Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1657 from magnuslarsen/3.1dev

Browse Source 
[Rating] STARTTLS output styling
This commit is contained in:
Dirk Wetter 2020-06-24 09:51:21 +02:00 committed by GitHub
commit 55f7f7d69a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/testssl.1.md
View File

@ -419,14 +419,14 @@ set_grade_warning "Documentation is always right"
#### Implementing a new check which contains grade caps #### Implementing a new check which contains grade caps
When implementing a new check (be it vulnerability or not) that sets grade caps, the `set_rating_state()` has to be updated (i.e. the `$do_mycheck` variable-name has to be added to the loop, and `$nr_enabled` if-statement has to be incremented) When implementing a new check (be it vulnerability or not) that sets grade caps, the `set_rating_state()` has to be updated (i.e. the `$do_mycheck` variable-name has to be added to the loop, and `$nr_enabled` if-statement has to be incremented)
The `set_rating_state()` automatically disables ratinng, if all the required checks are *not* enabled. The `set_rating_state()` automatically disables rating, if all the required checks are *not* enabled.
This is to prevent giving out a misleading or wrong grade. This is to prevent giving out a misleading or wrong grade.
#### Implementing a new revision #### Implementing a new revision
When a new revision of the rating specification comes around, the following has to be done: When a new revision of the rating specification comes around, the following has to be done:
* New grade caps has to be either: * New grade caps has to be either:
1. Added to the script wherever relevant, or 1. Added to the script wherever relevant, or
2. Added to the above list of missing checks (if *i.* is not possible) 2. Added to the above list of missing checks (if above is not possible)
* New grade warnings has to be added wherever relevant * New grade warnings has to be added wherever relevant
* The revision output in `run_rating()` function has to updated * The revision output in `run_rating()` function has to updated

11
testssl.sh
View File

@ -20802,14 +20802,7 @@ run_rating() {
pr_headlineln " Rating (experimental) " pr_headlineln " Rating (experimental) "
outln outln
if [[ -n "$STARTTLS_PROTOCOL" ]]; then [[ -n "$STARTTLS_PROTOCOL" ]] && set_grade_cap "T" "Encryption via STARTTLS is not mandatory (opportunistic). This leads to a false sense of security"
pr_bold " Grade "; pr_svrty_critical "T"
outln " - STARTTLS encryption is opportunistic"
outln " (Further details would lead to a false sense of security)"
fileout "grade" "CRITICAL" "T"
fileout "grade_cap_reasons" "INFO" "No more details shown as it would lead to a false sense of security"
return 0
fi
# Sort the reasons. This is just nicer to read in genereal # Sort the reasons. This is just nicer to read in genereal
IFS=$'\n' sorted_reasons=($(sort -ru <<<"${GRADE_CAP_REASONS[*]}")) IFS=$'\n' sorted_reasons=($(sort -ru <<<"${GRADE_CAP_REASONS[*]}"))
@ -20912,7 +20905,7 @@ run_rating() {
pr_bold " Final Score "; outln $final_score pr_bold " Final Score "; outln $final_score
# get score, and somehow do something about the GRADE_CAP # Calculate the pre-cap grade
if [[ $final_score -ge 80 ]]; then if [[ $final_score -ge 80 ]]; then
pre_cap_grade="A" pre_cap_grade="A"
elif [[ $final_score -ge 65 ]]; then elif [[ $final_score -ge 65 ]]; then