Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-19 15:09:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix regression in HTTP header

Browse Source 
This PR fixes one odd formatting of header flags like X-Frame-Options,
where the output header maybe contained a LF "\r". X-XSS-Protection was
also not correctly formatted due to the fact that only a part of it until
the blank was displayed.

Also the file output may contain now 1x less blank, e.g.

"X-Content-Type-Options: nosniff" instead of
"X-Content-Type-Options:  nosniff"
This commit is contained in:
Dirk 2017-12-04 15:47:45 +01:00
parent 868e872dc6
commit 721ca1e45c
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
testssl.sh
View File

@ -1224,7 +1224,7 @@ out_row_aligned_max_width() {
# text up to that space character the next line to print. # text up to that space character the next line to print.
line="${text:0:max_width}" line="${text:0:max_width}"
line="${line% *}" line="${line% *}"
i=${#line} i="${#line}"
if [[ $i -eq $max_width ]]; then if [[ $i -eq $max_width ]]; then
# If there are no space characters in the first $max_width # If there are no space characters in the first $max_width
# characters of the remaining text, then make the text up # characters of the remaining text, then make the text up
@ -1673,8 +1673,9 @@ detect_header() {
HEADERVALUE="" HEADERVALUE=""
return 0 return 0
elif [[ $nr -eq 1 ]]; then elif [[ $nr -eq 1 ]]; then
HEADERVALUE=$(grep -Eiaw "^ *$key:" $HEADERFILE) HEADERVALUE="$(grep -Eiaw "^ *$key:" $HEADERFILE)"
HEADERVALUE=${HEADERVALUE#*:} # remove leading part=key to colon HEADERVALUE="${HEADERVALUE#*:}" # remove leading part=key to colon
HEADERVALUE="$(strip_lf "$HEADERVALUE")"
HEADERVALUE="$(strip_leading_space "$HEADERVALUE")" HEADERVALUE="$(strip_leading_space "$HEADERVALUE")"
return 1 return 1
else else
@ -1683,8 +1684,9 @@ detect_header() {
pr_svrty_medium " ${nr}x" pr_svrty_medium " ${nr}x"
out " -- checking first one only" out " -- checking first one only"
out "\n$spaces" out "\n$spaces"
HEADERVALUE=$(grep -Faiw "$key:" $HEADERFILE | head -1) HEADERVALUE="$(grep -Faiw "$key:" $HEADERFILE | head -1)"
HEADERVALUE=${HEADERVALUE#*:} HEADERVALUE="${HEADERVALUE#*:}"
HEADERVALUE="$(strip_lf "$HEADERVALUE")"
HEADERVALUE="$(strip_leading_space "$HEADERVALUE")" HEADERVALUE="$(strip_leading_space "$HEADERVALUE")"
[[ $DEBUG -ge 2 ]] && tm_italic "$HEADERVALUE" && tm_out "\n$spaces" [[ $DEBUG -ge 2 ]] && tm_italic "$HEADERVALUE" && tm_out "\n$spaces"
fileout "${2}_multiple" "MEDIUM" "Multiple $2 headers. Using first header: $HEADERVALUE" fileout "${2}_multiple" "MEDIUM" "Multiple $2 headers. Using first header: $HEADERVALUE"
@ -2320,7 +2322,7 @@ run_cookie_flags() { # ARG1: Path
run_more_flags() { run_more_flags() {
local good_flags2test="X-Frame-Options X-XSS-Protection X-Content-Type-Options Content-Security-Policy X-Content-Security-Policy X-WebKit-CSP Content-Security-Policy-Report-Only Expect-CT" local good_flags2test="X-Frame-Options X-XSS-Protection X-Content-Type-Options Content-Security-Policy X-Content-Security-Policy X-WebKit-CSP Content-Security-Policy-Report-Only Expect-CT"
local other_flags2test="Access-Control-Allow-Origin Upgrade X-Served-By Referrer-Policy X-UA-Compatible" local other_flags2test="Access-Control-Allow-Origin Upgrade X-Served-By Referrer-Policy X-UA-Compatible"
local f2t line local f2t
local first=true local first=true
local spaces=" " local spaces=" "
@ -2339,8 +2341,7 @@ run_more_flags() {
first=false first=false
fi fi
pr_done_good "$f2t" pr_done_good "$f2t"
line="$(out_row_aligned_max_width "$f2t$HEADERVALUE" "$spaces" $TERM_WIDTH)" outln " $(out_row_aligned_max_width "$HEADERVALUE" "$spaces" $TERM_WIDTH)"
outln " ${line#* }"
fileout "$f2t" "OK" "$f2t: $HEADERVALUE" fileout "$f2t" "OK" "$f2t: $HEADERVALUE"
fi fi
done done