Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-01 06:19:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1677 from drwetter/breach2medium

Browse Source 
Revised risk for BREACH --> medium
This commit is contained in:
Dirk Wetter 2020-07-10 19:56:53 +02:00 committed by GitHub
commit 41ac04ef27
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
testssl.sh
View File

@ -16102,7 +16102,7 @@ run_breach() {
ret=1
;;
no_compression)
pr_svrty_best "no gzip/deflate/compress/br HTTP compression (OK) "
pr_svrty_good "no gzip/deflate/compress/br HTTP compression (OK) "
outln "$disclaimer"
fileout "$jsonID" "OK" "not vulnerable, no gzip/deflate/compress/br HTTP compression $disclaimer" "$cve" "$cwe"
ret=0
@ -16150,10 +16150,10 @@ run_breach() {
fi
done
detected_compression="$(strip_trailing_space "$detected_compression")"
pr_svrty_high "potentially NOT ok, \"$detected_compression\" HTTP compression detected."
pr_svrty_medium "potentially NOT ok, \"$detected_compression\" HTTP compression detected."
outln "$disclaimer"
outln "${spaces}${when_makesense}"
fileout "$jsonID" "HIGH" "potentially VULNERABLE, $detected_compression HTTP compression detected $disclaimer" "$cve" "$cwe" "$hint"
fileout "$jsonID" "MEDIUM" "potentially VULNERABLE, $detected_compression HTTP compression detected $disclaimer" "$cve" "$cwe" "$hint"
fi
debugme outln "${spaces}has_compression: ${has_compression[@]}"
;;