Fix line feeds in vulnerabilty output when running in wide mode

This commit is a FIX for #1069, thus when running in
wide mode it corrects an additional line feed which
happened sometimes.

As @dcooper16 pointed out it also cleans up the needless
if-statements in run_rc4(), run_lucky13() and run_beast().

It also inserts for wide mode lines a blank so the alignment
is not at the left border anymore (check for leftovers
needed).
This commit is contained in:
Dirk 2018-06-13 13:25:02 +02:00
parent 1be25f9cf7
commit b6cc01a558

View File

@ -13697,8 +13697,6 @@ run_beast(){
if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
outln outln
pr_headlineln " Testing for BEAST vulnerability " pr_headlineln " Testing for BEAST vulnerability "
fi
if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
outln outln
fi fi
pr_bold " BEAST"; out " ($cve) " pr_bold " BEAST"; out " ($cve) "
@ -13928,10 +13926,11 @@ run_beast(){
if "$vuln_beast"; then if "$vuln_beast"; then
if [[ -n "$higher_proto_supported" ]]; then if [[ -n "$higher_proto_supported" ]]; then
if "$WIDE"; then if "$WIDE"; then
outln outln; out " "
# NOT ok seems too harsh for me if we have TLS >1.0 # NOT ok seems too harsh for me if we have TLS >1.0
pr_svrty_low "VULNERABLE" pr_svrty_low "VULNERABLE"
outln " -- but also supports higher protocols (possible mitigation) $higher_proto_supported" outln " -- but also supports higher protocols (possible mitigation) $higher_proto_supported"
outln
else else
out "$spaces" out "$spaces"
pr_svrty_low "VULNERABLE" pr_svrty_low "VULNERABLE"
@ -13972,8 +13971,9 @@ run_lucky13() {
local hint="" local hint=""
local jsonID="LUCKY13" local jsonID="LUCKY13"
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for LUCKY13 vulnerability " && outln if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
if [[ $VULN_COUNT -le $VULN_THRESHLD ]] || "$WIDE"; then outln
pr_headlineln " Testing for LUCKY13 vulnerability "
outln outln
fi fi
pr_bold " LUCKY13"; out " ($cve), experimental " pr_bold " LUCKY13"; out " ($cve), experimental "
@ -14048,8 +14048,6 @@ run_rc4() {
if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
outln outln
pr_headlineln " Checking for vulnerable RC4 Ciphers " pr_headlineln " Checking for vulnerable RC4 Ciphers "
fi
if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
outln outln
fi fi
pr_bold " RC4"; out " (${cve// /, }) " pr_bold " RC4"; out " (${cve// /, }) "
@ -14255,7 +14253,7 @@ run_rc4() {
done done
! "$WIDE" && pr_svrty_high "$(out_row_aligned_max_width "$rc4_detected" " " $TERM_WIDTH)" ! "$WIDE" && pr_svrty_high "$(out_row_aligned_max_width "$rc4_detected" " " $TERM_WIDTH)"
outln outln
"$WIDE" && pr_svrty_high "VULNERABLE (NOT ok)" "$WIDE" && out " " && prln_svrty_high "VULNERABLE (NOT ok)"
fileout "$jsonID" "HIGH" "VULNERABLE, Detected ciphers: $rc4_detected" "$cve" "$cwe" "$hint" fileout "$jsonID" "HIGH" "VULNERABLE, Detected ciphers: $rc4_detected" "$cve" "$cwe" "$hint"
elif [[ $nr_ciphers -eq 0 ]]; then elif [[ $nr_ciphers -eq 0 ]]; then
prln_local_problem "No RC4 Ciphers configured in $OPENSSL" prln_local_problem "No RC4 Ciphers configured in $OPENSSL"