Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-08 09:40:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

In addition to #701 add quotes for correcting cmdline parsing -- especially for supplied filenames/arguments

Browse Source 
(HTML,CSV,JOSN,PROXY).

Also strip off leading http:// | https://  for --proxy
This commit is contained in:
Dirk 2017-04-07 09:49:44 +02:00
parent dc629202bb
commit c75a2cd838
1 changed files with 43 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
testssl.sh
View File

@ -174,10 +174,10 @@ DEBUG=${DEBUG:-0} # 1: normal putput the files in /tmp/ ar
# 6: whole 9 yards # 6: whole 9 yards
FAST=${FAST:-false} # preference: show only first cipher, run_allciphers with openssl instead of sockets FAST=${FAST:-false} # preference: show only first cipher, run_allciphers with openssl instead of sockets
WIDE=${WIDE:-false} # whether to display for some options just ciphers or a table w hexcode/KX,Enc,strength etc. WIDE=${WIDE:-false} # whether to display for some options just ciphers or a table w hexcode/KX,Enc,strength etc.
LOGFILE=${LOGFILE:-""} # logfile if used LOGFILE="${LOGFILE:-""}" # logfile if used
JSONFILE=${JSONFILE:-""} # jsonfile if used JSONFILE="${JSONFILE:-""}" # jsonfile if used
CSVFILE=${CSVFILE:-""} # csvfile if used CSVFILE="${CSVFILE:-""}" # csvfile if used
HTMLFILE=${HTMLFILE:-""} # HTML if used HTMLFILE="${HTMLFILE:-""}" # HTML if used
FIRST_FINDING=true # Is this the first finding we are outputting to file? FIRST_FINDING=true # Is this the first finding we are outputting to file?
JSONHEADER=true # include JSON headers and footers in HTML file, if one is being created JSONHEADER=true # include JSON headers and footers in HTML file, if one is being created
CSVHEADER=true # same for CSV CSVHEADER=true # same for CSV
@ -793,9 +793,9 @@ json_header() {
fname_prefix="${NODE}"_p"${PORT}" fname_prefix="${NODE}"_p"${PORT}"
fi fi
if [[ -z "$JSONFILE" ]]; then if [[ -z "$JSONFILE" ]]; then
JSONFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".json) JSONFILE="$fname_prefix-$(date +"%Y%m%d-%H%M".json)"
elif [[ -d "$JSONFILE" ]]; then elif [[ -d "$JSONFILE" ]]; then
JSONFILE=$JSONFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".json) JSONFILE="$JSONFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".json)"
fi fi
if "$APPEND"; then if "$APPEND"; then
JSONHEADER=false JSONHEADER=false
@ -833,9 +833,9 @@ csv_header() {
fi fi
if [[ -z "$CSVFILE" ]]; then if [[ -z "$CSVFILE" ]]; then
CSVFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".csv) CSVFILE="$fname_prefix-$(date +"%Y%m%d-%H%M".csv)"
elif [[ -d "$CSVFILE" ]]; then elif [[ -d "$CSVFILE" ]]; then
CSVFILE=$CSVFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".csv) CSVFILE="$CSVFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".csv)"
fi fi
if "$APPEND"; then if "$APPEND"; then
CSVHEADER=false CSVHEADER=false
@ -876,9 +876,9 @@ html_header() {
fi fi
if [[ -z "$HTMLFILE" ]]; then if [[ -z "$HTMLFILE" ]]; then
HTMLFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".html) HTMLFILE="$fname_prefix-$(date +"%Y%m%d-%H%M".html)"
elif [[ -d "$HTMLFILE" ]]; then elif [[ -d "$HTMLFILE" ]]; then
HTMLFILE=$HTMLFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".html) HTMLFILE="$HTMLFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".html)"
fi fi
if "$APPEND"; then if "$APPEND"; then
HTMLHEADER=false HTMLHEADER=false
@ -11017,10 +11017,10 @@ prepare_logging() {
[[ -z "$fname_prefix" ]] && fname_prefix="${NODE}"_p"${PORT}" [[ -z "$fname_prefix" ]] && fname_prefix="${NODE}"_p"${PORT}"
if [[ -z "$LOGFILE" ]]; then if [[ -z "$LOGFILE" ]]; then
LOGFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".log) LOGFILE="$fname_prefix-$(date +"%Y%m%d-%H%M".log)"
elif [[ -d "$LOGFILE" ]]; then elif [[ -d "$LOGFILE" ]]; then
# actually we were instructed to place all files in a DIR instead of the current working dir # actually we were instructed to place all files in a DIR instead of the current working dir
LOGFILE=$LOGFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".log) LOGFILE="$LOGFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".log)"
else else
: # just for clarity: a log file was specified, no need to do anything else : # just for clarity: a log file was specified, no need to do anything else
fi fi
@ -11356,13 +11356,16 @@ check_proxy() {
fatal "Your $OPENSSL is too old to support the \"-proxy\" option" -5 fatal "Your $OPENSSL is too old to support the \"-proxy\" option" -5
fi fi
if [[ "$PROXY" == "auto" ]]; then if [[ "$PROXY" == "auto" ]]; then
# get $ENV # get $ENV (https_proxy is the one we care about)
PROXY=${https_proxy#*\/\/} PROXY="${https_proxy#*\/\/}"
[[ -z "$PROXY" ]] && PROXY=${http_proxy#*\/\/} [[ -z "$PROXY" ]] && PROXY="${http_proxy#*\/\/}"
[[ -z "$PROXY" ]] && fatal "you specified \"--proxy=auto\" but \"\$http(s)_proxy\" is empty" 2 [[ -z "$PROXY" ]] && fatal "you specified \"--proxy=auto\" but \"\$http(s)_proxy\" is empty" 2
fi fi
PROXYNODE=${PROXY%:*} # strip off http/https part if supplied:
PROXYPORT=${PROXY#*:} PROXY="${PROXY/http\:\/\//}"
PROXY="${PROXY/https\:\/\//}"
PROXYNODE="${PROXY%:*}"
PROXYPORT="${PROXY#*:}"
is_number "$PROXYPORT" || fatal "Proxy port cannot be determined from \"$PROXY\"" 2 is_number "$PROXYPORT" || fatal "Proxy port cannot be determined from \"$PROXY\"" 2
#if is_ipv4addr "$PROXYNODE" || is_ipv6addr "$PROXYNODE" ; then #if is_ipv4addr "$PROXYNODE" || is_ipv6addr "$PROXYNODE" ; then
@ -11371,7 +11374,7 @@ check_proxy() {
if is_ipv4addr "$PROXYNODE"; then if is_ipv4addr "$PROXYNODE"; then
PROXYIP="$PROXYNODE" PROXYIP="$PROXYNODE"
else else
PROXYIP=$(get_a_record "$PROXYNODE" 2>/dev/null | grep -v alias | sed 's/^.*address //') PROXYIP="$(get_a_record "$PROXYNODE" 2>/dev/null | grep -v alias | sed 's/^.*address //')"
[[ -z "$PROXYIP" ]] && fatal "Proxy IP cannot be determined from \"$PROXYNODE\"" "2" [[ -z "$PROXYIP" ]] && fatal "Proxy IP cannot be determined from \"$PROXYNODE\"" "2"
fi fi
PROXY="-proxy $PROXYIP:$PROXYPORT" PROXY="-proxy $PROXYIP:$PROXYPORT"
@ -11547,7 +11550,6 @@ display_rdns_etc() {
local ip further_ip_addrs="" local ip further_ip_addrs=""
local nodeip="$(tr -d '[]' <<< $NODEIP)" # for displaying IPv6 addresses we don't need [] local nodeip="$(tr -d '[]' <<< $NODEIP)" # for displaying IPv6 addresses we don't need []
if [[ -n "$PROXY" ]]; then if [[ -n "$PROXY" ]]; then
out " Via Proxy: $CORRECT_SPACES" out " Via Proxy: $CORRECT_SPACES"
outln "$PROXYIP:$PROXYPORT " outln "$PROXYIP:$PROXYPORT "
@ -11649,7 +11651,7 @@ run_mass_testing() {
pr_reverse "====== Running in file batch mode with file=\"$FNAME\" ======"; outln "\n" pr_reverse "====== Running in file batch mode with file=\"$FNAME\" ======"; outln "\n"
while read cmdline; do while read cmdline; do
cmdline=$(filter_input "$cmdline") cmdline="$(filter_input "$cmdline")"
[[ -z "$cmdline" ]] && continue [[ -z "$cmdline" ]] && continue
[[ "$cmdline" == "EOF" ]] && break [[ "$cmdline" == "EOF" ]] && break
cmdline="$0 $global_cmdline --warnings=batch $cmdline" cmdline="$0 $global_cmdline --warnings=batch $cmdline"
@ -11674,7 +11676,7 @@ modify_global_cmd_line() {
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case "$1" in case "$1" in
--jsonfile|--jsonfile=*) --jsonfile|--jsonfile=*)
filename=$(parse_opt_equal_sign "$1" "$2") filename="$(parse_opt_equal_sign "$1" "$2")"
ret=$? ret=$?
