Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Making tests work correctly

Browse Source
This commit is contained in:
Frank Breedijk 2016-06-29 00:35:52 +02:00
parent ac7dd4da79
commit 23ef87c134
1 changed files with 35 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
t/01_badssl.com.t
View File

@ -13,116 +13,116 @@ my (
$found, $found,
); );
# OK # OK
ok("Running testssl.sh against badssl.com\n"); tests++; pass("Running testssl.sh against badssl.com to craete a baseline (may take 2~3 minutes)"); $tests++;
my $okout = `./testssl.sh -S -e -U --jsonfile tmp.json --color 0 badssl.com`; my $okout = `./testssl.sh -S -e -U --jsonfile tmp.json --color 0 badssl.com`;
my $okjson = json('tmp.json'); my $okjson = json('tmp.json');
cmp_ok(@$okjson,'>',10,"We have more then 10 findings"); tests++; cmp_pass(@$okjson,'>',10,"We have more then 10 findings"); $tests++;
# Expiration # Expiration
ok("Running testssl against expired.badssl.com\n"); tests++; pass("Running testssl against expired.badssl.com"); $tests++;
$out = `./testssl.sh -S --jsonfile tmp.json --color 0 expired.badssl.com`; $out = `./testssl.sh -S --jsonfile tmp.json --color 0 expired.badssl.com`;
like($out, qr/Certificate Expiration\s+expired\!/,"The certificate should be expired"); tests++; like($out, qr/Certificate Expiration\s+expired\!/,"The certificate should be expired"); $tests++;
$json = json('tmp.json'); $json = json('tmp.json');
$found = 0; $found = 0;
foreach my $f ( @$json ) { foreach my $f ( @$json ) {
if ( $f->{id} eq "expiration" ) { if ( $f->{id} eq "expiration" ) {
$found = 1; $found = 1;
like($f->{finding},qr/^Certificate Expiration.*expired\!/,"Finding reads expired."); tests++; like($f->{finding},qr/^Certificate Expiration.*expired\!/,"Finding reads expired."); $tests++;
is($f->{severity}, "NOT ok", "Severity should be NOT ok"); tests++; is($f->{severity}, "NOT ok", "Severity should be NOT ok"); $tests++;
last; last;
} }
} }
is($found,1,"We had a finding for this in the JSON output"); tests++; is($found,1,"We had a finding for this in the JSON output"); $tests++;
# Self signed and not-expired # Self signed and not-expired
ok("Running testssl against self-signed.badssl.com\n"); tests++; pass("Running testssl against self-signed.badssl.com"); $tests++;
$out = `./testssl.sh -S --jsonfile tmp.json --color 0 self-signed.badssl.com`; $out = `./testssl.sh -S --jsonfile tmp.json --color 0 self-signed.badssl.com`;
like($out, qr/Certificate Expiration\s+\d+/,"The certificate should not be expired"); tests++; like($out, qr/Certificate Expiration\s+\d+/,"The certificate should not be expired"); $tests++;
$json = json('tmp.json'); $json = json('tmp.json');
$found = 0; $found = 0;
foreach my $f ( @$json ) { foreach my $f ( @$json ) {
if ( $f->{id} eq "expiration" ) { if ( $f->{id} eq "expiration" ) {
$found = 1; $found = 1;
like($f->{finding},qr/^Certificate Expiration \: \d+/,"Finding doesn't read expired."); tests++; like($f->{finding},qr/^Certificate Expiration \: \d+/,"Finding doesn't read expired."); $tests++;
is($f->{severity}, "OK", "Severity should be ok"); tests++; is($f->{severity}, "OK", "Severity should be ok"); $tests++;
last; last;
} }
} }
is($found,1,"We had a finding for this in the JSON output"); tests++; is($found,1,"We had a finding for this in the JSON output"); $tests++;
like($out, qr/Chain of trust.*?NOT ok.*\(self signed\)/,"Chain of trust should fail because of self signed"); tests++; like($out, qr/Chain of trust.*?NOT ok.*\(self signed\)/,"Chain of trust should fail because of self signed"); $tests++;
$found = 0; $found = 0;
foreach my $f ( @$json ) { foreach my $f ( @$json ) {
if ( $f->{id} eq "trust" ) { if ( $f->{id} eq "trust" ) {
$found = 1; $found = 1;
like($f->{finding},qr/^All certificate trust checks failed/,"Finding says certificate cannot be trusted."); tests++; like($f->{finding},qr/^All certificate trust checks failed/,"Finding says certificate cannot be trusted."); $tests++;
is($f->{severity}, "NOT ok", "Severity should be NOT ok"); tests++; is($f->{severity}, "NOT ok", "Severity should be NOT ok"); $tests++;
last; last;
} }
} }
is($found,1,"We had a finding for this in the JSON output"); tests++; is($found,1,"We had a finding for this in the JSON output"); $tests++;
like($okout, qr/Chain of trust[^\n]*?Ok/,"Chain of trust should be ok"); tests++; like($okout, qr/Chain of trust[^\n]*?Ok/,"Chain of trust should be ok"); $tests++;
$found = 0; $found = 0;
foreach my $f ( @$okjson ) { foreach my $f ( @$okjson ) {
if ( $f->{id} eq "trust" ) { if ( $f->{id} eq "trust" ) {
$found = 1; $found = 1;
