Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 21:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix #694 (CSP and HTTP header friends were cut off @ last colon)

Browse Source 
introduced strip_leading_space() / strip_trailing_space()
This commit is contained in:
Dirk
2017-04-05 14:42:55 +02:00
parent 7549f10c79
commit 6b0f389225
1 changed files with 21 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
testssl.sh
View File

@@ -1204,9 +1204,14 @@ strip_spaces() {
echo "${1// /}" echo "${1// /}"
} }
trim_trailing_space() { # https://web.archive.org/web/20121022051228/http://codesnippets.joyent.com/posts/show/1816
echo "${1%%*( )}" strip_leading_space() {
echo "${1#"${1%%[\![:space:]]*}"}"
} }
strip_trailing_space() {
echo "${1%"${1##*[![:space:]]}"}"
}
# retrieve cipher from ServerHello (via openssl) # retrieve cipher from ServerHello (via openssl)
get_cipher() { get_cipher() {
@@ -1714,7 +1719,9 @@ detect_header() {
HEADERVALUE="" HEADERVALUE=""
return 0 return 0
elif [[ $nr -eq 1 ]]; then elif [[ $nr -eq 1 ]]; then
HEADERVALUE=$(grep -Faiw "$key:" $HEADERFILE | sed 's/^.*://') HEADERVALUE=$(grep -Faiw "$key:" $HEADERFILE)
HEADERVALUE=${HEADERVALUE#*:} # remove leading part=key to colon
HEADERVALUE="$(strip_leading_space "$HEADERVALUE")"
return 1 return 1
else else
pr_svrty_medium "misconfiguration: " pr_svrty_medium "misconfiguration: "
@@ -1722,15 +1729,14 @@ detect_header() {
pr_svrty_medium " ${nr}x" pr_svrty_medium " ${nr}x"
out " -- checking first one " out " -- checking first one "
out "\n$spaces" out "\n$spaces"
# first awk matches the key, second extracts the from the first line the value, be careful with quotes here! HEADERVALUE=$(grep -Faiw "$key:" $HEADERFILE | head -1)
HEADERVALUE=$(grep -Faiw "$key:" $HEADERFILE | sed 's/^.*://' | head -1) HEADERVALUE=${HEADERVALUE#*:}
HEADERVALUE="$(strip_leading_space "$HEADERVALUE")"
[[ $DEBUG -ge 2 ]] && tm_italic "$HEADERVALUE" && tm_out "\n$spaces" [[ $DEBUG -ge 2 ]] && tm_italic "$HEADERVALUE" && tm_out "\n$spaces"
fileout "$2""_multiple" "WARN" "Multiple $2 headers. Using first header: $HEADERVALUE" fileout "$2""_multiple" "WARN" "Multiple $2 headers. Using first header: $HEADERVALUE"
return $nr return $nr
fi fi
} }
# wir brauchen hier eine Funktion, die generell den Header detectiert
includeSubDomains() { includeSubDomains() {
if grep -aiqw includeSubDomains "$1"; then if grep -aiqw includeSubDomains "$1"; then
@@ -2296,28 +2302,30 @@ run_more_flags() {
pr_bold " Security headers " pr_bold " Security headers "
for f2t in $good_flags2test; do for f2t in $good_flags2test; do
debugme echo "---> $f2t" debugme echo "---> $f2t"
detect_header $f2t $f2t detect_header "$f2t" "$f2t"
if [[ $? -ge 1 ]]; then if [[ $? -ge 1 ]]; then
if ! "$first"; then if ! "$first"; then
out "$spaces" # output leading spaces if the first header out "$spaces" # output leading spaces if the first header
else else
first=false first=false
fi fi
pr_done_good "$f2t"; outln "$HEADERVALUE" pr_done_good "$f2t"
outln "$(out_row_aligned_max_width "$HEADERVALUE" " " $TERM_WIDTH)"
fileout "$f2t" "OK" "$f2t: $HEADERVALUE" fileout "$f2t" "OK" "$f2t: $HEADERVALUE"
fi fi
done done
for f2t in $other_flags2test; do for f2t in $other_flags2test; do
debugme echo "---> $f2t" debugme echo "---> $f2t"
detect_header $f2t $f2t detect_header "$f2t" "$f2t"
if [[ $? -ge 1 ]]; then if [[ $? -ge 1 ]]; then
if ! "$first"; then if ! "$first"; then
out "$spaces" # output leading spaces if the first header out "$spaces" # output leading spaces if the first header
else else
first=false first=false
fi fi
pr_litecyan "$f2t"; outln "$HEADERVALUE" pr_litecyan "$f2t"
outln "$HEADERVALUE" # shouldn't be that long
fileout "$f2t" "WARN" "$f2t: $HEADERVALUE" fileout "$f2t" "WARN" "$f2t: $HEADERVALUE"
fi fi
done done