Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 22:05:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revised risk for BREACH --> medium

Browse Source
This commit is contained in:
Dirk
2020-07-10 19:52:47 +02:00
parent b941d7db4a
commit cec5726f30
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
testssl.sh
View File

@@ -16102,7 +16102,7 @@ run_breach() {
ret=1 ret=1
;; ;;
no_compression) no_compression)
pr_svrty_best "no gzip/deflate/compress/br HTTP compression (OK) " pr_svrty_good "no gzip/deflate/compress/br HTTP compression (OK) "
outln "$disclaimer" outln "$disclaimer"
fileout "$jsonID" "OK" "not vulnerable, no gzip/deflate/compress/br HTTP compression $disclaimer" "$cve" "$cwe" fileout "$jsonID" "OK" "not vulnerable, no gzip/deflate/compress/br HTTP compression $disclaimer" "$cve" "$cwe"
ret=0 ret=0
@@ -16150,10 +16150,10 @@ run_breach() {
fi fi
done done
detected_compression="$(strip_trailing_space "$detected_compression")" detected_compression="$(strip_trailing_space "$detected_compression")"
pr_svrty_high "potentially NOT ok, \"$detected_compression\" HTTP compression detected." pr_svrty_medium "potentially NOT ok, \"$detected_compression\" HTTP compression detected."
outln "$disclaimer" outln "$disclaimer"
outln "${spaces}${when_makesense}" outln "${spaces}${when_makesense}"
fileout "$jsonID" "HIGH" "potentially VULNERABLE, $detected_compression HTTP compression detected $disclaimer" "$cve" "$cwe" "$hint" fileout "$jsonID" "MEDIUM" "potentially VULNERABLE, $detected_compression HTTP compression detected $disclaimer" "$cve" "$cwe" "$hint"
fi fi
debugme outln "${spaces}has_compression: ${has_compression[@]}" debugme outln "${spaces}has_compression: ${has_compression[@]}"
;; ;;