First round of polishing @magnuslarsen's contribution

* instead of DISABLE_GRADING we use do_grading as for run_* functions we currently don't
  support global variables
* Add AEAD cipher set_grade_cap (needs to be tested though)

* remove redundant quotes
* be to be safe add double quotes at other places
* Fix typos
* Polishing output

Tasks (not complete):

* Review whether it is rated as intended
* Do we want to mofify SSL Lab's rating? (SSLv3 e.g., T for SHA1 certificate?)
* Does JSON output work?
* TLS 1.3 only server are not rated properly --> wait for SSLlabs?
* SWEET32: rating refers to TLS 1.1 atm. SSLlabs docu doesn't give a hint
  (is their docu incomplete?)
* Rating for STARTTLS at all?
This commit is contained in:
Dirk Wetter 2020-04-17 13:24:32 +02:00
parent 64735d0241
commit 359965dc17
1 changed files with 66 additions and 71 deletions

View File

@ -227,7 +227,6 @@ fi
DISPLAY_CIPHERNAMES="openssl" # display OpenSSL ciphername (but both OpenSSL and RFC ciphernames in wide mode) DISPLAY_CIPHERNAMES="openssl" # display OpenSSL ciphername (but both OpenSSL and RFC ciphernames in wide mode)
declare -r UA_STD="TLS tester from $SWURL" declare -r UA_STD="TLS tester from $SWURL"
declare -r UA_SNEAKY="Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" declare -r UA_SNEAKY="Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
DISABLE_GRADING=${DISABLE_GRADING:-false} # Whether to disable grading, or not
########### Initialization part, further global vars just being declared here ########### Initialization part, further global vars just being declared here
# #
@ -990,34 +989,33 @@ f5_port_decode() {
echo $((16#${tmp:2:2}${tmp:0:2})) # reverse order and convert it from hex to dec echo $((16#${tmp:2:2}${tmp:0:2})) # reverse order and convert it from hex to dec
} }
###### END universal helper function definitions ######
###### START scoring function definitions ######
# Sets the grade cap to ARG1 # Sets the grade cap to ARG1
# arg1: A grade to set ("A", "B", "C", "D", "E", "F", "M", or "T") # arg1: A grade to set ("A", "B", "C", "D", "E", "F", "M", or "T")
# arg2: A reason why (e.g. "Vulnerable to CRIME") # arg2: A reason why (e.g. "Vulnerable to CRIME")
set_grade_cap() { set_grade_cap() {
# Do nothing if disabled "$do_grading" || return 0
"$DISABLE_GRADING" && return 0
GRADE_CAP_REASONS+=("Grade capped to $1. $2") GRADE_CAP_REASONS+=("Grade capped to $1. $2")
# Always set special attributes. These are hard caps, due to name mismatch or cert being invalid # Always set special attributes. These are hard caps, due to name mismatch or cert being invalid
if [[ "$1" == "T" || "$1" == "M" ]]; then if [[ "$1" == T || "$1" == M ]]; then
GRADE_CAP=$1 GRADE_CAP="$1"
# Only keep track of the lowest grade cap, since a higher grade cap wont do anything (F = lowest, A = highest) # Only keep track of the lowest grade cap, since a higher grade cap wont do anything (F = lowest, A = highest)
elif [[ ! "$GRADE_CAP" > "$1" ]]; then elif [[ ! "$GRADE_CAP" > "$1" ]]; then
GRADE_CAP=$1 GRADE_CAP="$1"
fi fi
return 0 return 0
} }
# Sets a grade warning, as specified by the grade specification # Sets a grade warning, as specified by the grade specification
# arg1: A warning message # arg1: A warning message
set_grade_warning() { set_grade_warning() {
# Do nothing if disabled "$do_grading" || return 0
"$DISABLE_GRADING" && return 0
GRADE_WARNINGS+=("$1") GRADE_WARNINGS+=("$1")
return 0 return 0
} }
@ -1028,18 +1026,17 @@ set_key_str_score() {
local type=$1 local type=$1
local size=$2 local size=$2
# Do nothing if disabled "$do_grading" || return 0
"$DISABLE_GRADING" && return 0
# TODO: We need to get the size of DH params (follows the same table as the "else" clause) # TODO: We need to get the size of DH params (follows the same table as the "else" clause)
