From b6cc01a558aa6add1be92e6aa2e6a88167dd1c0f Mon Sep 17 00:00:00 2001 From: Dirk Date: Wed, 13 Jun 2018 13:25:02 +0200 Subject: [PATCH] Fix line feeds in vulnerabilty output when running in wide mode This commit is a FIX for #1069, thus when running in wide mode it corrects an additional line feed which happened sometimes. As @dcooper16 pointed out it also cleans up the needless if-statements in run_rc4(), run_lucky13() and run_beast(). It also inserts for wide mode lines a blank so the alignment is not at the left border anymore (check for leftovers needed). --- testssl.sh | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/testssl.sh b/testssl.sh index 32ec3aa..fa862f1 100755 --- a/testssl.sh +++ b/testssl.sh @@ -13697,8 +13697,6 @@ run_beast(){ if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then outln pr_headlineln " Testing for BEAST vulnerability " - fi - if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then outln fi pr_bold " BEAST"; out " ($cve) " @@ -13928,10 +13926,11 @@ run_beast(){ if "$vuln_beast"; then if [[ -n "$higher_proto_supported" ]]; then if "$WIDE"; then - outln + outln; out " " # NOT ok seems too harsh for me if we have TLS >1.0 pr_svrty_low "VULNERABLE" outln " -- but also supports higher protocols (possible mitigation) $higher_proto_supported" + outln else out "$spaces" pr_svrty_low "VULNERABLE" @@ -13972,8 +13971,9 @@ run_lucky13() { local hint="" local jsonID="LUCKY13" - [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for LUCKY13 vulnerability " && outln - if [[ $VULN_COUNT -le $VULN_THRESHLD ]] || "$WIDE"; then + if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then + outln + pr_headlineln " Testing for LUCKY13 vulnerability " outln fi pr_bold " LUCKY13"; out " ($cve), experimental " @@ -14048,8 +14048,6 @@ run_rc4() { if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then outln pr_headlineln " Checking for vulnerable RC4 Ciphers " - fi - if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then outln fi pr_bold " RC4"; out " (${cve// /, }) " @@ -14255,7 +14253,7 @@ run_rc4() { done ! "$WIDE" && pr_svrty_high "$(out_row_aligned_max_width "$rc4_detected" " " $TERM_WIDTH)" outln - "$WIDE" && pr_svrty_high "VULNERABLE (NOT ok)" + "$WIDE" && out " " && prln_svrty_high "VULNERABLE (NOT ok)" fileout "$jsonID" "HIGH" "VULNERABLE, Detected ciphers: $rc4_detected" "$cve" "$cwe" "$hint" elif [[ $nr_ciphers -eq 0 ]]; then prln_local_problem "No RC4 Ciphers configured in $OPENSSL"