mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 17:20:57 +01:00
Fix problem with --disable-rating
by introducing framework for tests to be skipped, see also #1502. As a first example for the development branch should serve --disable-rating / --no-rating. The latter is for now undocumented. Also the big case statement in parse_cmd_line() may use a general --disable-* or --no-* clause where all --disable-* / --no-* are being parsed/ A new function set_skip_tests() is being introduced which sets do_<variables> according to the new array SKIP_TESTS . Any new test do be skipped needs to be added to that array. The changes in the --devel part come from the tries to fix the syntax highlight in vim -- which in the end difn't work
This commit is contained in:
parent
d6a9360f2c
commit
32eab3ead9
33
testssl.sh
33
testssl.sh
@ -140,6 +140,7 @@ declare CMDLINE
|
|||||||
CMDLINE_PARSED="" # This makes sure we don't let early fatal() write into files when files aren't created yet
|
CMDLINE_PARSED="" # This makes sure we don't let early fatal() write into files when files aren't created yet
|
||||||
declare -r -a CMDLINE_ARRAY=("$@") # When performing mass testing, the child processes need to be sent the
|
declare -r -a CMDLINE_ARRAY=("$@") # When performing mass testing, the child processes need to be sent the
|
||||||
declare -a MASS_TESTING_CMDLINE # command line in the form of an array (see #702 and https://mywiki.wooledge.org/BashFAQ/050).
|
declare -a MASS_TESTING_CMDLINE # command line in the form of an array (see #702 and https://mywiki.wooledge.org/BashFAQ/050).
|
||||||
|
declare -a SKIP_TESTS=() # This array hold the checks to be skipped
|
||||||
|
|
||||||
|
|
||||||
########### Defining (and presetting) variables which can be changed
|
########### Defining (and presetting) variables which can be changed
|
||||||
@ -20842,7 +20843,6 @@ set_scanning_defaults() {
|
|||||||
else
|
else
|
||||||
VULN_COUNT=12
|
VULN_COUNT=12
|
||||||
fi
|
fi
|
||||||
do_rating=true
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# returns number of $do variables set = number of run_funcs() to perform
|
# returns number of $do variables set = number of run_funcs() to perform
|
||||||
@ -20869,10 +20869,26 @@ debug_globals() {
|
|||||||
do_sweet32 do_client_simulation do_cipher_match do_tls_sockets do_mass_testing do_display_only do_rating; do
|
do_sweet32 do_client_simulation do_cipher_match do_tls_sockets do_mass_testing do_display_only do_rating; do
|
||||||
printf "%-22s = %s\n" $gbl "${!gbl}"
|
printf "%-22s = %s\n" $gbl "${!gbl}"
|
||||||
done
|
done
|
||||||
|
# ${!var} is an indirect expansion, see https://www.gnu.org/software/bash/manual/html_node/Shell-Parameter-Expansion.html
|
||||||
|
# Example: https://stackoverflow.com/questions/8515411/what-is-indirect-expansion-what-does-var-mean#8515492
|
||||||
printf "%-22s : %s\n" URI: "$URI"
|
printf "%-22s : %s\n" URI: "$URI"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# This is determining the tests which should be skipped by --no-* or --disable-* a a cmdline arg.