is($f->{finding},"All certificate trust checks passed.","Finding says certificate can be trusted."); tests++; is($f->{finding},"All certificate trust checks passed.","Finding says certificate can be trusted."); $tests++;
is($f->{severity}, "OK", "Severity should be OK"); tests++; is($f->{severity}, "OK", "Severity should be OK"); $tests++;
last; last;
} }
} }
is($found,1,"We had a finding for this in the JSON output"); tests++; is($found,1,"We had a finding for this in the JSON output"); $tests++;
# Wrong host # Wrong host
#ok("Running testssl against wrong.host.badssl.com"); tests++; #pass("Running testssl against wrong.host.badssl.com"); $tests++;
#$out = `./testssl.sh -S --jsonfile tmp.json --color 0 wrong.host.badssl.com`; #$out = `./testssl.sh -S --jsonfile tmp.json --color 0 wrong.host.badssl.com`;
#unlike($out, qr/Certificate Expiration\s+expired\!/,"The certificate should not be expired"); tests++; #unlike($out, qr/Certificate Expiration\s+expired\!/,"The certificate should not be expired"); $tests++;
#$json = json('tmp.json'); #$json = json('tmp.json');
#$found = 0; #$found = 0;
#foreach my $f ( @$json ) { #foreach my $f ( @$json ) {
# if ( $f->{id} eq "expiration" ) { # if ( $f->{id} eq "expiration" ) {
# $found = 1; # $found = 1;
# unlike($f->{finding},qr/^Certificate Expiration.*expired\!/,"Finding should not read expired."); tests++; # unlike($f->{finding},qr/^Certificate Expiration.*expired\!/,"Finding should not read expired."); $tests++;
# is($f->{severity}, "ok", "Severity should be ok"); tests++; # is($f->{severity}, "ok", "Severity should be ok"); $tests++;
# last; # last;
# } # }
#} #}
#is($found,1,"We had a finding for this in the JSON output"); tests++; #is($found,1,"We had a finding for this in the JSON output"); $tests++;
# Incomplete chain # Incomplete chain
ok("Running testssl against incomplete-chain.badssl.com\n"); tests++; pass("Running testssl against incomplete-chain.badssl.com"); $tests++;
$out = `./testssl.sh -S --jsonfile tmp.json --color 0 incomplete-chain.badssl.com`; $out = `./testssl.sh -S --jsonfile tmp.json --color 0 incomplete-chain.badssl.com`;
like($out, qr/Chain of trust.*?NOT ok\s+\(chain incomplete\)/,"Chain of trust should fail because of incomplete"); tests++; like($out, qr/Chain of trust.*?NOT ok\s+\(chain incomplete\)/,"Chain of trust should fail because of incomplete"); $tests++;
$json = json('tmp.json'); $json = json('tmp.json');
$found = 0; $found = 0;
foreach my $f ( @$json ) { foreach my $f ( @$json ) {
if ( $f->{id} eq "trust" ) { if ( $f->{id} eq "trust" ) {
$found = 1; $found = 1;
like($f->{finding},qr/^All certificate trust checks failed.*incomplete/,"Finding says certificate cannot be trusted."); tests++; like($f->{finding},qr/^All certificate trust checks failed.*incomplete/,"Finding says certificate cannot be trusted."); $tests++;
is($f->{severity}, "NOT ok", "Severity should be NOT ok"); tests++; is($f->{severity}, "NOT ok", "Severity should be NOT ok"); $tests++;
last; last;
} }
} }
is($found,1,"We had a finding for this in the JSON output"); tests++; is($found,1,"We had a finding for this in the JSON output"); $tests++;
# TODO: RSA 8192 # TODO: RSA 8192
# TODO: CBC # TODO: CBC
#ok("Running testssl against cbc.badssl.com\n"); tests++; #pass("Running testssl against cbc.badssl.com"); $tests++;
#$out = `./testssl.sh -e -U --jsonfile tmp.json --color 0 cbc.badssl.com`; #$out = `./testssl.sh -e -U --jsonfile tmp.json --color 0 cbc.badssl.com`;
#like($out, qr/Chain of trust.*?NOT ok\s+\(chain incomplete\)/,"Chain of trust should fail because of incomplete"); tests++; #like($out, qr/Chain of trust.*?NOT ok\s+\(chain incomplete\)/,"Chain of trust should fail because of incomplete"); $tests++;
#$json = json('tmp.json'); #$json = json('tmp.json');
#$found = 0; #$found = 0;
#foreach my $f ( @$json ) { #foreach my $f ( @$json ) {
# if ( $f->{id} eq "trust" ) { # if ( $f->{id} eq "trust" ) {
# $found = 1; # $found = 1;
# like($f->{finding},qr/^All certificate trust checks failed.*incomplete/,"Finding says certificate cannot be trusted."); tests++; # like($f->{finding},qr/^All certificate trust checks failed.*incomplete/,"Finding says certificate cannot be trusted."); $tests++;
# is($f->{severity}, "NOT ok", "Severity should be NOT ok"); tests++; # is($f->{severity}, "NOT ok", "Severity should be NOT ok"); $tests++;
# last; # last;
# } # }
#} #}
#is($found,1,"We had a finding for this in the JSON output"); tests++; #is($found,1,"We had a finding for this in the JSON output"); $tests++;
done_testing($tests); done_testing($tests);