From 0640eb90043d2f8e48aed1e1162b30bb5e6e47f7 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Mon, 27 Jan 2025 16:33:58 +0100
Subject: [PATCH 1/6] Several CI fixes

- don't output stdin on terminal
- adapt to different google.com ip addresses
- cleaner code
---
 t/12_diff_opensslversions.t | 12 ++++++++----
 t/61_diff_testsslsh.t       |  4 ++--
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/t/12_diff_opensslversions.t b/t/12_diff_opensslversions.t
index e88d33b..7ad8d43 100755
--- a/t/12_diff_opensslversions.t
+++ b/t/12_diff_opensslversions.t
@@ -25,18 +25,18 @@ die "Unable to open $prg" unless -f $prg;
 die "Unable to open $distro_openssl" unless -f $distro_openssl;
 
 # Provide proper start conditions
-unlink "tmp.csv";
-unlink "tmp2.csv";
+unlink $csvfile;
+unlink $csvfile2;
 
 #1 run
 printf "\n%s\n", "Diff test IPv4 with supplied openssl against \"$uri\"";
-@args="$prg $check2run $csvfile $uri 2>&1";
+@args="$prg $check2run $csvfile $uri >/dev/null";
 system("@args") == 0
      or die ("FAILED: \"@args\"");
 
 # 2
 printf "\n%s\n", "Diff test IPv4 with $distro_openssl against \"$uri\"";
-@args="$prg $check2run $csvfile2 --openssl=$distro_openssl $uri 2>&1";
+@args="$prg $check2run $csvfile2 --openssl=$distro_openssl $uri >/dev/null";
 system("@args") == 0
      or die ("FAILED: \"@args\" ");
 
@@ -63,6 +63,10 @@ $cat_csvfile  =~  s/ECDH\/MLKEM/ECDH 253  /g;
 $cat_csvfile  =~ s/.nonce-.* //g;
 $cat_csvfile2 =~ s/.nonce-.* //g;
 
++# Fix IP adresses. needed when we don't hit the same IP address. We just remove them
+$cat_csvfile  =~ s/","google.com\/.*","443/","google.com","443/;
+$cat_csvfile2 =~ s/","google.com\/.*","443/","google.com","443/;
+
 $diff = diff \$cat_csvfile, \$cat_csvfile2;
 
 # Compare the differences -- and print them if there were any
diff --git a/t/61_diff_testsslsh.t b/t/61_diff_testsslsh.t
index 18c3bfb..8532e8f 100755
--- a/t/61_diff_testsslsh.t
+++ b/t/61_diff_testsslsh.t
@@ -20,6 +20,7 @@ my $cat_csv="tmp.csv";
 my $check2run="-p -s -P --fs -h -U -c -q --ip=one --color 0 --csvfile $cat_csv";
 my $uri="testssl.sh";
 my $diff="";
+my @args="";
 
 die "Unable to open $prg" unless -f $prg;
 die "Unable to open $baseline_csv" unless -f $baseline_csv;
@@ -27,11 +28,10 @@ die "Unable to open $baseline_csv" unless -f $baseline_csv;
 # Provide proper start conditions
 unlink $cat_csv;
 
-my @args=("$prg", "$check2run", "$uri", "2>&1");
 
 #1 run
 printf "\n%s\n", "Diff unit test (IPv4) against \"$uri\"";
-printf "@args\n";
+@args="$prg $check2run $uri >/dev/null";
 system("@args") == 0
      or die ("FAILED: \"@args\" ");
 

From 8e39d161a817bc909916871cb116ebe574b31918 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Mon, 27 Jan 2025 16:36:42 +0100
Subject: [PATCH 2/6] cleaner code