# For now, verifying the key size will do... # For now, verifying the key size will do...
if [[ $type == "EC" || $type == "DH" ]]; then if [[ $type == EC || $type == DH ]]; then
if [[ $size -lt 110 ]]; then if [[ $size -lt 110 ]]; then
let KEY_EXCH_SCORE=20 let KEY_EXCH_SCORE=20
set_grade_cap "F" "Using a insecure key" set_grade_cap "F" "Using an insecure key"
elif [[ $size -lt 123 ]]; then elif [[ $size -lt 123 ]]; then
let KEY_EXCH_SCORE=40 let KEY_EXCH_SCORE=40
set_grade_cap "F" "Using a insecure key" set_grade_cap "F" "Using an insecure key"
elif [[ $size -lt 163 ]]; then elif [[ $size -lt 163 ]]; then
let KEY_EXCH_SCORE=80 let KEY_EXCH_SCORE=80
set_grade_cap "B" "Using a weak key" set_grade_cap "B" "Using a weak key"
@ -1049,15 +1046,15 @@ set_key_str_score() {
let KEY_EXCH_SCORE=100 let KEY_EXCH_SCORE=100
else else
let KEY_EXCH_SCORE=0 let KEY_EXCH_SCORE=0
set_grade_cap "F" "Using a insecure key" set_grade_cap "F" "Using an insecure key"
fi fi
else else
if [[ $size -lt 512 ]]; then if [[ $size -lt 512 ]]; then
let KEY_EXCH_SCORE=20 let KEY_EXCH_SCORE=20
set_grade_cap "F" "Using a insecure key" set_grade_cap "F" "Using an insecure key"
elif [[ $size -lt 1024 ]]; then elif [[ $size -lt 1024 ]]; then
let KEY_EXCH_SCORE=40 let KEY_EXCH_SCORE=40
set_grade_cap "F" "Using a insecure key" set_grade_cap "F" "Using an insecure key"
elif [[ $size -lt 2048 ]]; then elif [[ $size -lt 2048 ]]; then
let KEY_EXCH_SCORE=80 let KEY_EXCH_SCORE=80
set_grade_cap "B" "Using a weak key" set_grade_cap "B" "Using a weak key"
@ -1067,10 +1064,9 @@ set_key_str_score() {
let KEY_EXCH_SCORE=100 let KEY_EXCH_SCORE=100
else else
let KEY_EXCH_SCORE=0 let KEY_EXCH_SCORE=0
set_grade_cap "F" "Using a insecure key" set_grade_cap "F" "Using an insecure key"
fi fi
fi fi
return 0 return 0
} }
@ -1080,18 +1076,14 @@ set_key_str_score() {
set_ciph_str_score() { set_ciph_str_score() {
local size=$1 local size=$1
# Do nothing if disabled "$do_grading" || return 0
"$DISABLE_GRADING" && return 0
[[ $size -gt $CIPH_STR_BEST ]] && let CIPH_STR_BEST=$size [[ $size -gt $CIPH_STR_BEST ]] && let CIPH_STR_BEST=$size
[[ $size -lt $CIPH_STR_WORST ]] && let CIPH_STR_WORST=$size [[ $size -lt $CIPH_STR_WORST ]] && let CIPH_STR_WORST=$size
return 0 return 0
} }
###### START ServerHello/OpenSSL/F5 function definitions ###### ###### END scoring function definitions ######
###### END helper function definitions ######
##################### START output file formatting functions ######################### ##################### START output file formatting functions #########################
#################### START JSON file functions #################### #################### START JSON file functions ####################
@ -5854,7 +5846,9 @@ sub_cipherlists() {
;; ;;
esac esac
# Not a perfect place here. A new one should be picked in the future
[[ $sclient_success -eq 0 && "$1" =~ (^|:)EXPORT(:|$) ]] && set_grade_cap "F" "Export suite offered" [[ $sclient_success -eq 0 && "$1" =~ (^|:)EXPORT(:|$) ]] && set_grade_cap "F" "Export suite offered"
[[ $sclient_success -eq 0 && "$1" =~ AEAD ]] && set_grade_cap "B" "No AEAD ciphers offered"
fi fi
tmpfile_handle ${FUNCNAME[0]}.${5}.txt tmpfile_handle ${FUNCNAME[0]}.${5}.txt
[[ $DEBUG -ge 1 ]] && tm_out " -- $1" [[ $DEBUG -ge 1 ]] && tm_out " -- $1"
@ -5959,7 +5953,7 @@ run_cipherlists() {
ret=$((ret + $?)) ret=$((ret + $?))
