Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-30 20:31:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Trailing space after value in header is fine

Browse Source 
This fixes #2466.
This commit is contained in:
Dirk 2024-09-03 19:10:29 +02:00
parent e59a0f202f
commit 30a33e9a6e
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
testssl.sh
View File

@ -2588,7 +2588,7 @@ match_ipv4_httpheader() {
# Exclude some headers as they are mistakenly identified as ipv4 address. Issues #158, #323. # Exclude some headers as they are mistakenly identified as ipv4 address. Issues #158, #323.
# Also facebook used to have a CSP rule for 127.0.0.1 # Also facebook used to have a CSP rule for 127.0.0.1
headers="$(grep -Evai "$excluded_header" $HEADERFILE)" headers="$(grep -Evai "$excluded_header" $HEADERFILE 2>/dev/null)"
if [[ "$headers" =~ $ipv4address ]]; then if [[ "$headers" =~ $ipv4address ]]; then
pr_bold " IPv4 address in header " pr_bold " IPv4 address in header "
while read line; do while read line; do
@ -2736,6 +2736,8 @@ run_hsts() {
# strict parsing now as suggested in #2381 # strict parsing now as suggested in #2381
hsts_age_sec="${HEADERVALUE#*=}" hsts_age_sec="${HEADERVALUE#*=}"
hsts_age_sec=${hsts_age_sec%%;*} hsts_age_sec=${hsts_age_sec%%;*}
# see #2466
hsts_age_sec=$(strip_trailing_space "$hsts_age_sec")
if [[ $hsts_age_sec =~ \" ]]; then if [[ $hsts_age_sec =~ \" ]]; then
# remove first an last " in $hsts_age_sec (borrowed from strip_trailing_space/strip_leading_space): # remove first an last " in $hsts_age_sec (borrowed from strip_trailing_space/strip_leading_space):
hsts_age_sec=$(printf "%s" "${hsts_age_sec#"${hsts_age_sec%%[!\"]*}"}") hsts_age_sec=$(printf "%s" "${hsts_age_sec#"${hsts_age_sec%%[!\"]*}"}")