Merge pull request #1777 from drwetter/feature_overwrite

Introducing --overwrite option
This commit is contained in:
Dirk Wetter 2020-11-13 18:59:03 +01:00 committed by GitHub
commit 2098ea33c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 35 additions and 8 deletions

View File

@ -496,7 +496,10 @@ whole 9 yards
\fB\-\-severity <severity>\fR For CSV and both JSON outputs this will only add findings to the output file if a severity is equal or higher than the \fBseverity\fR value specified\. Allowed are \fB<LOW|MEDIUM|HIGH|CRITICAL>\fR\. WARN is another level which translates to a client\-side scanning error or problem\. Thus you will always see them in a file if they occur\. \fB\-\-severity <severity>\fR For CSV and both JSON outputs this will only add findings to the output file if a severity is equal or higher than the \fBseverity\fR value specified\. Allowed are \fB<LOW|MEDIUM|HIGH|CRITICAL>\fR\. WARN is another level which translates to a client\-side scanning error or problem\. Thus you will always see them in a file if they occur\.
. .
.P .P
\fB\-\-append\fR Normally, if an output file already exists and it has a file size greater zero, testssl\.sh will prompt you to manually remove the file exit with an error\. \fB\-\-append\fR however will append to this file, without a header\. The environment variable APPEND does the same\. Be careful using this switch/variable\. A complementary option which overwrites an existing file doesn\'t exist per design\. \fB\-\-append\fR Normally, if an output file already exists and it has a file size greater zero, testssl\.sh will prompt you to manually remove the file and then exit with an error\. \fB\-\-append\fR however will append to this file, without a header\. The environment variable APPEND does the same\. Be careful using this switch/variable\.
.
.P
\fB\-\-overwrite\fR Normally, if an output file already exists and it has a file size greater zero, testssl\.sh will not allow you to overwrite this file\. This option will do that \fBwithout any warning\fR\. The environment variable OVERWRITE does the same\. Be careful, you have been warned!
. .
.P .P
\fB\-\-outprefix <fname_prefix>\fR Prepend output filename prefix \fIfname_prefix\fR before \'${NODE}\-\'\. You can use as well the environment variable FNAME_PREFIX\. Using this any output files will be named \fB<fname_prefix>\-${NODE}\-p${port}${YYYYMMDD\-HHMM}\.<format>\fR when no file name of the respective output option was specified\. If you do not like the separator \'\-\' you can as well supply a \fB<fname_prefix>\fR ending in \'\.\', \'_\' or \',\'\. In this case or if you already supplied \'\-\' no additional \'\-\' will be appended to \fB<fname_prefix>\fR\. \fB\-\-outprefix <fname_prefix>\fR Prepend output filename prefix \fIfname_prefix\fR before \'${NODE}\-\'\. You can use as well the environment variable FNAME_PREFIX\. Using this any output files will be named \fB<fname_prefix>\-${NODE}\-p${port}${YYYYMMDD\-HHMM}\.<format>\fR when no file name of the respective output option was specified\. If you do not like the separator \'\-\' you can as well supply a \fB<fname_prefix>\fR ending in \'\.\', \'_\' or \',\'\. In this case or if you already supplied \'\-\' no additional \'\-\' will be appended to \fB<fname_prefix>\fR\.

View File

@ -415,7 +415,10 @@ Rating automatically gets disabled, to not give a wrong or misleading grade, whe
<p><code>--severity &lt;severity></code> For CSV and both JSON outputs this will only add findings to the output file if a severity is equal or higher than the <code>severity</code> value specified. Allowed are <code>&lt;LOW|MEDIUM|HIGH|CRITICAL></code>. WARN is another level which translates to a client-side scanning error or problem. Thus you will always see them in a file if they occur.</p> <p><code>--severity &lt;severity></code> For CSV and both JSON outputs this will only add findings to the output file if a severity is equal or higher than the <code>severity</code> value specified. Allowed are <code>&lt;LOW|MEDIUM|HIGH|CRITICAL></code>. WARN is another level which translates to a client-side scanning error or problem. Thus you will always see them in a file if they occur.</p>
<p><code>--append</code> Normally, if an output file already exists and it has a file size greater zero, testssl.sh will prompt you to manually remove the file exit with an error. <code>--append</code> however will append to this file, without a header. The environment variable APPEND does the same. Be careful using this switch/variable. A complementary option which overwrites an existing file doesn't exist per design.</p> <p><code>--append</code> Normally, if an output file already exists and it has a file size greater zero, testssl.sh will prompt you to manually remove the file and exit with an error. <code>--append</code> however will append to this file, without a header. The environment variable APPEND does the same. Be careful using this switch/variable. A complementary option which overwrites an existing file doesn't exist per design.</p>
<p><code>--overwrite</code> Normally, if an output file already exists and it has a file size greater zero, testssl.sh will not allow you to overwrite this file. This option will do that <b>without any warning</b>. The environment variable OVERWRITE does the same. Be careful, you have been warned!</p>
<p><code>--outprefix &lt;fname_prefix></code> Prepend output filename prefix <var>fname_prefix</var> before '${NODE}-'. You can use as well the environment variable FNAME_PREFIX. Using this any output files will be named <code>&lt;fname_prefix>-${NODE}-p${port}${YYYYMMDD-HHMM}.&lt;format></code> when no file name of the respective output option was specified. If you do not like the separator '-' you can as well supply a <code>&lt;fname_prefix></code> ending in '.', '_' or ','. In this case or if you already supplied '-' no additional '-' will be appended to <code>&lt;fname_prefix></code>.</p> <p><code>--outprefix &lt;fname_prefix></code> Prepend output filename prefix <var>fname_prefix</var> before '${NODE}-'. You can use as well the environment variable FNAME_PREFIX. Using this any output files will be named <code>&lt;fname_prefix>-${NODE}-p${port}${YYYYMMDD-HHMM}.&lt;format></code> when no file name of the respective output option was specified. If you do not like the separator '-' you can as well supply a <code>&lt;fname_prefix></code> ending in '.', '_' or ','. In this case or if you already supplied '-' no additional '-' will be appended to <code>&lt;fname_prefix></code>.</p>