|
||||||
|
# It achieves that by setting the do_<variables> according to the global array $SKIP_TESTS
|
||||||
|
#
|
||||||
|
set_skip_tests() {
|
||||||
|
for t in ${SKIP_TESTS[@]} ; do
|
||||||
|
t="do_${t}"
|
||||||
|
# declare won't do it here --> local scope
|
||||||
|
eval "$t"=false
|
||||||
|
debugme printf '%s\n' "set $t: ${!t}"
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# arg1: either switch+value (=) or switch
|
# arg1: either switch+value (=) or switch
|
||||||
# arg2: value (if no = provided)
|
# arg2: value (if no = provided)
|
||||||
parse_opt_equal_sign() {
|
parse_opt_equal_sign() {
|
||||||
@ -20944,7 +20960,7 @@ parse_cmd_line() {
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# set all globals to false
|
# set all do_* globals to false
|
||||||
initialize_globals
|
initialize_globals
|
||||||
|
|
||||||
while [[ $# -gt 0 ]]; do
|
while [[ $# -gt 0 ]]; do
|
||||||
@ -21130,8 +21146,10 @@ parse_cmd_line() {
|
|||||||
-g|--grease)
|
-g|--grease)
|
||||||
do_grease=true
|
do_grease=true
|
||||||
;;
|
;;
|
||||||
--disable-rating)
|
--disable-rating|--no-rating)
|
||||||
do_rating=false
|
SKIP_TESTS+=("rating")
|
||||||
|
# TODO: a generic thing would be --disable-* / --no-* ,
|
||||||
|
# catch $1 and add it to the array ( #1502 )
|
||||||
;;
|
;;
|
||||||
-9|--full)
|
-9|--full)
|
||||||
set_scanning_defaults
|
set_scanning_defaults
|
||||||
@ -21143,18 +21161,18 @@ parse_cmd_line() {
|
|||||||
ADDTL_CA_FILES="$(parse_opt_equal_sign "$1" "$2")"
|
ADDTL_CA_FILES="$(parse_opt_equal_sign "$1" "$2")"
|
||||||
[[ $? -eq 0 ]] && shift
|
[[ $? -eq 0 ]] && shift
|
||||||
;;
|
;;
|
||||||
--devel) ### this development feature will soon disappear
|
--devel) echo -e "\nthis is a development feature and may disappear at any time"
|
||||||
# arg1: SSL/TLS protocol (SSLv2=22)
|
# arg1: SSL/TLS protocol (SSLv2=22)
|
||||||
# arg2: list of cipher suites / hostname/ip
|
# arg2: list of cipher suites / hostname/ip
|
||||||
# arg3: hostname/ip
|
# arg3: hostname/ip
|
||||||
HEX_CIPHER="$TLS12_CIPHER"
|
|
||||||
# DEBUG=3 ./testssl.sh --devel 04 "13,02, 13,01" google.com --> TLS 1.3
|
# DEBUG=3 ./testssl.sh --devel 04 "13,02, 13,01" google.com --> TLS 1.3
|
||||||
# DEBUG=3 ./testssl.sh --devel 03 "cc, 13, c0, 13" google.de --> TLS 1.2, old CHACHA/POLY
|
# DEBUG=3 ./testssl.sh --devel 03 "cc, 13, c0, 13" google.de --> TLS 1.2, old CHACHA/POLY
|
||||||
# DEBUG=3 ./testssl.sh --devel 03 "cc,a8, cc,a9, cc,aa, cc,ab, cc,ac" blog.cloudflare.com --> new CHACHA/POLY
|
# DEBUG=3 ./testssl.sh --devel 03 "cc,a8, cc,a9, cc,aa, cc,ab, cc,ac" blog.cloudflare.com --> new CHACHA/POLY
|
||||||
# DEBUG=3 ./testssl.sh --devel 01 yandex.ru --> TLS 1.0
|
# DEBUG=3 ./testssl.sh --devel 01 yandex.ru --> TLS 1.0
|
||||||
# DEBUG=3 ./testssl.sh --devel 00 <host which supports SSLv3>
|
# DEBUG=3 ./testssl.sh --devel 00 <host which supports SSLv3>
|
||||||
# DEBUG=3 ./testssl.sh --devel 22 <host which still supports SSLv2>
|
# DEBUG=3 ./testssl.sh --devel 22 <host which still supports SSLv2>
|
||||||
TLS_LOW_BYTE="$2";
|
HEX_CIPHER="$TLS12_CIPHER"
|
||||||
|
TLS_LOW_BYTE="$2"
|
||||||
if [[ $# -eq 4 ]]; then # protocol AND ciphers specified
|
if [[ $# -eq 4 ]]; then # protocol AND ciphers specified
|
||||||
HEX_CIPHER="$3"
|
HEX_CIPHER="$3"
|
||||||
shift
|
shift
|
||||||
@ -21454,6 +21472,7 @@ parse_cmd_line() {
|
|||||||
|
|
||||||
count_do_variables
|
count_do_variables
|
||||||
[[ $? -eq 0 ]] && set_scanning_defaults
|
[[ $? -eq 0 ]] && set_scanning_defaults
|
||||||
|
set_skip_tests
|
||||||
[[ "$DEBUG" -ge 5 ]] && debug_globals
|
[[ "$DEBUG" -ge 5 ]] && debug_globals
|
||||||
|
|
||||||
# Unless explicit disabled, check if rating can be enabled
|
# Unless explicit disabled, check if rating can be enabled
|
||||||
|
Loading…
Reference in New Issue
Block a user