---
 t/10_baseline_ipv4_http.t | 43 +++++++++++++++++++++------------------
 1 file changed, 23 insertions(+), 20 deletions(-)

diff --git a/t/10_baseline_ipv4_http.t b/t/10_baseline_ipv4_http.t
index c98e6f2..90ededa 100755
--- a/t/10_baseline_ipv4_http.t
+++ b/t/10_baseline_ipv4_http.t
@@ -15,48 +15,51 @@ use JSON;
 
 my $tests = 0;
 my $prg="./testssl.sh";
-my $check2run="-p -s -P --fs -S -h -U -q --ip=one --color 0";
+my $tmp_json="tmp.json";
+my $check2run="-p -s -P --fs -S -h -U -q --ip=one --color 0 --jsonfile $tmp_json";
 my $uri="google.com";
 my $socket_out="";
 my $openssl_out="";
-# Blacklists we use to trigger an error:
-my $socket_regex_bl='(e|E)rror|\.\/testssl\.sh: line |(f|F)atal|(c|C)ommand not found';
-my $openssl_regex_bl='(e|E)rror|(f|F)atal|\.\/testssl\.sh: line |Oops|s_client connect problem|(c|C)ommand not found';
-my $json_regex_bl='(id".*:\s"scanProblem"|severity".*:\s"FATAL"|"Scan interrupted")';
-
 my $socket_json="";
 my $openssl_json="";
-$check2run="--jsonfile tmp.json $check2run";
+#FIXME: Blacklists we use to trigger an error, but likely we can skip that and instead we should?/could use
+#       @args="$prg $check2run $uri >/dev/null";
+#       system("@args") == 0
+#           or die ("FAILED: \"@args\" ");
+my $socket_errors='(e|E)rror|\.\/testssl\.sh: line |(f|F)atal|(c|C)ommand not found';
+my $openssl_errors='(e|E)rror|(f|F)atal|\.\/testssl\.sh: line |Oops|s_client connect problem|(c|C)ommand not found';
+my $json_errors='(id".*:\s"scanProblem"|severity".*:\s"FATAL"|"Scan interrupted")';
+
 
 die "Unable to open $prg" unless -f $prg;
 
 # Provide proper start conditions
-unlink "tmp.json";
+unlink $tmp_json;
 
 # Title
 printf "\n%s\n", "Baseline unit test IPv4 against \"$uri\"";
 
 #1
 $socket_out = `$prg $check2run $uri 2>&1`;
-$socket_json = json('tmp.json');
-unlink "tmp.json";
-unlike($socket_out, qr/$socket_regex_bl/, "via sockets, terminal output");
+$socket_json = json($tmp_json);
+unlike($socket_out, qr/$socket_errors≈/, "via sockets, checking terminal output");
 $tests++;
-unlike($socket_json, qr/$json_regex_bl/, "via sockets JSON output");
+unlike($socket_json, qr/$json_errors/, "via sockets checking JSON output");
 $tests++;
 
+unlink $tmp_json;
+
+
 #2
 $openssl_out = `$prg --ssl-native $check2run $uri 2>&1`;
-$openssl_json = json('tmp.json');
-unlink "tmp.json";
-# With Google only we sometimes encounter an error as they return a 0 char with openssl, so we white list this pattern here:
-# It should be fixed in the code though so we comment this out
-# $openssl_out =~ s/testssl.*warning: command substitution: ignored null byte in input\n//g;
-unlike($openssl_out, qr/$openssl_regex_bl/, "via OpenSSL");
+$openssl_json = json($tmp_json);
+unlike($openssl_out, qr/$openssl_errors/, "via (builtin) OpenSSL, checking terminal output");
 $tests++;
-unlike($openssl_json, qr/$json_regex_bl/, "via OpenSSL JSON output");
+unlike($openssl_json, qr/$json_errors/, "via OpenSSL (builtin) checking JSON output");
 $tests++;
 
+unlink $tmp_json;
+
 done_testing($tests);
 printf "\n";
 
@@ -69,5 +72,5 @@ sub json($) {
 }
 
 
-#  vim:ts=5:sw=5:expandtab
+# vim:ts=5:sw=5:expandtab
 

From b984ae5ea285b6c5a4564600dc1b993cc4b6e107 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Mon, 27 Jan 2025 16:37:04 +0100
Subject: [PATCH 3/6] minor stuff

---
 t/Readme.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/t/Readme.md b/t/Readme.md
index 272372b..bfdeac0 100644
--- a/t/Readme.md
+++ b/t/Readme.md
@@ -5,6 +5,6 @@
 * 30-39:  Does reporting work?
 * 50-69:  Are the results what I expect (server side)?
 