View File

@ -327,7 +327,9 @@ Rating automatically gets disabled, to not give a wrong or misleading grade, whe
`--severity <severity>` For CSV and both JSON outputs this will only add findings to the output file if a severity is equal or higher than the `severity` value specified. Allowed are `<LOW|MEDIUM|HIGH|CRITICAL>`. WARN is another level which translates to a client-side scanning error or problem. Thus you will always see them in a file if they occur. `--severity <severity>` For CSV and both JSON outputs this will only add findings to the output file if a severity is equal or higher than the `severity` value specified. Allowed are `<LOW|MEDIUM|HIGH|CRITICAL>`. WARN is another level which translates to a client-side scanning error or problem. Thus you will always see them in a file if they occur.
`--append` Normally, if an output file already exists and it has a file size greater zero, testssl.sh will prompt you to manually remove the file exit with an error. `--append` however will append to this file, without a header. The environment variable APPEND does the same. Be careful using this switch/variable. A complementary option which overwrites an existing file doesn't exist per design. `--append` Normally, if an output file already exists and it has a file size greater zero, testssl.sh will prompt you to manually remove the file and exit with an error. `--append` however will append to this file, without a header. The environment variable APPEND does the same. Be careful using this switch/variable. A complementary option which overwrites an existing file doesn't exist per design.
`--overwrite` Normally, if an output file already exists and it has a file size greater zero, testssl.sh will not allow you to overwrite this file. This option will do that **without any warning**. The environment variable OVERWRITE does the same. Be careful, you have been warned!
`--outprefix <fname_prefix>` Prepend output filename prefix <fname_prefix> before '${NODE}-'. You can use as well the environment variable FNAME_PREFIX. Using this any output files will be named `<fname_prefix>-${NODE}-p${port}${YYYYMMDD-HHMM}.<format>` when no file name of the respective output option was specified. If you do not like the separator '-' you can as well supply a `<fname_prefix>` ending in '.', '_' or ','. In this case or if you already supplied '-' no additional '-' will be appended to `<fname_prefix>`. `--outprefix <fname_prefix>` Prepend output filename prefix <fname_prefix> before '${NODE}-'. You can use as well the environment variable FNAME_PREFIX. Using this any output files will be named `<fname_prefix>-${NODE}-p${port}${YYYYMMDD-HHMM}.<format>` when no file name of the respective output option was specified. If you do not like the separator '-' you can as well supply a `<fname_prefix>` ending in '.', '_' or ','. In this case or if you already supplied '-' no additional '-' will be appended to `<fname_prefix>`.

