Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-10 02:30:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed two more errors for MTA-STS and domain identification

Browse Source 
* for sub.domain.tld $domain was empty
* typo for checking empty variable mta_sts_record led
  to a missing query for some type of domains
This commit is contained in:
Dirk Wetter 2021-01-14 14:30:13 +01:00
parent 4f1da9b192
commit 429a8cf643
1 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
testssl.sh
View File

@ -7394,23 +7394,19 @@ sub_mta_sts() {
domain=${NODE#*.} domain=${NODE#*.}
mta_sts_record="$(get_txt_record _mta-sts.$domain)" mta_sts_record="$(get_txt_record _mta-sts.$domain)"
fi fi
if [[ -z "$mta_sts_record" ]]; then
# unset to signal we didn't have success
domain=""
fi
else else
echo "#FIXME" echo "#FIXME"
echo "NODE: $NODE / URI: $URI / CMDLINE: ${CMDLINE[@]}" echo "NODE: $NODE / URI: $URI / CMDLINE: ${CMDLINE[@]}"
fi fi
fi fi
# 2+ level of subdomains? # 2+ level of subdomains?
# we check only for the TXT record in subdomains and give up if there's nothing?? # we check only for the TXT record in subdomains and give up if there's nothing??
# Possible that TXT record for domain overrides sub domain. if so: when ? # Possible that TXT record for domain overrides sub domain. if so: when ?
# error: ./testssl.sh -S --mx gmail.com --> no _mta-sts TXT record # - ./testssl.sh -S --mx gmail.com --> no _mta-sts TXT record ?
# --mx does this test for every single MX. We need to save the values # - --mx does this for every single MX. As the values are domain specific: global array?
[[ -z "$mta_sts_record" ]] && mta_sts_record="$(get_txt_record _mta-sts.$domain)"
[[ -z "mta_sts_record" ]] && mta_sts_record="$(get_txt_record _mta-sts.$domain)"
# echo "$mta_sts_record"; echo # echo "$mta_sts_record"; echo
mta_sts_record_ok=true mta_sts_record_ok=true
@ -7457,7 +7453,7 @@ sub_mta_sts() {
fi fi
done done
# we use at most 10 spaces. ToDo: look into the policy # we use at most 10 spaces. ToDo: check with RFC wrt to the format of the policy
if "$policy_ok"; then if "$policy_ok"; then
if [[ ! "$policy" =~ version[\ ]{0,10}:[\ ]{0,10}STSv1 ]]; then if [[ ! "$policy" =~ version[\ ]{0,10}:[\ ]{0,10}STSv1 ]]; then
failreason_policy+=("version should be STSv1 ") failreason_policy+=("version should be STSv1 ")
@ -7468,7 +7464,7 @@ sub_mta_sts() {
policy_ok=false policy_ok=false
fi fi
if [[ ! "$policy" =~ mode[\ ]{0,10}:[\ ]{0,10}(enforce|testing) ]]; then if [[ ! "$policy" =~ mode[\ ]{0,10}:[\ ]{0,10}(enforce|testing) ]]; then
failreason_policy+=("policy is neither testing or enforce") failreason_policy+=("policy should be either testing or enforce")
policy_ok=false policy_ok=false
fi fi
if [[ "$policy" =~ mode[\ ]{0,10}:[\ ]{0,10}testing ]]; then if [[ "$policy" =~ mode[\ ]{0,10}:[\ ]{0,10}testing ]]; then