-Please help to write Travis/CI tests! Documentation can be found [here](https://perldoc.perl.org/Test/More.html).
-You can consult the existing code here. Feel free to use `10_baseline_ipv4_http.t` or `23_client_simulation.t` as a
-template.
+Please help to write CI tests! Documentation can be found [here](https://perldoc.perl.org/Test/More.html).
+You can consult the existing code here. Feel free to use `10_baseline_ipv4_http.t` or `12_diff_opensslversions.t` as a
+template. The latter is newer and code is cleaner.

From ef13122f4fd222e275f5b048001c9c25f8817b1a Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Mon, 27 Jan 2025 16:39:02 +0100
Subject: [PATCH 4/6] fix typo

---
 t/12_diff_opensslversions.t | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/t/12_diff_opensslversions.t b/t/12_diff_opensslversions.t
index 7ad8d43..c91e10c 100755
--- a/t/12_diff_opensslversions.t
+++ b/t/12_diff_opensslversions.t
@@ -63,7 +63,7 @@ $cat_csvfile  =~  s/ECDH\/MLKEM/ECDH 253  /g;
 $cat_csvfile  =~ s/.nonce-.* //g;
 $cat_csvfile2 =~ s/.nonce-.* //g;
 
-+# Fix IP adresses. needed when we don't hit the same IP address. We just remove them
++# Fix IP addresses. needed when we don't hit the same IP address. We just remove them
 $cat_csvfile  =~ s/","google.com\/.*","443/","google.com","443/;
 $cat_csvfile2 =~ s/","google.com\/.*","443/","google.com","443/;
 

From cdf5cf7b9743234b3d67a44ffa0e8d0eac713b40 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Mon, 27 Jan 2025 17:20:39 +0100
Subject: [PATCH 5/6] remove + @ beginning of line

---
 t/12_diff_opensslversions.t | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/t/12_diff_opensslversions.t b/t/12_diff_opensslversions.t
index c91e10c..df34a1c 100755
--- a/t/12_diff_opensslversions.t
+++ b/t/12_diff_opensslversions.t
@@ -63,7 +63,7 @@ $cat_csvfile  =~  s/ECDH\/MLKEM/ECDH 253  /g;
 $cat_csvfile  =~ s/.nonce-.* //g;
 $cat_csvfile2 =~ s/.nonce-.* //g;
 
-+# Fix IP addresses. needed when we don't hit the same IP address. We just remove them
+# Fix IP addresses. Needed when we don't hit the same IP address. We just remove them
 $cat_csvfile  =~ s/","google.com\/.*","443/","google.com","443/;
 $cat_csvfile2 =~ s/","google.com\/.*","443/","google.com","443/;
 

From d93549e32743c5058a7a6a95dd8e259a419b1df0 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Mon, 27 Jan 2025 20:08:11 +0100
Subject: [PATCH 6/6] fix match expr

---
 t/12_diff_opensslversions.t | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/t/12_diff_opensslversions.t b/t/12_diff_opensslversions.t
index df34a1c..5262463 100755
--- a/t/12_diff_opensslversions.t
+++ b/t/12_diff_opensslversions.t
@@ -64,8 +64,8 @@ $cat_csvfile  =~ s/.nonce-.* //g;
 $cat_csvfile2 =~ s/.nonce-.* //g;
 
 # Fix IP addresses. Needed when we don't hit the same IP address. We just remove them
-$cat_csvfile  =~ s/","google.com\/.*","443/","google.com","443/;
-$cat_csvfile2 =~ s/","google.com\/.*","443/","google.com","443/;
+$cat_csvfile  =~ s/","google.com\/.*","443/","google.com","443/g;
+$cat_csvfile2 =~ s/","google.com\/.*","443/","google.com","443/g;
 
 $diff = diff \$cat_csvfile, \$cat_csvfile2;