View File

@ -179,7 +179,8 @@ CSVFILE="${CSVFILE:-""}" # csvfile if used
HTMLFILE="${HTMLFILE:-""}" # HTML if used HTMLFILE="${HTMLFILE:-""}" # HTML if used
FNAME=${FNAME:-""} # file name to read commands from FNAME=${FNAME:-""} # file name to read commands from
FNAME_PREFIX=${FNAME_PREFIX:-""} # output filename prefix, see --outprefix FNAME_PREFIX=${FNAME_PREFIX:-""} # output filename prefix, see --outprefix
APPEND=${APPEND:-false} # append to csv/json file instead of overwriting it APPEND=${APPEND:-false} # append to csv/json/html/log file
OVERWRITE=${OVERWRITE:-false} # overwriting csv/json/html/log file
[[ -z "$NODNS" ]] && declare NODNS # If unset it does all DNS lookups per default. "min" only for hosts or "none" at all [[ -z "$NODNS" ]] && declare NODNS # If unset it does all DNS lookups per default. "min" only for hosts or "none" at all
HAS_IPv6=${HAS_IPv6:-false} # if you have OpenSSL with IPv6 support AND IPv6 networking set it to yes HAS_IPv6=${HAS_IPv6:-false} # if you have OpenSSL with IPv6 support AND IPv6 networking set it to yes
ALL_CLIENTS=${ALL_CLIENTS:-false} # do you want to run all client simulation form all clients supplied by SSLlabs? ALL_CLIENTS=${ALL_CLIENTS:-false} # do you want to run all client simulation form all clients supplied by SSLlabs?
@ -1349,7 +1350,10 @@ json_header() {
if "$APPEND"; then if "$APPEND"; then
JSONHEADER=false JSONHEADER=false
else else
[[ -s "$JSONFILE" ]] && fatal "non-empty \"$JSONFILE\" exists. Either use \"--append\" or (re)move it" $ERR_FCREATE if [[ -s "$JSONFILE" ]]; then
"$OVERWRITE" || fatal "non-empty \"$JSONFILE\" exists. Either use \"--append\" or (re)move it" $ERR_FCREATE
cp /dev/null "$JSONFILE"
fi
"$do_json" && echo "[" > "$JSONFILE" "$do_json" && echo "[" > "$JSONFILE"
"$do_pretty_json" && echo "{" > "$JSONFILE" "$do_pretty_json" && echo "{" > "$JSONFILE"
fi fi
@ -1390,7 +1394,10 @@ csv_header() {
if "$APPEND"; then if "$APPEND"; then
CSVHEADER=false CSVHEADER=false
else else
[[ -s "$CSVFILE" ]] && fatal "non-empty \"$CSVFILE\" exists. Either use \"--append\" or (re)move it" $ERR_FCREATE if [[ -s "$CSVFILE" ]]; then
"$OVERWRITE" || fatal "non-empty \"$CSVFILE\" exists. Either use \"--append\" or (re)move it" $ERR_FCREATE
cp /dev/null "$CSVFILE"
fi
touch "$CSVFILE" touch "$CSVFILE"
if "$GIVE_HINTS"; then if "$GIVE_HINTS"; then
fileout_csv_finding "id" "fqdn/ip" "port" "severity" "finding" "cve" "cwe" "hint" fileout_csv_finding "id" "fqdn/ip" "port" "severity" "finding" "cve" "cwe" "hint"
@ -1440,7 +1447,10 @@ html_header() {
if "$APPEND"; then if "$APPEND"; then
HTMLHEADER=false HTMLHEADER=false
else else
[[ -s "$HTMLFILE" ]] && fatal "non-empty \"$HTMLFILE\" exists. Either use \"--append\" or (re)move it" $ERR_FCREATE if [[ -s "$HTMLFILE" ]]; then
"$OVERWRITE" || fatal "non-empty \"$HTMLFILE\" exists. Either use \"--append\" or (re)move it" $ERR_FCREATE
cp /dev/null "$HTMLFILE"
fi
html_out "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n" html_out "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n"
html_out "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n" html_out "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n"
html_out "<!-- This file was created with testssl.sh. https://testssl.sh -->\n" html_out "<!-- This file was created with testssl.sh. https://testssl.sh -->\n"
@ -1499,7 +1509,10 @@ prepare_logging() {
fi fi
if ! "$APPEND"; then if ! "$APPEND"; then
[[ -s "$LOGFILE" ]] && fatal "non-empty \"$LOGFILE\" exists. Either use \"--append\" or (re)move it" $ERR_FCREATE if [[ -s "$LOGFILE" ]]; then
"$OVERWRITE" || fatal "non-empty \"$LOGFILE\" exists. Either use \"--append\" or (re)move it" $ERR_FCREATE
cp /dev/null "$LOGFILE"
fi
fi fi
tmln_out "## Scan started as: \"$PROG_NAME $CMDLINE\"" >>"$LOGFILE" tmln_out "## Scan started as: \"$PROG_NAME $CMDLINE\"" >>"$LOGFILE"
tmln_out "## at $HNAME:$OPENSSL_LOCATION" >>"$LOGFILE" tmln_out "## at $HNAME:$OPENSSL_LOCATION" >>"$LOGFILE"
@ -19260,6 +19273,7 @@ file output options (can also be preset via environment variables)
--hints additional hints to findings --hints additional hints to findings
--severity <severity> severities with lower level will be filtered for CSV+JSON, possible values <LOW|MEDIUM|HIGH|CRITICAL> --severity <severity> severities with lower level will be filtered for CSV+JSON, possible values <LOW|MEDIUM|HIGH|CRITICAL>
--append if (non-empty) <logfile>, <csvfile>, <jsonfile> or <htmlfile> exists, append to file. Omits any header --append if (non-empty) <logfile>, <csvfile>, <jsonfile> or <htmlfile> exists, append to file. Omits any header
--overwrite if <logfile>, <csvfile>, <jsonfile> or <htmlfile> exists it overwrites it without any warning
--outprefix <fname_prefix> before '\${NODE}.' above prepend <fname_prefix> --outprefix <fname_prefix> before '\${NODE}.' above prepend <fname_prefix>
@ -22118,7 +22132,12 @@ parse_cmd_line() {
do_csv=true do_csv=true
do_logging=true do_logging=true
;; ;;
--overwrite)
"$APPEND" && fatal "using --overwrite and --append is contradicting" $ERR_CMDLINE
OVERWRITE=true
;;
--append) --append)
"$OVERWRITE" && fatal "using --append and --overwrite is contradicting" $ERR_CMDLINE
APPEND=true APPEND=true
;; ;;
--outprefix) --outprefix)