From 6888045bc83137b86c6ab9a97c3402c5e59ad82a Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Tue, 30 Nov 2021 07:29:24 -0500
Subject: [PATCH] Fix #2049 in 3.0

This commit fixes #2049 by converting newline characters to spaces in JSON and CSV findings.

fileout() calls newline_to_spaces() on any $finding that is to be written to a JSON or CSV file. However, this only affects actual newline characters in the string, not escaped newline characters (i.e., "\n"). Escaped newline characters pass through this function unchanged, but then get converted to newline characters when they are written to the JSON and/or CSV files. This commit fixes the problem by also converting escaped newline characters ("\n") to spaces.
---
 testssl.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/testssl.sh b/testssl.sh
index 4c75f6b..1551747 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -946,6 +946,7 @@ fileout() {
 
      if ( "$do_pretty_json" && [[ "$1" == service ]] ) || show_finding "$severity"; then
           local finding=$(strip_lf "$(newline_to_spaces "$(strip_quote "$3")")")           # additional quotes will mess up screen output
+          finding="${finding//\\n/ }"
           [[ -e "$JSONFILE" ]] && [[ ! -d "$JSONFILE" ]] && fileout_json_finding "$1" "$severity" "$finding" "$cve" "$cwe" "$hint"
           "$do_csv" && [[ -n "$CSVFILE" ]] && [[ ! -d "$CSVFILE" ]] && \
                fileout_csv_finding "$1" "$NODE/$NODEIP" "$PORT" "$severity" "$finding" "$cve" "$cwe" "$hint"