json('tmp.json');
unlink 'tmp.json';
$found = 0; $found = 0;
my $vulnerabilities = $json_pretty->{scanResult}->[0]->{vulnerabilities}; my $vulnerabilities = $json_pretty->{scanResult}->[0]->{vulnerabilities};
foreach my $f ( @$vulnerabilities ) { foreach my $f ( @$vulnerabilities ) {

1
t/11_hpkp.t
View File

@ -16,6 +16,7 @@ my (
pass("Running testssl.sh against ssl.sectionzero.org"); $tests++; pass("Running testssl.sh against ssl.sectionzero.org"); $tests++;
$out = `./testssl.sh -H --jsonfile tmp.json --color 0 ssl.sectionzero.org`; $out = `./testssl.sh -H --jsonfile tmp.json --color 0 ssl.sectionzero.org`;
$json = json('tmp.json'); $json = json('tmp.json');
unlink 'tmp.json';
# It is better to have findings in a hash # It is better to have findings in a hash
# Look for a host cert match in the process. # Look for a host cert match in the process.

1206
testssl.sh
View File

File diff suppressed because it is too large Load Diff