sub_cipherlists "$ossl_good_ciphers" "" " non-FS Strong encryption (AEAD ciphers) " 6 "GOOD" "$good_ciphers" "" "$using_sockets" "" "" sub_cipherlists "$ossl_good_ciphers" "" " non-FS Strong encryption (AEAD ciphers) " 6 "GOOD" "$good_ciphers" "" "$using_sockets" "" ""
ret=$((ret + $?)) ret=$((ret + $?))
sub_cipherlists "$ossl_strong_ciphers" 'ALL' " Forward Secure Strong encryption (AEAD ciphers)" 7 "STRONG" "$strong_ciphers" "" "$using_sockets" "" "" sub_cipherlists "$ossl_strong_ciphers" ALL " FS + Strong encryption (AEAD ciphers) " 7 "STRONG" "$strong_ciphers" "" "$using_sockets" "" ""
ret=$((ret + $?)) ret=$((ret + $?))
outln outln
@ -9756,9 +9750,9 @@ run_fs() {
if [[ $sclient_success -ne 0 ]]; then if [[ $sclient_success -ne 0 ]]; then
outln outln
prln_svrty_medium " No ciphers supporting Forward Secrecy offered" prln_svrty_medium " No ciphers supporting Forward Secrecy (FS) offered"
fileout "$jsonID" "MEDIUM" "No ciphers supporting (P)FS offered" fileout "$jsonID" "MEDIUM" "No ciphers supporting Forward Secrecy offered"
set_grade_cap "B" "Forward Security (PFS) is not supported" set_grade_cap "B" "Forward Secrecy (FS) is not supported"
else else
outln outln
fs_offered=true fs_offered=true
@ -15961,7 +15955,7 @@ run_sweet32() {
local -i nr_sweet32_ciphers=0 nr_supported_ciphers=0 nr_ssl2_sweet32_ciphers=0 nr_ssl2_supported_ciphers=0 local -i nr_sweet32_ciphers=0 nr_supported_ciphers=0 nr_ssl2_sweet32_ciphers=0 nr_ssl2_supported_ciphers=0
local ssl2_sweet=false local ssl2_sweet=false
local using_sockets=true local using_sockets=true
local tls1_1_vulnable=false local tls1_1_vulnerable=false
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for SWEET32 (Birthday Attacks on 64-bit Block Ciphers) " && outln [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for SWEET32 (Birthday Attacks on 64-bit Block Ciphers) " && outln
pr_bold " SWEET32"; out " (${cve// /, }) " pr_bold " SWEET32"; out " (${cve// /, }) "
@ -16022,7 +16016,7 @@ run_sweet32() {
sclient_connect_successful $? $TMPFILE sclient_connect_successful $? $TMPFILE
sclient_success=$? sclient_success=$?
[[ $DEBUG -ge 2 ]] && grep -Eq "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error" [[ $DEBUG -ge 2 ]] && grep -Eq "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error"
[[ $proto == -tls1_1 && $sclient_success -eq 0 ]] && tls1_1_vulnable=true [[ $proto == -tls1_1 && $sclient_success -eq 0 ]] && tls1_1_vulnerable=true
[[ $sclient_success -eq 0 ]] && break [[ $sclient_success -eq 0 ]] && break
done done
if "$HAS_SSL2"; then if "$HAS_SSL2"; then
@ -16042,11 +16036,11 @@ run_sweet32() {
if [[ $sclient_success -eq 0 ]] && "$ssl2_sweet" ; then if [[ $sclient_success -eq 0 ]] && "$ssl2_sweet" ; then
pr_svrty_low "VULNERABLE"; out ", uses 64 bit block ciphers for SSLv2 and above" pr_svrty_low "VULNERABLE"; out ", uses 64 bit block ciphers for SSLv2 and above"
fileout "SWEET32" "LOW" "uses 64 bit block ciphers for SSLv2 and above" "$cve" "$cwe" "$hint" fileout "SWEET32" "LOW" "uses 64 bit block ciphers for SSLv2 and above" "$cve" "$cwe" "$hint"
"$tls1_1_vulnable" && set_grade_cap "C" "Uses 64 bit block ciphers with TLS1.1+ (vulnerable to SWEET32)" "$tls1_1_vulnerable" && set_grade_cap "C" "Uses 64 bit block ciphers with TLS 1.1 (vulnerable to SWEET32)"
elif [[ $sclient_success -eq 0 ]]; then elif [[ $sclient_success -eq 0 ]]; then
pr_svrty_low "VULNERABLE"; out ", uses 64 bit block ciphers" pr_svrty_low "VULNERABLE"; out ", uses 64 bit block ciphers"
