diff --git a/testssl.sh b/testssl.sh
index d25730b..9c93718 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -158,6 +158,7 @@ LOGFILE=${LOGFILE:-""} # logfile if used
JSONFILE=${JSONFILE:-""} # jsonfile if used
CSVFILE=${CSVFILE:-""} # csvfile if used
HTMLFILE=${CSVFILE:-""} # HTML if used
+HTMLHEADER=true # include HTML headers and footers in HTML file, if one is being created
APPEND=${APPEND:-false} # append to csv/json file instead of overwriting it
GIVE_HINTS=false # give an addtional info to findings
HAS_IPv6=${HAS_IPv6:-false} # if you have OpenSSL with IPv6 support AND IPv6 networking set it to yes
@@ -586,106 +587,111 @@ outln_term() { out_term "$1\n"; }
retstring(){
printf -- "%b" "${1//%/%%}"
}
+
+# For HTML output, replace any HTML reserved characters with the entity name
+html_reserved(){
+ echo "$1" | sed -e 's/\&/\&/g' -e 's//\>/g' -e 's/"/\"/g' -e "s/'/\"/g"
+}
#TODO: Still no shell injection safe but if just run it from the cmd line: that's fine
# color print functions, see also http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x329.html
pr_liteblue_term() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out_term "\033[0;32m$1" || out_term "\033[0;34m$1" ) || out_term "$1"; pr_off; } # not yet used
-pr_liteblue() { pr_liteblue_term "$1"; "$COLORBLIND" && out_html "$1" || out_html "$1"; }
+pr_liteblue() { pr_liteblue_term "$1"; "$COLORBLIND" && out_html "$(html_reserved "$1")" || out_html "$(html_reserved "$1")"; }
pr_liteblueln_term() { pr_liteblue_term "$1"; outln_term; }
pr_liteblueln() { pr_liteblue "$1"; outln; }
pr_blue_term() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out_term "\033[1;32m$1" || out_term "\033[1;34m$1" ) || out_term "$1"; pr_off; } # used for head lines of single tests
-pr_blue() { pr_blue_term "$1"; "$COLORBLIND" && out_html "$1" || out_html "$1"; }
+pr_blue() { pr_blue_term "$1"; "$COLORBLIND" && out_html "$(html_reserved "$1")" || out_html "$(html_reserved "$1")"; }
pr_blueln_term() { pr_blue_term "$1"; outln_term; }
pr_blueln() { pr_blue "$1"; outln; }
pr_warning_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[0;35m$1" || pr_underline_term "$1"; pr_off; } # some local problem: one test cannot be done
-pr_warning() { pr_warning_term "$1"; out_html "$1"; }
+pr_warning() { pr_warning_term "$1"; out_html "$(html_reserved "$1")"; }
pr_warningln_term() { pr_warning_term "$1"; outln_term; } # litemagenta
pr_warningln() { pr_warning "$1"; outln; }
pr_magenta_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[1;35m$1" || pr_underline_term "$1"; pr_off; } # fatal error: quitting because of this!
-pr_magenta() { pr_magenta_term "$1"; out_html "$1"; }
+pr_magenta() { pr_magenta_term "$1"; out_html "$(html_reserved "$1")"; }
pr_magentaln_term() { pr_magenta_term "$1"; outln_term; }
pr_magentaln() { pr_magenta "$1"; outln; }
pr_litecyan_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[0;36m$1" || out_term "$1"; pr_off; } # not yet used
-pr_litecyan() { pr_litecyan_term "$1"; out_html "$1"; }
+pr_litecyan() { pr_litecyan_term "$1"; out_html "$(html_reserved "$1")"; }
pr_litecyanln_term() { pr_litecyan_term "$1"; outln_term; }
pr_litecyanln() { pr_litecyan "$1"; outln; }
pr_cyan_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[1;36m$1" || out_term "$1"; pr_off; } # additional hint
-pr_cyan() { pr_cyan_term "$1"; out_html "$1"; }
+pr_cyan() { pr_cyan_term "$1"; out_html "$(html_reserved "$1")"; }
pr_cyanln_term() { pr_cyan_term "$1"; outln_term; }
pr_cyanln() { pr_cyan "$1"; outln; }
pr_litegreyln_term() { pr_litegrey_term "$1"; outln_term; } # not really usable on a black background, see ..
pr_litegreyln() { pr_litegrey "$1"; outln; }
pr_litegrey_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[0;37m$1" || out_term "$1"; pr_off; } # ... https://github.com/drwetter/testssl.sh/pull/600#issuecomment-276129876
-pr_litegrey() { pr_litegrey_term "$1"; out_html "$1"; }
+pr_litegrey() { pr_litegrey_term "$1"; out_html "$(html_reserved "$1")"; }
pr_grey_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[1;30m$1" || out_term "$1"; pr_off; }
-pr_grey() { pr_grey_term "$1"; out_html "$1"; }
+pr_grey() { pr_grey_term "$1"; out_html "$(html_reserved "$1")"; }
pr_greyln_term() { pr_grey_term "$1"; outln_term; }
pr_greyln() { pr_grey "$1"; outln; }
pr_done_good_term() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out_term "\033[0;34m$1" || out_term "\033[0;32m$1" ) || out_term "$1"; pr_off; } # litegreen (liteblue), This is good
-pr_done_good() { pr_done_good_term "$1"; "$COLORBLIND" && out_html "$1" || out_html "$1"; }
+pr_done_good() { pr_done_good_term "$1"; "$COLORBLIND" && out_html "$(html_reserved "$1")" || out_html "$(html_reserved "$1")"; }
pr_done_goodln_term() { pr_done_good_term "$1"; outln_term; }
pr_done_goodln() { pr_done_good "$1"; outln; }
pr_done_best_term() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out_term "\033[1;34m$1" || out_term "\033[1;32m$1" ) || out_term "$1"; pr_off; } # green (blue), This is the best
-pr_done_best() { pr_done_best_term "$1"; "$COLORBLIND" && out_html "$1" || out_html "$1"; }
+pr_done_best() { pr_done_best_term "$1"; "$COLORBLIND" && out_html "$(html_reserved "$1")" || out_html "$(html_reserved "$1")"; }
pr_done_bestln_term() { pr_done_best_term "$1"; outln_term; }
pr_done_bestln() { pr_done_best "$1"; outln; }
pr_svrty_low_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[1;33m$1" || out_term "$1"; pr_off; } # yellow brown | academic or minor problem
-pr_svrty_low() { pr_svrty_low_term "$1"; out_html "$1"; }
+pr_svrty_low() { pr_svrty_low_term "$1"; out_html "$(html_reserved "$1")"; }
pr_svrty_lowln_term() { pr_svrty_low_term "$1"; outln_term; }
pr_svrty_lowln() { pr_svrty_low "$1"; outln; }
pr_svrty_medium_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[0;33m$1" || out_term "$1"; pr_off; } # brown | it is not a bad problem but you shouldn't do this
-pr_svrty_medium() { pr_svrty_medium_term "$1"; out_html "$1"; }
+pr_svrty_medium() { pr_svrty_medium_term "$1"; out_html "$(html_reserved "$1")"; }
pr_svrty_mediumln_term() { pr_svrty_medium_term "$1"; outln_term; }
pr_svrty_mediumln() { pr_svrty_medium "$1"; outln; }
pr_svrty_high_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[0;31m$1" || pr_bold_term "$1"; pr_off; } # litered
-pr_svrty_high() { pr_svrty_high_term "$1"; out_html "$1"; }
+pr_svrty_high() { pr_svrty_high_term "$1"; out_html "$(html_reserved "$1")"; }
pr_svrty_highln_term() { pr_svrty_high_term "$1"; outln_term; }
pr_svrty_highln() { pr_svrty_high "$1"; outln; }
pr_svrty_critical_term() { [[ "$COLOR" -eq 2 ]] && out_term "\033[1;31m$1" || pr_bold_term "$1"; pr_off; } # red
-pr_svrty_critical() { pr_svrty_critical_term "$1"; out_html "$1"; }
+pr_svrty_critical() { pr_svrty_critical_term "$1"; out_html "$(html_reserved "$1")"; }
pr_svrty_criticalln_term() { pr_svrty_critical_term "$1"; outln_term; }
pr_svrty_criticalln(){ pr_svrty_critical "$1"; outln; }
pr_deemphasize_term() { out_term "$1"; } # hook for a weakened screen output, see #600
-pr_deemphasize() { pr_deemphasize_term "$1"; out_html "$1"; }
+pr_deemphasize() { pr_deemphasize_term "$1"; out_html "$(html_reserved "$1")"; }
pr_deemphasizeln_term() { pr_deemphasize_term "$1"; outln_term; }
pr_deemphasizeln() { pr_deemphasize "$1"; outln; }
# color=1 functions
pr_off() { [[ "$COLOR" -ne 0 ]] && out_term "\033[m"; }
pr_bold_term() { [[ "$COLOR" -ne 0 ]] && out_term "\033[1m$1" || out_term "$1"; pr_off; }
-pr_bold() { pr_bold_term "$1"; out_html "$1"; }
+pr_bold() { pr_bold_term "$1"; out_html "$(html_reserved "$1")"; }
pr_boldln_term() { pr_bold_term "$1"; outln_term; }
pr_boldln() { pr_bold "$1" ; outln; }
pr_italic_term() { [[ "$COLOR" -ne 0 ]] && out_term "\033[3m$1" || out_term "$1"; pr_off; }
-pr_italic() { pr_italic_term "$1"; out_html "$1"; }
+pr_italic() { pr_italic_term "$1"; out_html "$(html_reserved "$1")"; }
pr_italicln_term() { pr_italic_term "$1"; outln_term; }
pr_italicln() { pr_italic "$1" ; outln; }
pr_strikethru_term() { [[ "$COLOR" -ne 0 ]] && out "\033[9m$1" || out "$1"; pr_off; } # ugly!