# If <jsonfile> is a file, then have provide a different # If <jsonfile> is a file, then have provide a different
# file name to each child process. If <jsonfile> is a # file name to each child process. If <jsonfile> is a
@ -11700,7 +11702,7 @@ modify_global_cmd_line() {
[[ $ret -eq 0 ]] && shift [[ $ret -eq 0 ]] && shift
;; ;;
--csvfile|--csvfile=*) --csvfile|--csvfile=*)
filename=$(parse_opt_equal_sign "$1" "$2") filename="$(parse_opt_equal_sign "$1" "$2")"
ret=$? ret=$?
# Same as for --jsonfile # Same as for --jsonfile
if "$CSVHEADER"; then if "$CSVHEADER"; then
@ -11712,7 +11714,7 @@ modify_global_cmd_line() {
[[ $ret -eq 0 ]] && shift [[ $ret -eq 0 ]] && shift
;; ;;
--htmlfile|--htmlfile=*) --htmlfile|--htmlfile=*)
filename=$(parse_opt_equal_sign "$1" "$2") filename="$(parse_opt_equal_sign "$1" "$2")"
ret=$? ret=$?
# Same as for --jsonfile # Same as for --jsonfile
if "$HTMLHEADER"; then if "$HTMLHEADER"; then
@ -11760,7 +11762,7 @@ run_mass_testing_parallel() {
pr_reverse "====== Running in parallel file batch mode with file=\"$FNAME\" ======"; outln "\n" pr_reverse "====== Running in parallel file batch mode with file=\"$FNAME\" ======"; outln "\n"
while read cmdline; do while read cmdline; do
cmdline=$(filter_input "$cmdline") cmdline="$(filter_input "$cmdline")"
[[ -z "$cmdline" ]] && continue [[ -z "$cmdline" ]] && continue
[[ "$cmdline" == "EOF" ]] && break [[ "$cmdline" == "EOF" ]] && break
cmdline="$0 $global_cmdline --warnings=batch $cmdline" cmdline="$0 $global_cmdline --warnings=batch $cmdline"
@ -11953,7 +11955,7 @@ parse_cmd_line() {
PORT=587 PORT=587
;; ;;
--ip|--ip=*) --ip|--ip=*)
CMDLINE_IP=$(parse_opt_equal_sign "$1" "$2") CMDLINE_IP="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
;; ;;
-n|--nodns) -n|--nodns)
@ -11976,7 +11978,7 @@ parse_cmd_line() {
;; ;;
-t|-t=*|--starttls|--starttls=*) -t|-t=*|--starttls|--starttls=*)
do_starttls=true do_starttls=true
STARTTLS_PROTOCOL=$(parse_opt_equal_sign "$1" "$2") STARTTLS_PROTOCOL="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
case $STARTTLS_PROTOCOL in case $STARTTLS_PROTOCOL in
ftp|smtp|pop3|imap|xmpp|telnet|ldap|nntp|postgres) ;; ftp|smtp|pop3|imap|xmpp|telnet|ldap|nntp|postgres) ;;
@ -12129,7 +12131,7 @@ parse_cmd_line() {
;; ;;
--file|--file=*) --file|--file=*)
# no shift here as otherwise URI is empty and it bails out # no shift here as otherwise URI is empty and it bails out
FNAME=$(parse_opt_equal_sign "$1" "$2") FNAME="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
IKNOW_FNAME=true IKNOW_FNAME=true
WARNINGS=batch # set this implicitly! WARNINGS=batch # set this implicitly!