fileout "SWEET32" "LOW" "uses 64 bit block ciphers" "$cve" "$cwe" "$hint" fileout "SWEET32" "LOW" "uses 64 bit block ciphers" "$cve" "$cwe" "$hint"
"$tls1_1_vulnable" && set_grade_cap "C" "Uses 64 bit block ciphers with TLS1.1+ (vulnerable to SWEET32)" "$tls1_1_vulnerable" && set_grade_cap "C" "Uses 64 bit block ciphers with TLS 1.1 (vulnerable to SWEET32)"
elif "$ssl2_sweet"; then elif "$ssl2_sweet"; then
pr_svrty_low "VULNERABLE"; out ", uses 64 bit block ciphers wth SSLv2 only" pr_svrty_low "VULNERABLE"; out ", uses 64 bit block ciphers wth SSLv2 only"
fileout "SWEET32" "LOW" "uses 64 bit block ciphers with SSLv2 only" "$cve" "$cwe" "$hint" fileout "SWEET32" "LOW" "uses 64 bit block ciphers with SSLv2 only" "$cve" "$cwe" "$hint"
@ -17348,7 +17342,7 @@ run_rc4() {
sigalg[i]="$(read_sigalg_from_file "$TMPFILE")" sigalg[i]="$(read_sigalg_from_file "$TMPFILE")"
# If you use RC4 with newer protocols, you are punished harder # If you use RC4 with newer protocols, you are punished harder
if [[ "$proto" == "-tls1_1" ]]; then if [[ "$proto" == -tls1_1 ]]; then
set_grade_cap "C" "RC4 ciphers offered on TLS 1.1" set_grade_cap "C" "RC4 ciphers offered on TLS 1.1"
fi fi
done done
@ -20553,24 +20547,27 @@ run_grading() {
local c3_worst c3_best c3_worst_cb c3_best_cb local c3_worst c3_best c3_worst_cb c3_best_cb
local old_ifs=$IFS sorted_reasons sorted_warnings reason_loop=0 warning_loop=0 local old_ifs=$IFS sorted_reasons sorted_warnings reason_loop=0 warning_loop=0
outln "\n";
pr_headlineln " Calculating grades (experimental)"
outln
# Sort the reasons. This is just nicer to read in genereal # Sort the reasons. This is just nicer to read in genereal
IFS=$'\n' sorted_reasons=($(sort -ru <<<"${GRADE_CAP_REASONS[*]}")) IFS=$'\n' sorted_reasons=($(sort -ru <<<"${GRADE_CAP_REASONS[*]}"))
IFS=$'\n' sorted_warnings=($(sort -u <<<"${GRADE_WARNINGS[*]}")) IFS=$'\n' sorted_warnings=($(sort -u <<<"${GRADE_WARNINGS[*]}"))
IFS=$old_ifs IFS=$old_ifs
fileout "grading_spec" "INFO" "SSLLabs's 'SSL Server Rating Guide' (revision 2009q) (near complete)" fileout "grading_spec" "INFO" "SSLLabs's 'SSL Server Rating Guide' version 2009q from 2020-01-30 (near complete)"
pr_bold " Grading specification "; out "SSLLabs's 'SSL Server Rating Guide' (revision 2009q)"; prln_warning " (near complete)" pr_bold " Grading specification "; out "SSL Labs's 'SSL Server Rating Guide' version 2009q from 2020-01-30"; prln_warning " (near complete)"
pr_bold " Specification documentation "; pr_url "https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide" pr_bold " Specification documentation "; pr_url "https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide"
outln outln
# No point in calculating a score, if a cap of "F", "T", or "M" has been set # No point in calculating a score, if a cap of "F", "T", or "M" has been set
if [[ $GRADE_CAP == "F" || $GRADE_CAP == "T" || $GRADE_CAP == "M" ]]; then if [[ $GRADE_CAP == F || $GRADE_CAP == T || $GRADE_CAP == M ]]; then
pr_bold " Protocol Support "; out "(weighted) "; outln "0 (0)" pr_bold " Protocol Support "; out "(weighted) "; outln "0 (0)"
pr_bold " Key Exchange "; out " (weighted) "; outln "0 (0)" pr_bold " Key Exchange "; out " (weighted) "; outln "0 (0)"
pr_bold " Cipher Stregth "; out " (weighted) "; outln "0 (0)" pr_bold " Cipher Strength "; out " (weighted) "; outln "0 (0)"
pr_bold " Final Score "; outln "0" pr_bold " Final Score "; outln "0"
pr_bold " Grade "; prln_svrty_critical "$GRADE_CAP" pr_bold " Grade "; prln_svrty_critical "$GRADE_CAP"
