Merge branch '2.9dev' into extract_certificates_function
This commit is contained in:
commit
c8178b03d9
|
@ -14,7 +14,7 @@ my (
|
||||||
);
|
);
|
||||||
# OK
|
# OK
|
||||||
pass("Running testssl.sh against badssl.com to create a baseline (may take 2~3 minutes)"); $tests++;
|
pass("Running testssl.sh against badssl.com to create a baseline (may take 2~3 minutes)"); $tests++;
|
||||||
my $okout = `./testssl.sh -S -e -U --jsonfile tmp.json --color 0 badssl.com`;
|
my $okout = `./testssl.sh -S -e --freak --logjam --drown --rc4 --sweet32 --breach --crime --jsonfile tmp.json --color 0 badssl.com`;
|
||||||
my $okjson = json('tmp.json');
|
my $okjson = json('tmp.json');
|
||||||
unlink 'tmp.json';
|
unlink 'tmp.json';
|
||||||
cmp_ok(@$okjson,'>',10,"We have more then 10 findings"); $tests++;
|
cmp_ok(@$okjson,'>',10,"We have more then 10 findings"); $tests++;
|
||||||
|
@ -22,14 +22,14 @@ cmp_ok(@$okjson,'>',10,"We have more then 10 findings"); $tests++;
|
||||||
# Expiration
|
# Expiration
|
||||||
pass("Running testssl against expired.badssl.com"); $tests++;
|
pass("Running testssl against expired.badssl.com"); $tests++;
|
||||||
$out = `./testssl.sh -S --jsonfile tmp.json --color 0 expired.badssl.com`;
|
$out = `./testssl.sh -S --jsonfile tmp.json --color 0 expired.badssl.com`;
|
||||||
like($out, qr/Certificate Expiration\s+expired\!/,"The certificate should be expired"); $tests++;
|
like($out, qr/Certificate Expiration\s+expired/,"The certificate should be expired"); $tests++;
|
||||||
$json = json('tmp.json');
|
$json = json('tmp.json');
|
||||||
unlink 'tmp.json';
|
unlink 'tmp.json';
|
||||||
$found = 0;
|
$found = 0;
|
||||||
foreach my $f ( @$json ) {
|
foreach my $f ( @$json ) {
|
||||||
if ( $f->{id} eq "expiration" ) {
|
if ( $f->{id} eq "cert_expiration_status" ) {
|
||||||
$found = 1;
|
$found = 1;
|
||||||
like($f->{finding},qr/^Certificate Expiration.*expired\!/,"Finding reads expired."); $tests++;
|
like($f->{finding},qr/^expired/,"Finding reads expired."); $tests++;
|
||||||
is($f->{severity}, "CRITICAL", "Severity should be CRITICAL"); $tests++;
|
is($f->{severity}, "CRITICAL", "Severity should be CRITICAL"); $tests++;
|
||||||
last;
|
last;
|
||||||
}
|
}
|
||||||
|
@ -44,9 +44,10 @@ $json = json('tmp.json');
|
||||||
unlink 'tmp.json';
|
unlink 'tmp.json';
|
||||||
$found = 0;
|
$found = 0;
|
||||||
foreach my $f ( @$json ) {
|
foreach my $f ( @$json ) {
|
||||||
if ( $f->{id} eq "expiration" ) {
|
if ( $f->{id} eq "cert_expiration_status" ) {
|
||||||
$found = 1;
|
$found = 1;
|
||||||
like($f->{finding},qr/^Certificate Expiration \: \d+/,"Finding doesn't read expired."); $tests++;
|
like($f->{finding},qr/days/,"Finding doesn't read expired."); $tests++;
|
||||||
|
# hope they don't come below 60days:
|
||||||
is($f->{severity}, "OK", "Severity should be ok"); $tests++;
|
is($f->{severity}, "OK", "Severity should be ok"); $tests++;
|
||||||
last;
|
last;
|
||||||
}
|
}
|
||||||
|
@ -56,9 +57,9 @@ is($found,1,"We had a finding for this in the JSON output"); $tests++;
|
||||||
like($out, qr/Chain of trust.*?NOT ok.*\(self signed\)/,"Chain of trust should fail because of self signed"); $tests++;
|
like($out, qr/Chain of trust.*?NOT ok.*\(self signed\)/,"Chain of trust should fail because of self signed"); $tests++;
|
||||||
$found = 0;
