Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-08 09:40:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Stop labeling X-XSS-Protection as green (3.0 branch)

Browse Source 
* X-XSS-Protection is now labled as a neutral finding as suggested in #1762
* Also it adds colons to header values

This a quick fix for the stable version as opposed to #1764 ff.
It also changes the color from lite cyan to neutral
This commit is contained in:
Dirk Wetter 2020-11-13 13:57:21 +01:00
parent f3abf77ed8
commit 99a158d952
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
testssl.sh
View File

@ -3036,8 +3036,8 @@ run_cookie_flags() { # ARG1: Path
run_security_headers() { run_security_headers() {
local good_header="X-Frame-Options X-XSS-Protection X-Content-Type-Options Content-Security-Policy X-Content-Security-Policy X-WebKit-CSP Content-Security-Policy-Report-Only Expect-CT" local good_header="X-Frame-Options X-Content-Type-Options Content-Security-Policy X-Content-Security-Policy X-WebKit-CSP Content-Security-Policy-Report-Only Expect-CT"
local other_header="Access-Control-Allow-Origin Upgrade X-Served-By Referrer-Policy X-UA-Compatible Cache-Control Pragma" local other_header="Access-Control-Allow-Origin Upgrade X-Served-By Referrer-Policy X-UA-Compatible Cache-Control Pragma X-XSS-Protection"
local header header_output local header header_output
local first=true local first=true
local spaces=" " local spaces=" "
@ -3058,7 +3058,7 @@ run_security_headers() {
fi fi
# Include $header when determining where to insert line breaks, but print $header # Include $header when determining where to insert line breaks, but print $header
# separately. # separately.
pr_svrty_good "$header" pr_svrty_good "$header"; out ":"
header_output="$(out_row_aligned_max_width "${header:2} $HEADERVALUE" "$spaces " $TERM_WIDTH)" header_output="$(out_row_aligned_max_width "${header:2} $HEADERVALUE" "$spaces " $TERM_WIDTH)"
outln "${header_output#${header:2}}" outln "${header_output#${header:2}}"
fileout "$header" "OK" "$HEADERVALUE" fileout "$header" "OK" "$HEADERVALUE"
@ -3073,8 +3073,8 @@ run_security_headers() {
if "$first"; then if "$first"; then
first=false first=false
fi fi
pr_litecyan "$header" out "$header"
outln " $HEADERVALUE" # shouldn't be that long outln ": $HEADERVALUE" # shouldn't be that long
fileout "$header" "INFO" "$HEADERVALUE" fileout "$header" "INFO" "$HEADERVALUE"
fi fi
done done