diff --git a/t/03_syntax_check.t b/t/03_syntax_check.t new file mode 100644 index 0000000..cf27689 --- /dev/null +++ b/t/03_syntax_check.t @@ -0,0 +1,63 @@ +#!/usr/bin/env perl + +# Basics: are there semantic errors which are easy to spot? + +use strict; +use Test::More; + +my $tests = 0; +my $prg="testssl.sh"; +my $os="$^O"; + +if ( $os eq "darwin" ){ + plan skip_all => 'No checks on MacOS'; +} + +#1 +printf "\n%s\n", "Testing for missing vars at left hand side in double square brackets ..."; + +# I know this isn't nice but perl doesn't seem for this so great either +my @matches = `grep -n '\\[\\[ [[:alpha:]]' $prg`; +is(scalar(@matches), 0, "Checking bad '[[ LHS' patterns") + or diag(@matches); +$tests++; + +# The following works only on GNU grep + +#2 +printf "\n%s\n", "Testing for backticks ..."; + +my @matches = qx(grep -nP '`[^`]*`' $prg); +is(scalar(@matches), 0, "Checking bad backtick patterns") +or diag(@matches); +$tests++; + +#3 +printf "\n%s\n", "Sourcing without checking the file exists #1 ..."; + +my @matches = qx(grep -nP '^\s*\.\s+\$' $prg); +is(scalar(@matches), 0, "Checking bad sourcing pattern #1") +or diag(@matches); +$tests++; + +#4 +printf "\n%s\n", "Sourcing without checking the file exists #2 ..."; + +my @matches = qx(grep -nP '^\s*source\s+\$' $prg); +is(scalar(@matches), 0, "Checking bad sourcing pattern #2") +or diag(@matches); +$tests++; + + +# We have three eval already, a) re-analyse + exempt them +#my @matches = qx(grep -nP '\beval\b' $prg); + + +# more would go here + +printf "\n"; +done_testing($tests); + + +# vim:ts=5:sw=5:expandtab + diff --git a/testssl.sh b/testssl.sh index 0ffb4ea..47f290a 100755 --- a/testssl.sh +++ b/testssl.sh @@ -433,7 +433,7 @@ KEY_EXCH_SCORE=100 # Keeps track of the score for category CIPH_STR_BEST=0 # Keeps track of the best bit size for category 3 "Cipher Strength" CIPH_STR_WORST=100000 # Keeps track of the worst bit size for category 3 "Cipher Strength" # Intentionally set very high, so it can be set to 0, if necessary -TRUSTED1ST="" # Contains the `-trusted_first` flag, if this version of openssl supports it +TRUSTED1ST="" # Contains the "-trusted_first" flag, if this version of openssl supports it ########### Global variables for parallel mass testing # @@ -17801,7 +17801,7 @@ run_renego() { tmp_result=2 rm -f $TEMPDIR/was_killed fi - if [[ $tmp_result -eq 1 ]] && [[ loop_reneg -eq 1 ]]; then + if [[ $tmp_result -eq 1 ]] && [[ $loop_reneg -eq 1 ]]; then tmp_result=3 fi if [[ $SERVICE != HTTP ]]; then @@ -19023,7 +19023,7 @@ run_drown() { if [[ $(has_server_protocol ssl2) -ne 1 ]]; then sslv2_sockets else - [[ aaa == bbb ]] # provoke return code=1 + false fi case $? in