Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Handle --file option

Browse Source 
Introduced "trick" so that if the `--file` option is used, `html_header()` will only be called once before anything is printed and `html_footer()` will only be called once after all printing is complete. With this, `html_header()` now delete the output file if it exists.

Also introduced the `html_reserved()`, which is called for all text to be sent to `out_html()`. `html_reserved()` converts any HTML reserved characters (", ', &, <, >) to their corresponding entity names (&quot;, &apos;, &amp;, &lt;, &gt;).
This commit is contained in:
David Cooper 2017-02-09 17:03:21 -05:00 committed by GitHub
parent 1c5ef78913
commit a50488c44f
1 changed files with 55 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
testssl.sh
View File

@ -158,6 +158,7 @@ LOGFILE=${LOGFILE:-""} # logfile if used
JSONFILE=${JSONFILE:-""} # jsonfile if used
CSVFILE=${CSVFILE:-""} # csvfile if used
HTMLFILE=${CSVFILE:-""} # HTML if used
HTMLHEADER=true # include HTML headers and footers in HTML file, if one is being created
APPEND=${APPEND:-false} # append to csv/json file instead of overwriting it
GIVE_HINTS=false # give an addtional info to findings
HAS_IPv6=${HAS_IPv6:-false} # if you have OpenSSL with IPv6 support AND IPv6 networking set it to yes
@ -586,106 +587,111 @@ outln_term() { out_term "$1\n"; }
retstring(){
printf -- "%b" "${1//%/%%}"
}
# For HTML output, replace any HTML reserved characters with the entity name
html_reserved(){
echo "$1" | sed -e 's/\&/\&amp;/g' -e 's/</\&lt;/g' -e 's/>/\&gt;/g' -e 's/"/\&quot;/g' -e "s/'/\&quot;/g"
}
#TODO: Still no shell injection safe but if just run it from the cmd line: that's fine
# color print functions, see also http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x329.html
pr_liteblue_term() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out_term "\033[0;32m$1" || out_term "\033[0;34m$1" ) || out_term "$1"; pr_off; } # not yet used
pr_liteblue() { pr_liteblue_term "$1"; "$COLORBLIND" && out_html "<span style=\"color:#00cd00;\">$1</span>" || out_html "<span style=\"color:#0000ee;\">$1</span>"; }
pr_liteblue() { pr_liteblue_term "$1"; "$COLORBLIND" && out_html "<span style=\"color:#00cd00;\">$(html_reserved "$1")</span>" || out_html "<span style=\"color:#0000ee;\">$(html_reserved "$1")</span>"; }
pr_liteblueln_term() { pr_liteblue_term "$1"; outln_term; }
pr_liteblueln() { pr_liteblue "$1"; outln; }
pr_blue_term() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out_term "\033[1;32m$1" || out_term "\033[1;34m$1" ) || out_term "$1"; pr_off; } # used for head lines of single tests
pr_blue() { pr_blue_term "$1"; "$COLORBLIND" && out_html "<span style=\"color:lime;font-weight:bold;\">$1</span>" || out_html "<span style=\"color:#5c5cff;font-weight:bold;\">$1</span>"; }
pr_blue() { pr_blue_term "$1"; "$COLORBLIND" && out_html "<span style=\"color:lime;font-weight:bold;\">$(html_reserved "$1")</span>" || out_html "<span style=\"color:#5c5cff;font-weight:bold;\">$(html_reserved "$1")</span>"; }
pr_blueln_term() { pr_blue_term "$1"; outln_term; }
pr_blueln() { pr_blue "$1"; outln; }
pr_warning_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[0;35m$1" || pr_underline_term "$1"; pr_off; } # some local problem: one test cannot be done
pr_warning() { pr_warning_term "$1"; out_html "<span style=\"color:#cd00cd;\">$1</span>"; }
pr_warning() { pr_warning_term "$1"; out_html "<span style=\"color:#cd00cd;\">$(html_reserved "$1")</span>"; }
pr_warningln_term() { pr_warning_term "$1"; outln_term; } # litemagenta
pr_warningln() { pr_warning "$1"; outln; }
pr_magenta_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[1;35m$1" || pr_underline_term "$1"; pr_off; } # fatal error: quitting because of this!
pr_magenta() { pr_magenta_term "$1"; out_html "<span style=\"color:magenta;font-weight:bold;\">$1</span>"; }
pr_magenta() { pr_magenta_term "$1"; out_html "<span style=\"color:magenta;font-weight:bold;\">$(html_reserved "$1")</span>"; }
pr_magentaln_term() { pr_magenta_term "$1"; outln_term; }
pr_magentaln() { pr_magenta "$1"; outln; }
pr_litecyan_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[0;36m$1" || out_term "$1"; pr_off; } # not yet used
pr_litecyan() { pr_litecyan_term "$1"; out_html "<span style=\"color:#00cdcd;\">$1</span>"; }
pr_litecyan() { pr_litecyan_term "$1"; out_html "<span style=\"color:#00cdcd;\">$(html_reserved "$1")</span>"; }
pr_litecyanln_term() { pr_litecyan_term "$1"; outln_term; }
pr_litecyanln() { pr_litecyan "$1"; outln; }
pr_cyan_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[1;36m$1" || out_term "$1"; pr_off; } # additional hint
pr_cyan() { pr_cyan_term "$1"; out_html "<span style=\"color:cyan;font-weight:bold;\">$1</span>"; }
pr_cyan() { pr_cyan_term "$1"; out_html "<span style=\"color:cyan;font-weight:bold;\">$(html_reserved "$1")</span>"; }
pr_cyanln_term() { pr_cyan_term "$1"; outln_term; }
pr_cyanln() { pr_cyan "$1"; outln; }
pr_litegreyln_term() { pr_litegrey_term "$1"; outln_term; } # not really usable on a black background, see ..
pr_litegreyln() { pr_litegrey "$1"; outln; }
pr_litegrey_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[0;37m$1" || out_term "$1"; pr_off; } # ... https://github.com/drwetter/testssl.sh/pull/600#issuecomment-276129876
pr_litegrey() { pr_litegrey_term "$1"; out_html "<span style=\"color:darkgray;\">$1</span>"; }
pr_litegrey() { pr_litegrey_term "$1"; out_html "<span style=\"color:darkgray;\">$(html_reserved "$1")</span>"; }
pr_grey_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[1;30m$1" || out_term "$1"; pr_off; }
pr_grey() { pr_grey_term "$1"; out_html "<span style=\"color:#7f7f7f;font-weight:bold;\">$1</span>"; }
pr_grey() { pr_grey_term "$1"; out_html "<span style=\"color:#7f7f7f;font-weight:bold;\">$(html_reserved "$1")</span>"; }
pr_greyln_term() { pr_grey_term "$1"; outln_term; }
pr_greyln() { pr_grey "$1"; outln; }
pr_done_good_term() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out_term "\033[0;34m$1" || out_term "\033[0;32m$1" ) || out_term "$1"; pr_off; } # litegreen (liteblue), This is good
pr_done_good() { pr_done_good_term "$1"; "$COLORBLIND" && out_html "<span style=\"color:#0000ee;\">$1</span>" || out_html "<span style=\"color:#00cd00;\">$1</span>"; }
pr_done_good() { pr_done_good_term "$1"; "$COLORBLIND" && out_html "<span style=\"color:#0000ee;\">$(html_reserved "$1")</span>" || out_html "<span style=\"color:#00cd00;\">$(html_reserved "$1")</span>"; }
pr_done_goodln_term() { pr_done_good_term "$1"; outln_term; }
pr_done_goodln() { pr_done_good "$1"; outln; }
pr_done_best_term() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out_term "\033[1;34m$1" || out_term "\033[1;32m$1" ) || out_term "$1"; pr_off; } # green (blue), This is the best
pr_done_best() { pr_done_best_term "$1"; "$COLORBLIND" && out_html "<span style=\"color:#5c5cff;font-weight:bold;\">$1</span>" || out_html "<span style=\"color:lime;font-weight:bold;\">$1</span>"; }
pr_done_best() { pr_done_best_term "$1"; "$COLORBLIND" && out_html "<span style=\"color:#5c5cff;font-weight:bold;\">$(html_reserved "$1")</span>" || out_html "<span style=\"color:lime;font-weight:bold;\">$(html_reserved "$1")</span>"; }
pr_done_bestln_term() { pr_done_best_term "$1"; outln_term; }
pr_done_bestln() { pr_done_best "$1"; outln; }
pr_svrty_low_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[1;33m$1" || out_term "$1"; pr_off; } # yellow brown | academic or minor problem
pr_svrty_low() { pr_svrty_low_term "$1"; out_html "<span style=\"color:#cdcd00;font-weight:bold;\">$1</span>"; }
pr_svrty_low() { pr_svrty_low_term "$1"; out_html "<span style=\"color:#cdcd00;font-weight:bold;\">$(html_reserved "$1")</span>"; }
pr_svrty_lowln_term() { pr_svrty_low_term "$1"; outln_term; }
pr_svrty_lowln() { pr_svrty_low "$1"; outln; }
pr_svrty_medium_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[0;33m$1" || out_term "$1"; pr_off; } # brown | it is not a bad problem but you shouldn't do this
pr_svrty_medium() { pr_svrty_medium_term "$1"; out_html "<span style=\"color:#cd8000;\">$1</span>"; }
pr_svrty_medium() { pr_svrty_medium_term "$1"; out_html "<span style=\"color:#cd8000;\">$(html_reserved "$1")</span>"; }
pr_svrty_mediumln_term() { pr_svrty_medium_term "$1"; outln_term; }
pr_svrty_mediumln() { pr_svrty_medium "$1"; outln; }
pr_svrty_high_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[0;31m$1" || pr_bold_term "$1"; pr_off; } # litered
pr_svrty_high() { pr_svrty_high_term "$1"; out_html "<span style=\"color:#cd0000;\">$1</span>"; }
pr_svrty_high() { pr_svrty_high_term "$1"; out_html "<span style=\"color:#cd0000;\">$(html_reserved "$1")</span>"; }
pr_svrty_highln_term() { pr_svrty_high_term "$1"; outln_term; }
pr_svrty_highln() { pr_svrty_high "$1"; outln; }
pr_svrty_critical_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[1;31m$1" || pr_bold_term "$1"; pr_off; } # red
pr_svrty_critical() { pr_svrty_critical_term "$1"; out_html "<span style=\"color:red;font-weight:bold;\">$1</span>"; }
pr_svrty_critical() { pr_svrty_critical_term "$1"; out_html "<span style=\"color:red;font-weight:bold;\">$(html_reserved "$1")</span>"; }
pr_svrty_criticalln_term() { pr_svrty_critical_term "$1"; outln_term; }
pr_svrty_criticalln(){ pr_svrty_critical "$1"; outln; }
pr_deemphasize_term() { out_term "$1"; } # hook for a weakened screen output, see #600
pr_deemphasize() { pr_deemphasize_term "$1"; out_html "<span style=\"color:darkgray;\">$1</span>"; }
pr_deemphasize() { pr_deemphasize_term "$1"; out_html "<span style=\"color:darkgray;\">$(html_reserved "$1")</span>"; }
pr_deemphasizeln_term() { pr_deemphasize_term "$1"; outln_term; }
pr_deemphasizeln() { pr_deemphasize "$1"; outln; }
# color=1 functions
pr_off() { [[ "$COLOR" -ne 0 ]] && out_term "\033[m"; }
pr_bold_term() { [[ "$COLOR" -ne 0 ]] && out_term "\033[1m$1" || out_term "$1"; pr_off; }
pr_bold() { pr_bold_term "$1"; out_html "<span style=\"font-weight:bold;\">$1</span>"; }
pr_bold() { pr_bold_term "$1"; out_html "<span style=\"font-weight:bold;\">$(html_reserved "$1")</span>"; }
pr_boldln_term() { pr_bold_term "$1"; outln_term; }
pr_boldln() { pr_bold "$1" ; outln; }
pr_italic_term() { [[ "$COLOR" -ne 0 ]] && out_term "\033[3m$1" || out_term "$1"; pr_off; }
pr_italic() { pr_italic_term "$1"; out_html "<i>$1</i>"; }
pr_italic() { pr_italic_term "$1"; out_html "<i>$(html_reserved "$1")</i>"; }
pr_italicln_term() { pr_italic_term "$1"; outln_term; }
pr_italicln() { pr_italic "$1" ; outln; }
pr_strikethru_term() { [[ "$COLOR" -ne 0 ]] && out "\033[9m$1" || out "$1"; pr_off; } # ugly!