-pr_strikethru() { pr_strikethru_term "$1"; out_html "$1"; }
+pr_strikethru() { pr_strikethru_term "$1"; out_html "$(html_reserved "$1")"; }
pr_strikethruln_term() { pr_strikethru_term "$1"; outln_term; }
pr_strikethruln() { pr_strikethru "$1" ; outln; }
pr_underline_term() { [[ "$COLOR" -ne 0 ]] && out_term "\033[4m$1" || out_term "$1"; pr_off; }
-pr_underline() { pr_underline_term "$1"; out_html "$1"; }
+pr_underline() { pr_underline_term "$1"; out_html "$(html_reserved "$1")"; }
pr_underlineln_term() { pr_underline_term "$1"; outln_term; }
pr_underlineln() { pr_underline "$1"; outln; }
pr_reverse_term() { [[ "$COLOR" -ne 0 ]] && out_term "\033[7m$1" || out_term "$1"; pr_off; }
-pr_reverse() { pr_reverse_term "$1"; out_html "$1"; }
+pr_reverse() { pr_reverse_term "$1"; out_html "$(html_reserved "$1")"; }
pr_reverse_bold_term() { [[ "$COLOR" -ne 0 ]] && out_term "\033[7m\033[1m$1" || out_term "$1"; pr_off; }
-pr_reverse_bold() { pr_reverse_bold_term "$1"; out_html "$1"; }
+pr_reverse_bold() { pr_reverse_bold_term "$1"; out_html "$(html_reserved "$1")"; }
#pr_headline() { pr_blue "$1"; }
#http://misc.flogisoft.com/bash/tip_colors_and_formatting
#pr_headline() { [[ "$COLOR" -eq 2 ]] && out "\033[1;30m\033[47m$1" || out "$1"; pr_off; }
pr_headline_term() { [[ "$COLOR" -ne 0 ]] && out_term "\033[1m\033[4m$1" || out_term "$1"; pr_off; }
-pr_headline() { pr_headline_term "$1"; out_html "$1"; }
+pr_headline() { pr_headline_term "$1"; out_html "$(html_reserved "$1")"; }
pr_headlineln_term() { pr_headline_term "$1"; outln_term; }
pr_headlineln() { pr_headline "$1" ; outln; }
@@ -963,21 +969,28 @@ fileout() { # ID, SEVERITY, FINDING, CVE, CWE, HINT
################### FILE FORMATING END #########################
html_header() {
- out_html "\n"
- out_html "\n"
- out_html "\n"
- out_html "\n"
- out_html "\n"
- out_html "testssl.sh\n"
- out_html "\n"
- out_html "\n"
- out_html "\n"
+ if "$HTMLHEADER"; then
+ rm -f "$HTMLFILE"
+ out_html "\n"
+ out_html "\n"
+ out_html "\n"
+ out_html "\n"
+ out_html "\n"
+ out_html "testssl.sh\n"
+ out_html "\n"
+ out_html "\n"
+ out_html "\n"
+ fi
+ return 0
}
html_footer() {
- out_html "\n"
- out_html "\n"
- out_html "\n"
+ if "$HTMLHEADER"; then
+ out_html "
\n"
+ out_html "\n"
+ out_html "\n"
+ fi
+ return 0
}
###### helper function definitions ######
@@ -11322,6 +11335,7 @@ cleanup () {
fi
outln
"$APPEND" || fileout_footer
+ html_footer
}
fatal() {
@@ -11386,7 +11400,7 @@ ignore_no_or_lame() {
[[ "$WARNINGS" == off ]] && return 0
[[ "$WARNINGS" == false ]] && return 0
[[ "$WARNINGS" == batch ]] && return 1
- pr_warning "$1 --> "
+ pr_warning_term "$1 --> "
read a
if [[ "$a" == "$(tolower "$2")" ]]; then
$ok_arg return 0
@@ -12002,7 +12016,7 @@ datebanner() {
# one line with char $1 over screen width $2
draw_line() {
- printf -- "$1"'%.s' $(eval "echo {1.."$(($2))"}")
+ out "$(printf -- "$1"'%.s' $(eval "echo {1.."$(($2))"}"))"
}
@@ -12092,7 +12106,7 @@ run_mass_testing() {
cmdline=$(filter_input "$cmdline")
[[ -z "$cmdline" ]] && continue
[[ "$cmdline" == "EOF" ]] && break
- cmdline="$0 $global_cmdline --warnings=batch -q --append $cmdline"
+ cmdline="$0 $global_cmdline --warnings=batch -q --no-html-header --append $cmdline"
draw_line "=" $((TERM_WIDTH / 2)); outln;
outln "$cmdline"
$cmdline
@@ -12516,7 +12530,9 @@ parse_cmd_line() {
exit -6
fi
do_html=true
- html_header
+ ;;
+ --no-html-header)
+ HTMLHEADER=false
;;
--append)
APPEND=true
@@ -12700,6 +12716,7 @@ lets_roll() {
initialize_globals
parse_cmd_line "$@"
+html_header
get_install_dir
set_color_functions
maketempf
@@ -12760,6 +12777,5 @@ else
fi
fi
fi
-html_footer
exit $?