Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1677 from drwetter/breach2medium

Browse Source 
Revised risk for BREACH --> medium
This commit is contained in:
Dirk Wetter 2020-07-10 19:56:53 +02:00 committed by GitHub
commit 41ac04ef27
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
testssl.sh
View File

@ -16102,7 +16102,7 @@ run_breach() {
ret=1 ret=1
;; ;;
no_compression) no_compression)
pr_svrty_best "no gzip/deflate/compress/br HTTP compression (OK) " pr_svrty_good "no gzip/deflate/compress/br HTTP compression (OK) "
outln "$disclaimer" outln "$disclaimer"
fileout "$jsonID" "OK" "not vulnerable, no gzip/deflate/compress/br HTTP compression $disclaimer" "$cve" "$cwe" fileout "$jsonID" "OK" "not vulnerable, no gzip/deflate/compress/br HTTP compression $disclaimer" "$cve" "$cwe"
ret=0 ret=0
@ -16150,10 +16150,10 @@ run_breach() {
fi fi
done done
detected_compression="$(strip_trailing_space "$detected_compression")" detected_compression="$(strip_trailing_space "$detected_compression")"
pr_svrty_high "potentially NOT ok, \"$detected_compression\" HTTP compression detected." pr_svrty_medium "potentially NOT ok, \"$detected_compression\" HTTP compression detected."
outln "$disclaimer" outln "$disclaimer"
outln "${spaces}${when_makesense}" outln "${spaces}${when_makesense}"
fileout "$jsonID" "HIGH" "potentially VULNERABLE, $detected_compression HTTP compression detected $disclaimer" "$cve" "$cwe" "$hint" fileout "$jsonID" "MEDIUM" "potentially VULNERABLE, $detected_compression HTTP compression detected $disclaimer" "$cve" "$cwe" "$hint"
fi fi
debugme outln "${spaces}has_compression: ${has_compression[@]}" debugme outln "${spaces}has_compression: ${has_compression[@]}"
;; ;;