|
$found = 0;
|
||||||
foreach my $f ( @$json ) {
|
foreach my $f ( @$json ) {
|
||||||
if ( $f->{id} eq "chain_of_trust" ) {
|
if ( $f->{id} eq "cert_chain_of_trust" ) {
|
||||||
$found = 1;
|
$found = 1;
|
||||||
like($f->{finding},qr/^All certificate trust checks failed/,"Finding says certificate cannot be trusted."); $tests++;
|
like($f->{finding},qr/^.*self signed/,"Finding says certificate cannot be trusted."); $tests++;
|
||||||
is($f->{severity}, "CRITICAL", "Severity should be CRITICAL"); $tests++;
|
is($f->{severity}, "CRITICAL", "Severity should be CRITICAL"); $tests++;
|
||||||
last;
|
last;
|
||||||
}
|
}
|
||||||
|
@ -68,9 +69,10 @@ is($found,1,"We had a finding for this in the JSON output"); $tests++;
|
||||||
like($okout, qr/Chain of trust[^\n]*?Ok/,"Chain of trust should be ok"); $tests++;
|
like($okout, qr/Chain of trust[^\n]*?Ok/,"Chain of trust should be ok"); $tests++;
|
||||||
$found = 0;
|
$found = 0;
|
||||||
foreach my $f ( @$okjson ) {
|
foreach my $f ( @$okjson ) {
|
||||||
if ( $f->{id} eq "chain_of_trust" ) {
|
if ( $f->{id} eq "cert_chain_of_trust" ) {
|
||||||
$found = 1;
|
$found = 1;
|
||||||
is($f->{finding},"All certificate trust checks passed.","Finding says certificate can be trusted."); $tests++;
|
like($f->{finding},qr/passed/,"Finding says certificate can be trusted."); $tests++;
|
||||||
|
# is($f->{finding},"^.*passed.*","Finding says certificate can be trusted."); $tests++;
|
||||||
is($f->{severity}, "OK", "Severity should be OK"); $tests++;
|
is($f->{severity}, "OK", "Severity should be OK"); $tests++;
|
||||||
last;
|
last;
|
||||||
}
|
}
|
||||||
|
@ -102,9 +104,9 @@ $json = json('tmp.json');
|
||||||
unlink 'tmp.json';
|
unlink 'tmp.json';
|
||||||
$found = 0;
|
$found = 0;
|
||||||
foreach my $f ( @$json ) {
|
foreach my $f ( @$json ) {
|
||||||
if ( $f->{id} eq "chain_of_trust" ) {
|
if ( $f->{id} eq "cert_chain_of_trust" ) {
|
||||||
$found = 1;
|
$found = 1;
|
||||||
like($f->{finding},qr/^All certificate trust checks failed.*incomplete/,"Finding says certificate cannot be trusted."); $tests++;
|
like($f->{finding},qr/^.*chain incomplete/,"Finding says certificate cannot be trusted."); $tests++;
|
||||||
is($f->{severity}, "CRITICAL", "Severity should be CRITICAL"); $tests++;
|
is($f->{severity}, "CRITICAL", "Severity should be CRITICAL"); $tests++;
|
||||||
last;
|
last;
|
||||||
}
|
}
|
||||||
|
@ -121,7 +123,7 @@ is($found,1,"We had a finding for this in the JSON output"); $tests++;
|
||||||
#unlink 'tmp.json';
|
#unlink 'tmp.json';
|
||||||
#$found = 0;
|
#$found = 0;
|
||||||
#foreach my $f ( @$json ) {
|
#foreach my $f ( @$json ) {
|
||||||
# if ( $f->{id} eq "chain_of_trust" ) {
|
# if ( $f->{id} eq "cert_chain_of_trust" ) {
|
||||||
# $found = 1;
|
# $found = 1;
|
||||||
# like($f->{finding},qr/^All certificate trust checks failed.*incomplete/,"Finding says certificate cannot be trusted."); $tests++;
|
# like($f->{finding},qr/^All certificate trust checks failed.*incomplete/,"Finding says certificate cannot be trusted."); $tests++;
|
||||||
# is($f->{severity}, "CRITICAL", "Severity should be CRITICAL"); $tests++;
|
# is($f->{severity}, "CRITICAL", "Severity should be CRITICAL"); $tests++;
|
||||||
|
|
995
testssl.sh
995
testssl.sh
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue