mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 17:20:57 +01:00
Avoid conflict of parallel mass scanning + connect timeouts
As stated in #1435 when specifying ``-connect-timeout=20`` AND ``--parallel`` there asa problem with the file handles of child processes (__testssl.sh: line 10454: 5: Bad file descriptor__). This commit mitigates that in a sense that both switches can't be used together. There's a check now in parse_cmd_line(). In addition it addresses a problem when fatal() is called and e.g. JSON files haven't been created yet (error message ~ __testssl.sh: line 825: : No such file or directory__). It introduces a global CMDLINE_PARSED which remembers the state whether ``parse_cmd_line()`` has been fully executed or not. Only when the former is the case it allows writing to files. That implies that in main parse_cmd_line() has to be followed by json_header() and similar.
This commit is contained in:
parent
c375403482
commit
5c2a9772ea
21
testssl.sh
21
testssl.sh
@ -146,6 +146,7 @@ HNAME="$(hostname)"
|
|||||||
HNAME="${HNAME%%.*}"
|
HNAME="${HNAME%%.*}"
|
||||||
|
|
||||||
declare CMDLINE
|
declare CMDLINE
|
||||||
|
CMDLINE_PARSED="" # This makes sure we don't let early fatal() write into files when files aren't created yet
|
||||||
declare -r -a CMDLINE_ARRAY=("$@") # When performing mass testing, the child processes need to be sent the
|
declare -r -a CMDLINE_ARRAY=("$@") # When performing mass testing, the child processes need to be sent the
|
||||||
declare -a MASS_TESTING_CMDLINE # command line in the form of an array (see #702 and http://mywiki.wooledge.org/BashFAQ/050).
|
declare -a MASS_TESTING_CMDLINE # command line in the form of an array (see #702 and http://mywiki.wooledge.org/BashFAQ/050).
|
||||||
|
|
||||||
@ -17434,9 +17435,12 @@ cleanup() {
|
|||||||
[[ -d "$TEMPDIR" ]] && rm -rf "$TEMPDIR";
|
[[ -d "$TEMPDIR" ]] && rm -rf "$TEMPDIR";
|
||||||
fi
|
fi
|
||||||
outln
|
outln
|
||||||
"$SECTION_FOOTER_NEEDED" && fileout_section_footer true
|
# No shorthand expression to avoid errors when $CMDLINE_PARSED haven't been filled yet.
|
||||||
html_footer
|
if [[ $CMDLINE_PARSED == true ]]; then
|
||||||
fileout_footer
|
"$SECTION_FOOTER_NEEDED" && fileout_section_footer true
|
||||||
|
html_footer
|
||||||
|
fileout_footer
|
||||||
|
fi
|
||||||
# debugging off, see above
|
# debugging off, see above
|
||||||
grep -q xtrace <<< "$SHELLOPTS" && ! "$DEBUG_ALLINONE" && exec 2>&42 42>&-
|
grep -q xtrace <<< "$SHELLOPTS" && ! "$DEBUG_ALLINONE" && exec 2>&42 42>&-
|
||||||
}
|
}
|
||||||
@ -17460,7 +17464,9 @@ fatal() {
|
|||||||
outln "$3" >&2
|
outln "$3" >&2
|
||||||
[[ -n "$LOGFILE" ]] && outln "$3" >>$LOGFILE
|
[[ -n "$LOGFILE" ]] && outln "$3" >>$LOGFILE
|
||||||
fi
|
fi
|
||||||
fileout "scanProblem" "FATAL" "$1"
|
# Make sure we don't try to write into files when not created yet.
|
||||||
|
# No shorthand expression to avoid errors when $CMDLINE_PARSED haven't been filled yet.
|
||||||
|
[[ $CMDLINE_PARSED == true ]] && fileout "scanProblem" "FATAL" "$1"
|
||||||
exit $2
|
exit $2
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -19272,6 +19278,7 @@ parse_cmd_line() {
|
|||||||
local -i subret=0
|
local -i subret=0
|
||||||
|
|
||||||
CMDLINE="$(create_cmd_line_string "${CMDLINE_ARRAY[@]}")"
|
CMDLINE="$(create_cmd_line_string "${CMDLINE_ARRAY[@]}")"
|
||||||
|
CMDLINE_PARSED=false
|
||||||
|
|
||||||
# Show usage if no options were specified
|
# Show usage if no options were specified
|
||||||
[[ -z "$1" ]] && help 0
|
[[ -z "$1" ]] && help 0
|
||||||
@ -19774,9 +19781,12 @@ parse_cmd_line() {
|
|||||||
URI="$1"
|
URI="$1"
|
||||||
[[ -n "$2" ]] && fatal "URI comes last" $ERR_CMDLINE
|
[[ -n "$2" ]] && fatal "URI comes last" $ERR_CMDLINE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Now spot some incompatibilities in cmdlines
|
||||||
[[ $CMDLINE_IP == one ]] && [[ "$NODNS" == none ]] && fatal "\"--ip=one\" and \"--nodns=none\" don't work together" $ERR_CMDLINE
|
[[ $CMDLINE_IP == one ]] && [[ "$NODNS" == none ]] && fatal "\"--ip=one\" and \"--nodns=none\" don't work together" $ERR_CMDLINE
|
||||||
[[ $CMDLINE_IP == one ]] && ( is_ipv4addr "$URI" || is_ipv6addr "$URI" ) && fatal "\"--ip=one\" plus supplying an IP address doesn't work" $ERR_CMDLINE
|
[[ $CMDLINE_IP == one ]] && ( is_ipv4addr "$URI" || is_ipv6addr "$URI" ) && fatal "\"--ip=one\" plus supplying an IP address doesn't work" $ERR_CMDLINE
|
||||||
"$do_mx_all_ips" && [[ "$NODNS" == none ]] && fatal "\"--mx\" and \"--nodns=none\" don't work together" $ERR_CMDLINE
|
"$do_mx_all_ips" && [[ "$NODNS" == none ]] && fatal "\"--mx\" and \"--nodns=none\" don't work together" $ERR_CMDLINE
|
||||||
|
[[ -n "$CONNECT_TIMEOUT" ]] && [[ "$MASS_TESTING_MODE" == parallel ]] && fatal "Parallel mass scanning and specifying connect timeouts currently don't work together" $ERR_CMDLINE
|
||||||
|
|
||||||
ADDITIONAL_CA_FILES="${ADDITIONAL_CA_FILES//,/ }"
|
ADDITIONAL_CA_FILES="${ADDITIONAL_CA_FILES//,/ }"
|
||||||
for fname in $ADDITIONAL_CA_FILES; do
|
for fname in $ADDITIONAL_CA_FILES; do
|
||||||
@ -19787,6 +19797,7 @@ parse_cmd_line() {
|
|||||||
[[ "$DEBUG" -ge 5 ]] && debug_globals
|
[[ "$DEBUG" -ge 5 ]] && debug_globals
|
||||||
# if we have no "do_*" set here --> query_globals: we do a standard run -- otherwise just the one specified
|
# if we have no "do_*" set here --> query_globals: we do a standard run -- otherwise just the one specified
|
||||||
query_globals && set_scanning_defaults
|
query_globals && set_scanning_defaults
|
||||||
|
CMDLINE_PARSED=true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -19985,6 +19996,8 @@ lets_roll() {
|
|||||||
initialize_globals
|
initialize_globals
|
||||||
check_base_requirements # needs to come after $do_html is defined
|
check_base_requirements # needs to come after $do_html is defined
|
||||||
parse_cmd_line "$@"
|
parse_cmd_line "$@"
|
||||||
|
# CMDLINE_PARSED has been set now. Don't put a now function after this which calls fatal(). Rather
|
||||||
|
# put it after csv_header below
|
||||||
# html_header() needs to be called early! Otherwise if html_out() is called before html_header() and the
|
# html_header() needs to be called early! Otherwise if html_out() is called before html_header() and the
|
||||||
# command line contains --htmlfile <htmlfile> or --html, it'll make problems with html output, see #692.
|
# command line contains --htmlfile <htmlfile> or --html, it'll make problems with html output, see #692.
|
||||||
# json_header and csv_header could be called later but for context reasons we'll leave it here
|
# json_header and csv_header could be called later but for context reasons we'll leave it here
|
||||||
|
Loading…
Reference in New Issue
Block a user