Merge branch '2.9dev' into openssl_location

This commit is contained in:
David Cooper 2017-04-05 12:41:50 -04:00
commit dabe72542f

View File

@ -1142,12 +1142,12 @@ html_footer() {
###### START helper function definitions ###### ###### START helper function definitions ######
if [[ $(uname) == "Linux" ]] ; then toupper() { echo -n "${1^^}" ; }
toupper() { echo -n "${1^^}" ; } tolower() { echo -n "${1,,}" ; }
tolower() { echo -n "${1,,}" ; } if ! toupper aaa 2>/dev/null; then
else # Older bash can't do this (MacOS X), even SLES 11, see #697
toupper() { tr 'a-z' 'A-Z' <<< "$1"; } toupper() { tr 'a-z' 'A-Z' <<< "$1"; }
tolower() { tr 'A-Z' 'a-z' <<< "$1"; } tolower() { tr 'A-Z' 'a-z' <<< "$1"; }
fi fi
debugme() { debugme() {
@ -1204,9 +1204,14 @@ strip_spaces() {
echo "${1// /}" echo "${1// /}"
} }
trim_trailing_space() { # https://web.archive.org/web/20121022051228/http://codesnippets.joyent.com/posts/show/1816
echo "${1%%*( )}" strip_leading_space() {
echo "${1#"${1%%[\![:space:]]*}"}"
} }
strip_trailing_space() {
echo "${1%"${1##*[![:space:]]}"}"
}
# retrieve cipher from ServerHello (via openssl) # retrieve cipher from ServerHello (via openssl)
get_cipher() { get_cipher() {
@ -1714,7 +1719,9 @@ detect_header() {
HEADERVALUE="" HEADERVALUE=""
return 0 return 0
elif [[ $nr -eq 1 ]]; then elif [[ $nr -eq 1 ]]; then
HEADERVALUE=$(grep -Faiw "$key:" $HEADERFILE | sed 's/^.*://') HEADERVALUE=$(grep -Faiw "$key:" $HEADERFILE)
HEADERVALUE=${HEADERVALUE#*:} # remove leading part=key to colon
HEADERVALUE="$(strip_leading_space "$HEADERVALUE")"
return 1 return 1
else else
pr_svrty_medium "misconfiguration: " pr_svrty_medium "misconfiguration: "
@ -1722,15 +1729,14 @@ detect_header() {
pr_svrty_medium " ${nr}x" pr_svrty_medium " ${nr}x"
out " -- checking first one " out " -- checking first one "
out "\n$spaces" out "\n$spaces"
# first awk matches the key, second extracts the from the first line the value, be careful with quotes here! HEADERVALUE=$(grep -Faiw "$key:" $HEADERFILE | head -1)
HEADERVALUE=$(grep -Faiw "$key:" $HEADERFILE | sed 's/^.*://' | head -1) HEADERVALUE=${HEADERVALUE#*:}
HEADERVALUE="$(strip_leading_space "$HEADERVALUE")"
[[ $DEBUG -ge 2 ]] && tm_italic "$HEADERVALUE" && tm_out "\n$spaces" [[ $DEBUG -ge 2 ]] && tm_italic "$HEADERVALUE" && tm_out "\n$spaces"
fileout "$2""_multiple" "WARN" "Multiple $2 headers. Using first header: $HEADERVALUE" fileout "$2""_multiple" "WARN" "Multiple $2 headers. Using first header: $HEADERVALUE"
return $nr return $nr
fi fi
} }
# wir brauchen hier eine Funktion, die generell den Header detectiert
includeSubDomains() { includeSubDomains() {
if grep -aiqw includeSubDomains "$1"; then if grep -aiqw includeSubDomains "$1"; then
@ -2296,28 +2302,30 @@ run_more_flags() {
pr_bold " Security headers " pr_bold " Security headers "
for f2t in $good_flags2test; do for f2t in $good_flags2test; do
debugme echo "---> $f2t" debugme echo "---> $f2t"
detect_header $f2t $f2t detect_header "$f2t" "$f2t"
if [[ $? -ge 1 ]]; then if [[ $? -ge 1 ]]; then
if ! "$first"; then if ! "$first"; then
out "$spaces" # output leading spaces if the first header out "$spaces" # output leading spaces if the first header
else else
first=false first=false
fi fi
pr_done_good "$f2t"; outln "$HEADERVALUE" pr_done_good "$f2t"
outln "$(out_row_aligned_max_width "$HEADERVALUE" "$spaces" $TERM_WIDTH)"
fileout "$f2t" "OK" "$f2t: $HEADERVALUE" fileout "$f2t" "OK" "$f2t: $HEADERVALUE"
fi fi
done done
for f2t in $other_flags2test; do for f2t in $other_flags2test; do
debugme echo "---> $f2t" debugme echo "---> $f2t"
detect_header $f2t $f2t detect_header "$f2t" "$f2t"
if [[ $? -ge 1 ]]; then if [[ $? -ge 1 ]]; then
if ! "$first"; then if ! "$first"; then
out "$spaces" # output leading spaces if the first header out "$spaces" # output leading spaces if the first header
else else
first=false first=false
fi fi
pr_litecyan "$f2t"; outln "$HEADERVALUE" pr_litecyan "$f2t"
outln "$HEADERVALUE" # shouldn't be that long
fileout "$f2t" "WARN" "$f2t: $HEADERVALUE" fileout "$f2t" "WARN" "$f2t: $HEADERVALUE"
fi fi
done done