fileout "grade" "CRITICAL" "$GRADE_CAP" fileout "grade" "CRITICAL" "$GRADE_CAP"
outln
else else
## Category 1 ## Category 1
# get best score, by searching for the best protocol, until a hit occurs # get best score, by searching for the best protocol, until a hit occurs
@ -20642,7 +20639,7 @@ run_grading() {
let c3_score="($c3_best+$c3_worst)/2" # Gets the category score let c3_score="($c3_best+$c3_worst)/2" # Gets the category score
let c3_wscore=$c3_score*40/100 # Gets the weighted score for category (40%) let c3_wscore=$c3_score*40/100 # Gets the weighted score for category (40%)
pr_bold " Cipher Stregth "; out " (weighted) "; outln "$c3_score ($c3_wscore)" pr_bold " Cipher Strength "; out " (weighted) "; outln "$c3_score ($c3_wscore)"
## Calculate final score and grade ## Calculate final score and grade
let final_score=$c1_wscore+$c2_wscore+$c3_wscore let final_score=$c1_wscore+$c2_wscore+$c3_wscore
@ -20668,7 +20665,7 @@ run_grading() {
if [[ $GRADE_CAP != "" && ! $pre_cap_grade > $GRADE_CAP ]]; then if [[ $GRADE_CAP != "" && ! $pre_cap_grade > $GRADE_CAP ]]; then
final_grade=$GRADE_CAP final_grade=$GRADE_CAP
# For "exceptional" config, an "A+" is awarded, or "A-" for slightly less "exceptional" # For "exceptional" config, an "A+" is awarded, or "A-" for slightly less "exceptional"
elif [[ $GRADE_CAP == "" && $pre_cap_grade == "A" ]]; then elif [[ $GRADE_CAP == "" && $pre_cap_grade == A ]]; then
if [[ ${#sorted_warnings[@]} -eq 0 ]]; then if [[ ${#sorted_warnings[@]} -eq 0 ]]; then
final_grade="A+" final_grade="A+"
else else
@ -20679,27 +20676,27 @@ run_grading() {
fi fi
case "$final_grade" in case "$final_grade" in
"A"*) pr_bold " Grade " A*) pr_bold " Grade "
prln_svrty_best $final_grade prln_svrty_best $final_grade
fileout "grade" "OK" "$final_grade" fileout "grade" "OK" "$final_grade"
;; ;;
"B") pr_bold " Grade " B) pr_bold " Grade "
prln_svrty_medium $final_grade prln_svrty_medium $final_grade
fileout "grade" "MEDIUM" "$final_grade" fileout "grade" "MEDIUM" "$final_grade"
;; ;;
"C") pr_bold " Grade " C) pr_bold " Grade "
prln_svrty_medium $final_grade prln_svrty_medium $final_grade
fileout "grade" "MEDIUM" "$final_grade" fileout "grade" "MEDIUM" "$final_grade"
;; ;;
"D") pr_bold " Grade " D) pr_bold " Grade "
prln_svrty_high $final_grade prln_svrty_high $final_grade
fileout "grade" "HIGH" "$final_grade" fileout "grade" "HIGH" "$final_grade"
;; ;;
"E") pr_bold " Grade " E) pr_bold " Grade "
prln_svrty_high $final_grade prln_svrty_high $final_grade
fileout "grade" "HIGH" "$final_grade" fileout "grade" "HIGH" "$final_grade"
;; ;;
"F") pr_bold " Grade " F) pr_bold " Grade "
prln_svrty_critical $final_grade prln_svrty_critical $final_grade
fileout "grade" "CRITICAL" "$final_grade" fileout "grade" "CRITICAL" "$final_grade"
;; ;;
@ -20749,7 +20746,7 @@ set_grading_state() {
# ... else we can't grade # ... else we can't grade
if [[ $nr_enabled -lt 18 ]]; then if [[ $nr_enabled -lt 18 ]]; then
DISABLE_GRADING=true do_grading=false
return 1 return 1
fi fi
@ -20798,6 +20795,7 @@ initialize_globals() {
do_client_simulation=false do_client_simulation=false
do_display_only=false do_display_only=false
do_starttls=false do_starttls=false
do_grading=false
} }
@ -20833,6 +20831,7 @@ set_scanning_defaults() {
else else
VULN_COUNT=12 VULN_COUNT=12
fi fi
do_grading=true
} }
# returns number of $do variables set = number of run_funcs() to perform # returns number of $do variables set = number of run_funcs() to perform
@ -20843,7 +20842,7 @@ count_do_variables() {
