mirror of
https://github.com/drwetter/testssl.sh.git
synced 2024-12-31 22:09:44 +01:00
commit
462a602625
28
testssl.sh
28
testssl.sh
@ -872,6 +872,26 @@ strip_quote() (
|
|||||||
)"
|
)"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# Converts a string containing PEM encoded data to one line.
|
||||||
|
pem_to_one_line() {
|
||||||
|
local pem="$1"
|
||||||
|
local header="" footer=""
|
||||||
|
|
||||||
|
if [[ "$pem" =~ .*-+BEGIN\ [A-Za-z0-9]+-+ ]]; then
|
||||||
|
header="$BASH_REMATCH"
|
||||||
|
pem="${pem/$header/}"
|
||||||
|
fi
|
||||||
|
if [[ "$pem" =~ -+END\ [A-Za-z0-9]+-+.* ]]; then
|
||||||
|
footer="$BASH_REMATCH"
|
||||||
|
pem="${pem/$footer/}"
|
||||||
|
fi
|
||||||
|
pem="$(strip_spaces "$(newline_to_spaces "$pem")")"
|
||||||
|
[[ -n "$header" ]] && pem="$header\\\n$pem"
|
||||||
|
[[ -n "$footer" ]] && pem+="\\\n$footer"
|
||||||
|
printf -- "%s" "$pem"
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
is_ipv4addr() {
|
is_ipv4addr() {
|
||||||
local octet="(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])"
|
local octet="(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])"
|
||||||
local ipv4address="$octet\\.$octet\\.$octet\\.$octet"
|
local ipv4address="$octet\\.$octet\\.$octet\\.$octet"
|
||||||
@ -1355,7 +1375,6 @@ fileout() {
|
|||||||
|
|
||||||
if { "$do_pretty_json" && [[ "$1" == service ]]; } || show_finding "$severity"; then
|
if { "$do_pretty_json" && [[ "$1" == service ]]; } || show_finding "$severity"; then
|
||||||
local finding=$(strip_lf "$(newline_to_spaces "$(strip_quote "$3")")") # additional quotes will mess up screen output
|
local finding=$(strip_lf "$(newline_to_spaces "$(strip_quote "$3")")") # additional quotes will mess up screen output
|
||||||
finding="${finding//\\n/ }"
|
|
||||||
[[ -e "$JSONFILE" ]] && [[ ! -d "$JSONFILE" ]] && fileout_json_finding "$1" "$severity" "$finding" "$cve" "$cwe" "$hint"
|
[[ -e "$JSONFILE" ]] && [[ ! -d "$JSONFILE" ]] && fileout_json_finding "$1" "$severity" "$finding" "$cve" "$cwe" "$hint"
|
||||||
"$do_csv" && [[ -n "$CSVFILE" ]] && [[ ! -d "$CSVFILE" ]] && \
|
"$do_csv" && [[ -n "$CSVFILE" ]] && [[ ! -d "$CSVFILE" ]] && \
|
||||||
fileout_csv_finding "$1" "$NODE/$NODEIP" "$PORT" "$severity" "$finding" "$cve" "$cwe" "$hint"
|
fileout_csv_finding "$1" "$NODE/$NODEIP" "$PORT" "$severity" "$finding" "$cve" "$cwe" "$hint"
|
||||||
@ -9181,8 +9200,7 @@ certificate_info() {
|
|||||||
fileout "cert_fingerprintSHA256${json_postfix}" "INFO" "${cert_fingerprint_sha2}"
|
fileout "cert_fingerprintSHA256${json_postfix}" "INFO" "${cert_fingerprint_sha2}"
|
||||||
outln "${spaces}SHA256 ${cert_fingerprint_sha2}"
|
outln "${spaces}SHA256 ${cert_fingerprint_sha2}"
|
||||||
|
|
||||||
# " " needs to be converted back to lf in JSON/CSV output. watch out leading/ending line containing "CERTIFICATE"
|
fileout "cert${json_postfix}" "INFO" "$(pem_to_one_line "$hostcert")"
|
||||||
fileout "cert${json_postfix}" "INFO" "$hostcert"
|
|
||||||
|
|
||||||
[[ -z $CERT_FINGERPRINT_SHA2 ]] && \
|
[[ -z $CERT_FINGERPRINT_SHA2 ]] && \
|
||||||
CERT_FINGERPRINT_SHA2="$cert_fingerprint_sha2" ||
|
CERT_FINGERPRINT_SHA2="$cert_fingerprint_sha2" ||
|
||||||
@ -9757,7 +9775,7 @@ certificate_info() {
|
|||||||
intermediates="${intermediates#${cert}-----END CERTIFICATE-----}"
|
intermediates="${intermediates#${cert}-----END CERTIFICATE-----}"
|
||||||
cert="-----BEGIN CERTIFICATE-----${cert}-----END CERTIFICATE-----"
|
cert="-----BEGIN CERTIFICATE-----${cert}-----END CERTIFICATE-----"
|
||||||
|
|
||||||
fileout "intermediate_cert <#${i}>${json_postfix}" "INFO" "$cert"
|
fileout "intermediate_cert <#${i}>${json_postfix}" "INFO" "$(pem_to_one_line "$cert")"
|
||||||
fileout "intermediate_cert_fingerprintSHA256 <#${i}>${json_postfix}" "INFO" "$(determine_cert_fingerprint_serial "$cert" "-fingerprint -sha256")"
|
fileout "intermediate_cert_fingerprintSHA256 <#${i}>${json_postfix}" "INFO" "$(determine_cert_fingerprint_serial "$cert" "-fingerprint -sha256")"
|
||||||
|
|
||||||
intermediate_certs_txt[i]="$($OPENSSL x509 -text -noout 2>/dev/null <<< "$cert")"
|
intermediate_certs_txt[i]="$($OPENSSL x509 -text -noout 2>/dev/null <<< "$cert")"
|
||||||
@ -20443,7 +20461,7 @@ fatal() {
|
|||||||
fi
|
fi
|
||||||
# Make sure we don't try to write into files when not created yet.
|
# Make sure we don't try to write into files when not created yet.
|
||||||
# No shorthand expression to avoid errors when $CMDLINE_PARSED haven't been filled yet.
|
# No shorthand expression to avoid errors when $CMDLINE_PARSED haven't been filled yet.
|
||||||
[[ $CMDLINE_PARSED == true ]] && fileout "scanProblem" "FATAL" "$1"
|
[[ $CMDLINE_PARSED == true ]] && fileout "scanProblem" "FATAL" "${1//\\n/ }" # See issue #2049.
|
||||||
exit $2
|
exit $2
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user