From af8b0855b6b81bdd3a5929f33d9738f62353e113 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Wed, 13 Jun 2018 13:41:33 +0200
Subject: [PATCH] Fix line feeds in vulnerabilty output when running in wide
 mode (backport)

Backport of b6cc01a558aa6add1be92e6aa2e6a88167dd1c0f:

-----

This commit is a FIX for #1069, thus when running in
wide mode it corrects an additional line feed which
happened sometimes.

As @dcooper16 pointed out it also cleans up the needless
if-statements in run_rc4(), run_lucky13() and run_beast().

It also inserts for wide mode lines a blank so the alignment
is not at the left border anymore (check for leftovers
needed).
---
 testssl.sh | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 15d8cad..a4b0f94 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -10693,8 +10693,6 @@ run_beast(){
      if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
           outln
           pr_headlineln " Testing for BEAST vulnerability "
-     fi
-     if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
           outln
      fi
      pr_bold " BEAST"; out " ($cve)                     "
@@ -10907,10 +10905,11 @@ run_beast(){
      if "$vuln_beast"; then
           if [[ -n "$higher_proto_supported" ]]; then
                if "$WIDE"; then
-                    outln
+                    outln; out " "
                     # NOT ok seems too harsh for me if we have TLS >1.0
                     pr_svrty_low "VULNERABLE"
                     outln " -- but also supports higher protocols (possible mitigation):$higher_proto_supported"
+                    outln
                else
                     out "$spaces"
                     pr_svrty_low "VULNERABLE"
@@ -10950,8 +10949,9 @@ run_lucky13() {
      local cwe="CWE-310"
      local hint=""
 
-     [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for LUCKY13 vulnerability " && outln
-     if [[ $VULN_COUNT -le $VULN_THRESHLD ]] || "$WIDE"; then
+     if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
+          outln
+          pr_headlineln " Testing for LUCKY13 vulnerability "
           outln
      fi
      pr_bold " LUCKY13"; out " ($cve), experimental     "
@@ -11023,8 +11023,6 @@ run_rc4() {
      if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
           outln
           pr_headlineln " Checking for vulnerable RC4 Ciphers "
-     fi
-     if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
           outln
      fi
      pr_bold " RC4"; out " ($cve)        "
@@ -11231,7 +11229,7 @@ run_rc4() {
           done
           ! "$WIDE" && pr_svrty_high "$(out_row_aligned_max_width "$rc4_detected" "                                                                " $TERM_WIDTH)"
           outln
-          "$WIDE" && pr_svrty_high "VULNERABLE (NOT ok)"
+          "$WIDE" && out " " && prln_svrty_high "VULNERABLE (NOT ok)"
           fileout "rc4" "HIGH" "RC4: VULNERABLE, Detected ciphers: $rc4_detected" "$cve" "$cwe" "$hint"
      elif [[ $nr_ciphers -eq 0 ]]; then
           prln_local_problem "No RC4 Ciphers configured in $OPENSSL"