@ -12163,7 +12165,7 @@ parse_cmd_line() {
esac esac
;; ;;
--color|--color=*) --color|--color=*)
COLOR=$(parse_opt_equal_sign "$1" "$2") COLOR="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
case $COLOR in case $COLOR in
[0-2]) ;; [0-2]) ;;
@ -12180,7 +12182,7 @@ parse_cmd_line() {
;; # DEFINITION of LOGFILE if no arg specified: automagically in parse_hn_port() ;; # DEFINITION of LOGFILE if no arg specified: automagically in parse_hn_port()
# following does the same but we can specify a log location additionally # following does the same but we can specify a log location additionally
--logfile|--logfile=*) --logfile|--logfile=*)
LOGFILE=$(parse_opt_equal_sign "$1" "$2") LOGFILE="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
do_logging=true do_logging=true
;; ;;
@ -12189,7 +12191,7 @@ parse_cmd_line() {
;; # DEFINITION of JSONFILE is not arg specified: automagically in parse_hn_port() ;; # DEFINITION of JSONFILE is not arg specified: automagically in parse_hn_port()
# following does the same but we can specify a log location additionally # following does the same but we can specify a log location additionally
--jsonfile|--jsonfile=*) --jsonfile|--jsonfile=*)
JSONFILE=$(parse_opt_equal_sign "$1" "$2") JSONFILE="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
do_json=true do_json=true
;; ;;
@ -12197,7 +12199,7 @@ parse_cmd_line() {
do_pretty_json=true do_pretty_json=true
;; ;;
--jsonfile-pretty|--jsonfile-pretty=*) --jsonfile-pretty|--jsonfile-pretty=*)
JSONFILE=$(parse_opt_equal_sign "$1" "$2") JSONFILE="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
do_pretty_json=true do_pretty_json=true
;; ;;
@ -12213,7 +12215,7 @@ parse_cmd_line() {
;; # DEFINITION of CSVFILE is not arg specified: automagically in parse_hn_port() ;; # DEFINITION of CSVFILE is not arg specified: automagically in parse_hn_port()
# following does the same but we can specify a log location additionally # following does the same but we can specify a log location additionally
--csvfile|--csvfile=*) --csvfile|--csvfile=*)
CSVFILE=$(parse_opt_equal_sign "$1" "$2") CSVFILE="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
do_csv=true do_csv=true
;; ;;
@ -12222,7 +12224,7 @@ parse_cmd_line() {
;; # DEFINITION of HTMLFILE is not arg specified: automagically in parse_hn_port() ;; # DEFINITION of HTMLFILE is not arg specified: automagically in parse_hn_port()
# following does the same but we can specify a file location additionally # following does the same but we can specify a file location additionally
--htmlfile|--htmlfile=*) --htmlfile|--htmlfile=*)
HTMLFILE=$(parse_opt_equal_sign "$1" "$2") HTMLFILE="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
do_html=true do_html=true
;; ;;
@ -12230,16 +12232,16 @@ parse_cmd_line() {
APPEND=true APPEND=true
;; ;;
--openssl|--openssl=*) --openssl|--openssl=*)
OPENSSL=$(parse_opt_equal_sign "$1" "$2") OPENSSL="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
;; ;;
--openssl-timeout|--openssl-timeout=*) --openssl-timeout|--openssl-timeout=*)
OPENSSL_TIMEOUT=$(parse_opt_equal_sign "$1" "$2") OPENSSL_TIMEOUT="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
;; ;;
--mapping|--mapping=*) --mapping|--mapping=*)
local cipher_mapping local cipher_mapping
cipher_mapping=$(parse_opt_equal_sign "$1" "$2") cipher_mapping="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
case "$cipher_mapping" in case "$cipher_mapping" in
no-openssl) DISPLAY_CIPHERNAMES="rfc-only" ;; no-openssl) DISPLAY_CIPHERNAMES="rfc-only" ;;
@ -12251,7 +12253,7 @@ parse_cmd_line() {
esac esac
;; ;;
--proxy|--proxy=*) --proxy|--proxy=*)
PROXY=$(parse_opt_equal_sign "$1" "$2") PROXY="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
;; ;;
-6) # doesn't work automagically. My versions have -DOPENSSL_USE_IPV6, CentOS/RHEL/FC do not -6) # doesn't work automagically. My versions have -DOPENSSL_USE_IPV6, CentOS/RHEL/FC do not