Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-30 20:31:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix typo + tags

Browse Source
This commit is contained in:
Dirk 2025-01-22 20:05:19 +01:00
parent 12036fb6c8
commit ad912ea332
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
testssl.sh
View File

@ -3127,7 +3127,7 @@ emphasize_stuff_in_headers(){
-e "s/X-Powered-By/${yellow}X-Powered-By${off}/g" \
-e "s/X-UA-Compatible/${yellow}X-UA-Compatible${off}/g" \
-e "s/Link/${yellow}Link${off}/g" \
-e "s/X-DNS-Prefetch-Control/${html_yellow}X-DNS-Prefetch-Control${html_off}/g" \
-e "s/X-DNS-Prefetch-Control/${yellow}X-DNS-Prefetch-Control${off}/g" \
-e "s/X-Rack-Cache/${yellow}X-Rack-Cache${off}/g" \
-e "s/X-Runtime/${yellow}X-Runtime${off}/g" \
-e "s/X-Pingback/${yellow}X-Pingback${off}/g" \
@ -3183,14 +3183,13 @@ emphasize_stuff_in_headers(){
-e "s/X-Pingback/${html_yellow}X-Pingback${html_off}/g" \
-e "s/X-Permitted-Cross-Domain-Policies/${html_yellow}X-Permitted-Cross-Domain-Policies${html_off}/g" \
-e "s/X-AspNet-Version/${html_yellow}X-AspNet-Version${html_off}/g" \
-e "s/X-AspNetMvc-Version/${yellow}X-AspNetMvc-Version${off}/g" \
-e "s/X-AspNetMvc-Version/${html_yellow}X-AspNetMvc-Version${html_off}/g" \
-e "s/x-note/${html_yellow}x-note${html_off}/g" \
-e "s/X-Global-Transaction-ID/${html_yellow}X-Global-Transaction-ID${html_off}/g" \
-e "s/x-global-transaction-id/${html_yellow}x-global-transaction-id${html_off}/g" \
-e "s/Alt-Svc/${html_yellow}Alt-Svc${html_off}/g" \
-e "s/system-wsgw-management-loopback/${html_yellow}system-wsgw-management-loopback${html_off}/g"
#FIXME: this is double code. The pattern to emphasize would fit better into
# one function.
#FIXME: this is double code. The pattern to emphasize would fit better into one function.
# Also we need another function like run_other_header as otherwise "Link" "Alt-Svc" will never be found.
# And: I matches case sensitive only which might not detect all banners. (sed ignorecase is not possible w/ BSD sed)
else
@ -3439,7 +3438,7 @@ run_security_headers() {
pr_bold " Security headers "
# X-XSS-Protection is useless and at worst harmful, see https://news.ycombinator.com/item?id=20472947
# Expect-CT is depecated, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
# Expect-CT is deprecated, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
for header_and_svrty in "X-Frame-Options OK" \
"X-Content-Type-Options OK" \
"Content-Security-Policy OK" \