Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-29 04:49:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix SC2068, SC2145, SC2199

Browse Source
This commit is contained in:
meisam 2023-10-31 10:59:12 +01:00
parent 502c08ce54
commit 4886b85e10
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
testssl.sh
View File

@ -17325,19 +17325,19 @@ run_breach() {
# Final verdict (if not happened preemptively before). We reuse $detected_compression here # Final verdict (if not happened preemptively before). We reuse $detected_compression here
detected_compression="" detected_compression=""
if [[ ${has_compression[@]} =~ warn ]]; then if [[ ${has_compression[*]} =~ warn ]]; then
# warn_empty / warn_stalled # warn_empty / warn_stalled
if [[ ${has_compression[@]} =~ warn_empty ]]; then if [[ ${has_compression[*]} =~ warn_empty ]]; then
pr_warning "At least 1/4 checks failed (HTTP header request was empty, debug: ${has_compression[@]}" pr_warning "At least 1/4 checks failed (HTTP header request was empty, debug: ${has_compression[*]}"
out ", debug: ${has_compression[@]})" out ", debug: ${has_compression[*]})"
fileout "$jsonID" "WARN" "Test failed as HTTP response was empty, debug: ${has_compression[@]}" "$cve" "$cwe" fileout "$jsonID" "WARN" "Test failed as HTTP response was empty, debug: ${has_compression[*]}" "$cve" "$cwe"
else # warn_stalled else # warn_stalled
pr_warning "At least 1/4 checks failed (HTTP header request stalled and was terminated" pr_warning "At least 1/4 checks failed (HTTP header request stalled and was terminated"
out ", debug: ${has_compression[@]})" out ", debug: ${has_compression[*]})"
fileout "$jsonID" "WARN" "Test failed as HTTP request stalled and was terminated" "$cve" "$cwe" fileout "$jsonID" "WARN" "Test failed as HTTP request stalled and was terminated" "$cve" "$cwe"
fi fi
else else
for c in ${has_compression[@]}; do for c in "${has_compression[@]}"; do
if [[ $c =~ yes ]]; then if [[ $c =~ yes ]]; then
detected_compression+="${c%:*} " detected_compression+="${c%:*} "
fi fi
@ -17348,7 +17348,7 @@ run_breach() {
outln "${spaces}${when_makesense}" outln "${spaces}${when_makesense}"
fileout "$jsonID" "MEDIUM" "potentially VULNERABLE, $detected_compression HTTP compression detected $disclaimer" "$cve" "$cwe" "$hint" fileout "$jsonID" "MEDIUM" "potentially VULNERABLE, $detected_compression HTTP compression detected $disclaimer" "$cve" "$cwe" "$hint"
fi fi
debugme outln "${spaces}has_compression: ${has_compression[@]}" debugme outln "${spaces}has_compression: ${has_compression[*]}"
;; ;;
esac esac
@ -18743,7 +18743,7 @@ run_winshock() {
# Check whether there are any TLS extension which should not be available under <= Windows 2012 R2 # Check whether there are any TLS extension which should not be available under <= Windows 2012 R2
for tls_ext in $TLS_EXTENSIONS; do for tls_ext in $TLS_EXTENSIONS; do
# We use the whole array, got to be careful when the array becomes bigger (unintended match) # We use the whole array, got to be careful when the array becomes bigger (unintended match)
if [[ ${forbidden_tls_ext[@]} =~ $tls_ext ]]; then if [[ ${forbidden_tls_ext[*]} =~ $tls_ext ]]; then
pr_svrty_best "not vulnerable (OK)"; outln " - TLS extension $tls_ext detected" pr_svrty_best "not vulnerable (OK)"; outln " - TLS extension $tls_ext detected"
fileout "$jsonID" "OK" "not vulnerable - TLS extension $tls_ext detected" "$cve" "$cwe" fileout "$jsonID" "OK" "not vulnerable - TLS extension $tls_ext detected" "$cve" "$cwe"
return 0 return 0
@ -23134,7 +23134,7 @@ debug_globals() {
set_skip_tests() { set_skip_tests() {
local t local t
for t in ${SKIP_TESTS[@]} ; do for t in "${SKIP_TESTS[@]}" ; do
t="do_${t}" t="do_${t}"
# declare won't do it here --> local scope # declare won't do it here --> local scope
eval "$t"=false eval "$t"=false
@ -23318,7 +23318,7 @@ parse_cmd_line() {
# then we need to make sure we catch --ids-friendly. Normally we do not, # then we need to make sure we catch --ids-friendly. Normally we do not,
# see #1717. The following statement makes sure. In the do-while + case-esac # see #1717. The following statement makes sure. In the do-while + case-esac
# loop it will be execute again, but it does not hurt # loop it will be execute again, but it does not hurt
if [[ "${CMDLINE_ARRAY[@]}" =~ --ids-friendly ]]; then if [[ "${CMDLINE_ARRAY[*]}" =~ --ids-friendly ]]; then
OFFENSIVE=false OFFENSIVE=false
fi fi
do_vulnerabilities=true do_vulnerabilities=true