From e0f8a2eea6250a81d6d0301e9f3a835a41d0575d Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Tue, 9 Apr 2019 12:54:40 +0200 Subject: [PATCH] Strict check on binaries needed: no busybox When users try to reinvent the wheel and write an own dockerfile this PR checks when binaries come from busybox -- as it is the case with Alpine Linux. --- testssl.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index 7b13007..0b3098b 100755 --- a/testssl.sh +++ b/testssl.sh @@ -8442,7 +8442,7 @@ certificate_info() { prln_svrty_medium ">= 5 years is too long" fileout "cert_validityPeriod${json_postfix}" "MEDIUM" "$((diffseconds / 3600 * 24 )) days" else - [[ "$DEBUG" -ge 1 ]] && outln "OK: below 5 years certificate life time" + [[ "$DEBUG" -ge 1 ]] && outln "${spaces}OK: below 5 years certificate life time" fileout "cert_validityPeriod${json_postfix}" "INFO" "$((diffseconds / 3600 * 24 )) days" fi @@ -18480,6 +18480,10 @@ check_base_requirements() { if ! type -p "${binary}" &> /dev/null; then fatal "You need to install ${binary} for this program to work" $ERR_RESOURCE fi + "${binary}" --help 2>&1 | grep -ivq busybox + if [[ $? -ne 0 ]]; then + fatal "${binary} is from busybox. Please install a regular binary" $ERR_RESOURCE + fi done }