pr_strikethru() { pr_strikethru_term "$1"; out_html "<strike>$1</strike>"; }
pr_strikethru() { pr_strikethru_term "$1"; out_html "<strike>$(html_reserved "$1")</strike>"; }
pr_strikethruln_term() { pr_strikethru_term "$1"; outln_term; }
pr_strikethruln() { pr_strikethru "$1" ; outln; }
pr_underline_term() { [[ "$COLOR" -ne 0 ]] && out_term "\033[4m$1" || out_term "$1"; pr_off; }
pr_underline() { pr_underline_term "$1"; out_html "<u>$1</u>"; }
pr_underline() { pr_underline_term "$1"; out_html "<u>$(html_reserved "$1")</u>"; }
pr_underlineln_term() { pr_underline_term "$1"; outln_term; }
pr_underlineln() { pr_underline "$1"; outln; }
pr_reverse_term() { [[ "$COLOR" -ne 0 ]] && out_term "\033[7m$1" || out_term "$1"; pr_off; }
pr_reverse() { pr_reverse_term "$1"; out_html "<span style=\"color:white;background-color:black;\">$1</span>"; }
pr_reverse() { pr_reverse_term "$1"; out_html "<span style=\"color:white;background-color:black;\">$(html_reserved "$1")</span>"; }
pr_reverse_bold_term() { [[ "$COLOR" -ne 0 ]] && out_term "\033[7m\033[1m$1" || out_term "$1"; pr_off; }
pr_reverse_bold() { pr_reverse_bold_term "$1"; out_html "<span style=\"color:white;background-color:black;font-weight:bold;\">$1</span>"; }
pr_reverse_bold() { pr_reverse_bold_term "$1"; out_html "<span style=\"color:white;background-color:black;font-weight:bold;\">$(html_reserved "$1")</span>"; }
#pr_headline() { pr_blue "$1"; }
#http://misc.flogisoft.com/bash/tip_colors_and_formatting
#pr_headline() { [[ "$COLOR" -eq 2 ]] && out "\033[1;30m\033[47m$1" || out "$1"; pr_off; }
pr_headline_term() { [[ "$COLOR" -ne 0 ]] && out_term "\033[1m\033[4m$1" || out_term "$1"; pr_off; }
pr_headline() { pr_headline_term "$1"; out_html "<span style=\"text-decoration:underline;font-weight:bold;\">$1</span>"; }
pr_headline() { pr_headline_term "$1"; out_html "<span style=\"text-decoration:underline;font-weight:bold;\">$(html_reserved "$1")</span>"; }
pr_headlineln_term() { pr_headline_term "$1"; outln_term; }
pr_headlineln() { pr_headline "$1" ; outln; }
@ -963,21 +969,28 @@ fileout() { # ID, SEVERITY, FINDING, CVE, CWE, HINT
################### FILE FORMATING END #########################
html_header() {
out_html "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n"
out_html "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n"
out_html "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n"
out_html "<head>\n"
out_html "<meta http-equiv=\"Content-Type\" content=\"application/xml+xhtml; charset=UTF-8\" />\n"
out_html "<title>testssl.sh</title>\n"
out_html "</head>\n"
out_html "<body>\n"
out_html "<pre>\n"
if "$HTMLHEADER"; then
rm -f "$HTMLFILE"
out_html "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n"
out_html "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n"
out_html "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n"
out_html "<head>\n"
out_html "<meta http-equiv=\"Content-Type\" content=\"application/xml+xhtml; charset=UTF-8\" />\n"
out_html "<title>testssl.sh</title>\n"
out_html "</head>\n"
out_html "<body>\n"
out_html "<pre>\n"
fi
return 0
}
html_footer() {
out_html "</pre>\n"
out_html "</body>\n"
out_html "</html>\n"
if "$HTMLHEADER"; then
out_html "</pre>\n"
out_html "</body>\n"
out_html "</html>\n"
fi
return 0
}
###### helper function definitions ######
@ -11322,6 +11335,7 @@ cleanup () {
fi
outln
"$APPEND" || fileout_footer
html_footer
}
fatal() {
@ -11386,7 +11400,7 @@ ignore_no_or_lame() {
[[ "$WARNINGS" == off ]] && return 0
[[ "$WARNINGS" == false ]] && return 0
[[ "$WARNINGS" == batch ]] && return 1
pr_warning "$1 --> "
pr_warning_term "$1 --> "
read a
if [[ "$a" == "$(tolower "$2")" ]]; then
$ok_arg return 0
@ -12002,7 +12016,7 @@ datebanner() {
# one line with char $1 over screen width $2
draw_line() {
printf -- "$1"'%.s' $(eval "echo {1.."$(($2))"}")
out "$(printf -- "$1"'%.s' $(eval "echo {1.."$(($2))"}"))"
}
@ -12092,7 +12106,7 @@ run_mass_testing() {
cmdline=$(filter_input "$cmdline")
[[ -z "$cmdline" ]] && continue
[[ "$cmdline" == "EOF" ]] && break
cmdline="$0 $global_cmdline --warnings=batch -q --append $cmdline"
cmdline="$0 $global_cmdline --warnings=batch -q --no-html-header --append $cmdline"
draw_line "=" $((TERM_WIDTH / 2)); outln;
outln "$cmdline"
$cmdline
@ -12516,7 +12530,9 @@ parse_cmd_line() {
exit -6
fi
do_html=true
html_header
;;
--no-html-header)
HTMLHEADER=false
;;
--append)
APPEND=true
@ -12700,6 +12716,7 @@ lets_roll() {
initialize_globals
parse_cmd_line "$@"
html_header
get_install_dir
set_color_functions
maketempf
@ -12760,6 +12777,5 @@ else
fi
fi
fi
html_footer
exit $?