for gbl in do_allciphers do_vulnerabilities do_beast do_lucky13 do_breach do_ccs_injection do_ticketbleed do_cipher_per_proto do_crime \ for gbl in do_allciphers do_vulnerabilities do_beast do_lucky13 do_breach do_ccs_injection do_ticketbleed do_cipher_per_proto do_crime \
do_freak do_logjam do_drown do_header do_heartbleed do_mx_all_ips do_fs do_protocols do_rc4 do_grease do_robot do_renego \ do_freak do_logjam do_drown do_header do_heartbleed do_mx_all_ips do_fs do_protocols do_rc4 do_grease do_robot do_renego \
do_cipherlists do_server_defaults do_server_preference do_ssl_poodle do_tls_fallback_scsv \ do_cipherlists do_server_defaults do_server_preference do_ssl_poodle do_tls_fallback_scsv \
do_sweet32 do_client_simulation do_cipher_match do_tls_sockets do_mass_testing do_display_only; do do_sweet32 do_client_simulation do_cipher_match do_tls_sockets do_mass_testing do_display_only do_grading; do
[[ "${!gbl}" == true ]] && let true_nr++ [[ "${!gbl}" == true ]] && let true_nr++
done done
return $true_nr return $true_nr
@ -20856,7 +20855,7 @@ debug_globals() {
for gbl in do_allciphers do_vulnerabilities do_beast do_lucky13 do_breach do_ccs_injection do_ticketbleed do_cipher_per_proto do_crime \ for gbl in do_allciphers do_vulnerabilities do_beast do_lucky13 do_breach do_ccs_injection do_ticketbleed do_cipher_per_proto do_crime \
do_freak do_logjam do_drown do_header do_heartbleed do_mx_all_ips do_fs do_protocols do_rc4 do_grease do_robot do_renego \ do_freak do_logjam do_drown do_header do_heartbleed do_mx_all_ips do_fs do_protocols do_rc4 do_grease do_robot do_renego \
do_cipherlists do_server_defaults do_server_preference do_ssl_poodle do_tls_fallback_scsv \ do_cipherlists do_server_defaults do_server_preference do_ssl_poodle do_tls_fallback_scsv \
do_sweet32 do_client_simulation do_cipher_match do_tls_sockets do_mass_testing do_display_only; do do_sweet32 do_client_simulation do_cipher_match do_tls_sockets do_mass_testing do_display_only do_grading; do
printf "%-22s = %s\n" $gbl "${!gbl}" printf "%-22s = %s\n" $gbl "${!gbl}"
done done
printf "%-22s : %s\n" URI: "$URI" printf "%-22s : %s\n" URI: "$URI"
@ -21121,7 +21120,7 @@ parse_cmd_line() {
do_grease=true do_grease=true
;; ;;
--disable-grading) --disable-grading)
DISABLE_GRADING=true do_grading=false
;; ;;
-9|--full) -9|--full)
set_scanning_defaults set_scanning_defaults
@ -21449,7 +21448,7 @@ parse_cmd_line() {
# Unless explicit disabled, check if grading can be enabled # Unless explicit disabled, check if grading can be enabled
# Should be called after set_scanning_defaults # Should be called after set_scanning_defaults
"$DISABLE_GRADING" || set_grading_state "$do_grading" || set_grading_state
CMDLINE_PARSED=true CMDLINE_PARSED=true
} }
@ -21620,13 +21619,9 @@ lets_roll() {
fileout_section_header $section_number true && ((section_number++)) fileout_section_header $section_number true && ((section_number++))
"$do_client_simulation" && { run_client_simulation; ret=$(($? + ret)); stopwatch run_client_simulation; } "$do_client_simulation" && { run_client_simulation; ret=$(($? + ret)); stopwatch run_client_simulation; }
if ! "$DISABLE_GRADING"; then
outln; pr_headlineln " Calculating grade "
outln
fileout_section_header $section_number true && ((section_number++)) fileout_section_header $section_number true && ((section_number++))
{ run_grading; ret=$(($? + ret)); stopwatch run_grading; } "$do_grading" && { run_grading; ret=$(($? + ret)); stopwatch run_grading; }
fi
fi fi
fileout_section_footer true fileout_section_footer true
fi fi