Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-02-01 05:11:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

imor housekeeping for `fileout() in run_http_header()`

Browse Source
This commit is contained in:
Dirk 2017-09-18 18:18:05 +02:00
parent 200440a28f
commit 6b1d81d28d
1 changed files with 11 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
testssl.sh
View File

@ -1416,51 +1416,33 @@ run_http_header() {
out ", redirecting to \""; pr_url "$redirect"; out "\"" out ", redirecting to \""; pr_url "$redirect"; out "\""
if [[ $redirect == "http://"* ]]; then if [[ $redirect == "http://"* ]]; then
pr_svrty_high " -- Redirect to insecure URL (NOT ok)" pr_svrty_high " -- Redirect to insecure URL (NOT ok)"
fileout "insecure_redirect" "HIGH" "Redirect to insecure URL. Url: \"$redirect\"" fileout "insecure_redirect" "HIGH" "Redirect to insecure URL: \"$redirect\""
fi fi
fileout "HTTP_STATUS_CODE" "INFO" \ fileout "HTTP_STATUS_CODE" "INFO" "$HTTP_STATUS_CODE$msg_thereafter (\"$URL_PATH\" tested)"
"Testing HTTP header response @ \"$URL_PATH\", $HTTP_STATUS_CODE$msg_thereafter, redirecting to \"$redirect\""
;; ;;
200) 200|204|403|405)
fileout "HTTP_STATUS_CODE" "INFO" \ fileout "HTTP_STATUS_CODE" "INFO" "$HTTP_STATUS_CODE$msg_thereafter (\"$URL_PATH\" tested)"
"Testing HTTP header response @ \"$URL_PATH\", $HTTP_STATUS_CODE$msg_thereafter"
;;
204)
fileout "HTTP_STATUS_CODE" "INFO" \
"Testing HTTP header response @ \"$URL_PATH\", $HTTP_STATUS_CODE$msg_thereafter"
;; ;;
206) 206)
out " -- WTF?" out " -- WHAT?"
fileout "HTTP_STATUS_CODE" "INFO" \ fileout "HTTP_STATUS_CODE" "INFO" "$HTTP_STATUS_CODE$msg_thereafter (\"$URL_PATH\" tested) -- WHAT?"
"Testing HTTP header response @ \"$URL_PATH\", $HTTP_STATUS_CODE$msg_thereafter -- WTF?" # partial content shouldn't happen
;; ;;
400) 400)
pr_cyan " (Hint: better try another URL)" pr_cyan " (Hint: better try another URL)"
fileout "HTTP_STATUS_CODE" "INFO" \ fileout "HTTP_STATUS_CODE" "INFO" "$HTTP_STATUS_CODE$msg_thereafter (\"$URL_PATH\" tested) -- better try another URL"
"Testing HTTP header response @ \"$URL_PATH\", $HTTP_STATUS_CODE$msg_thereafter (Hint: better try another URL)"
;; ;;
401) 401)
grep -aq "^WWW-Authenticate" $HEADERFILE && out " "; out "$(strip_lf "$(grep -a "^WWW-Authenticate" $HEADERFILE)")" grep -aq "^WWW-Authenticate" $HEADERFILE && out " "; out "$(strip_lf "$(grep -a "^WWW-Authenticate" $HEADERFILE)")"
fileout "HTTP_STATUS_CODE" "INFO" \ fileout "HTTP_STATUS_CODE" "INFO" "$HTTP_STATUS_CODE$msg_thereafter (\"$URL_PATH\" tested) -- $(grep -a "^WWW-Authenticate" $HEADERFILE)"
"Testing HTTP header response @ \"$URL_PATH\", $HTTP_STATUS_CODE$msg_thereafter $(grep -a "^WWW-Authenticate" $HEADERFILE)"
;;
403)
fileout "HTTP_STATUS_CODE" "INFO" \
"Testing HTTP header response @ \"$URL_PATH\", $HTTP_STATUS_CODE$msg_thereafter"
;; ;;
404) 404)
out " (Hint: supply a path which doesn't give a \"$HTTP_STATUS_CODE$msg_thereafter\")" out " (Hint: supply a path which doesn't give a \"$HTTP_STATUS_CODE$msg_thereafter\")"
fileout "HTTP_STATUS_CODE" "INFO" \ fileout "HTTP_STATUS_CODE" "INFO" "$HTTP_STATUS_CODE$msg_thereafter (\"$URL_PATH\" tested) -- better supply a path which doesn't give a \"$HTTP_STATUS_CODE$msg_thereafter\""
"Testing HTTP header response @ \"$URL_PATH\", $HTTP_STATUS_CODE$msg_thereafter (Hint: supply a path which doesn't give a \"$HTTP_STATUS_CODE$msg_thereafter\")"
;;
405)
fileout "HTTP_STATUS_CODE" "INFO" \
"Testing HTTP header response @ \"$URL_PATH\", $HTTP_STATUS_CODE$msg_thereafter"
;; ;;
*) *)
pr_warning ". Oh, didn't expect \"$HTTP_STATUS_CODE$msg_thereafter\"" pr_warning ". Oh, didn't expect \"$HTTP_STATUS_CODE$msg_thereafter\""
fileout "HTTP_STATUS_CODE" "DEBUG" \ fileout "HTTP_STATUS_CODE" "DEBUG" "$HTTP_STATUS_CODE$msg_thereafter (\"$URL_PATH\" tested) -- Oops, didn't expect a \"$HTTP_STATUS_CODE$msg_thereafter\""
"Testing HTTP header response @ \"$URL_PATH\", $HTTP_STATUS_CODE$msg_thereafter. Oh, didn't expect a $HTTP_STATUS_CODE$msg_thereafter"
;; ;;
esac esac
outln outln