Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 13:55:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Polish PR #2032 + Additions

Browse Source 
* address my comments
* add json fields HTTP_headerTime + HTTP_headerAge if they exists
* output HTTP_AGE if it was detected
* do stripping of line feeds closer to where variables were set
This commit is contained in:
Dirk Wetter
2021-12-10 14:27:30 +01:00
parent d6398c3167
commit e871bd0911
1 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
testssl.sh
View File

@@ -394,7 +394,7 @@ TLS_NOW="" # Similar
TLS_DIFFTIME_SET=false # Tells TLS functions to measure the TLS difftime or not TLS_DIFFTIME_SET=false # Tells TLS functions to measure the TLS difftime or not
NOW_TIME="" NOW_TIME=""
HTTP_TIME="" HTTP_TIME=""
HTTP_AGE=0 HTTP_AGE="" # There's sometimes an Age Header, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Age + RFC 7234
REQHEADERS=() REQHEADERS=()
GET_REQ11="" GET_REQ11=""
START_TIME=0 # time in epoch when the action started START_TIME=0 # time in epoch when the action started
@@ -404,7 +404,7 @@ LAST_TIME=0 # only used for performance measurements
SERVER_COUNTER=0 # Counter for multiple servers SERVER_COUNTER=0 # Counter for multiple servers
TLS_LOW_BYTE="" # For "secret" development stuff, see -q below TLS_LOW_BYTE="" # For "secret" development stuff, see -q below
HEX_CIPHER="" # " HEX_CIPHER="" # -- " --
GRADE_CAP="" # Keeps track of the current grading cap GRADE_CAP="" # Keeps track of the current grading cap
GRADE_CAP_REASONS=() # Keeps track of all the reasons why grades are capped GRADE_CAP_REASONS=() # Keeps track of all the reasons why grades are capped
@@ -2370,7 +2370,7 @@ run_http_header() {
tm_out "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$OPTIMAL_PROTO $BUGS -quiet -ign_eof -connect $NODEIP:$PORT $PROXY $SNI") >$HEADERFILE 2>$ERRFILE tm_out "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$OPTIMAL_PROTO $BUGS -quiet -ign_eof -connect $NODEIP:$PORT $PROXY $SNI") >$HEADERFILE 2>$ERRFILE
NOW_TIME=$(date "+%s") NOW_TIME=$(date "+%s")
HTTP_TIME=$(awk -F': ' '/^date:/ { print $2 } /^Date:/ { print $2 }' $HEADERFILE) HTTP_TIME=$(awk -F': ' '/^date:/ { print $2 } /^Date:/ { print $2 }' $HEADERFILE)
grep -q -i '^Age: [1-9][[:digit:]]*' $HEADERFILE && HTTP_AGE=$(strip_lf "$(awk -F': ' '/^[aA][gG][eE]: / { print $2 }' $HEADERFILE)") HTTP_AGE=$(awk -F': ' '/^[aA][gG][eE]: / { print $2 }' $HEADERFILE)
HAD_SLEPT=0 HAD_SLEPT=0
else else
# 1st GET request hung and needed to be killed. Check whether it succeeded anyway: # 1st GET request hung and needed to be killed. Check whether it succeeded anyway:
@@ -2378,7 +2378,7 @@ run_http_header() {
# correct by seconds we slept, HAD_SLEPT comes from wait_kill() # correct by seconds we slept, HAD_SLEPT comes from wait_kill()
NOW_TIME=$(($(date "+%s") - HAD_SLEPT)) NOW_TIME=$(($(date "+%s") - HAD_SLEPT))
HTTP_TIME=$(awk -F': ' '/^date:/ { print $2 } /^Date:/ { print $2 }' $HEADERFILE) HTTP_TIME=$(awk -F': ' '/^date:/ { print $2 } /^Date:/ { print $2 }' $HEADERFILE)
grep -q -i '^Age: [1-9][[:digit:]]*' $HEADERFILE && HTTP_AGE=$(strip_lf "$(awk -F': ' '/^[aA][gG][eE]: / { print $2 }' $HEADERFILE)") HTTP_AGE=$(awk -F': ' '/^[aA][gG][eE]: / { print $2 }' $HEADERFILE)
else else
prln_warning " likely HTTP header requests failed (#lines: $(wc -l $HEADERFILE | awk '{ print $1 }'))" prln_warning " likely HTTP header requests failed (#lines: $(wc -l $HEADERFILE | awk '{ print $1 }'))"
[[ "$DEBUG" -lt 1 ]] && outln "Rerun with DEBUG>=1 and inspect $HEADERFILE\n" [[ "$DEBUG" -lt 1 ]] && outln "Rerun with DEBUG>=1 and inspect $HEADERFILE\n"
@@ -2410,6 +2410,8 @@ run_http_header() {
fi fi
# Populate vars for HTTP time # Populate vars for HTTP time
[[ -n "$HTTP_AGE" ]] && HTTP_AGE="$(strip_lf "$HTTP_AGE")"
[[ -n "$HTTP_TIME" ]] && HTTP_TIME="$(strip_lf "$HTTP_TIME")"
debugme echo "NOW_TIME: $NOW_TIME | HTTP_AGE: $HTTP_AGE | HTTP_TIME: $HTTP_TIME" debugme echo "NOW_TIME: $NOW_TIME | HTTP_AGE: $HTTP_AGE | HTTP_TIME: $HTTP_TIME"
# Quit on first empty line to catch 98% of the cases. Next pattern is there because the SEDs tested # Quit on first empty line to catch 98% of the cases. Next pattern is there because the SEDs tested
@@ -2525,14 +2527,15 @@ run_http_date() {
fi fi
pr_bold " HTTP clock skew " pr_bold " HTTP clock skew "
if [[ -n "$HTTP_TIME" ]]; then if [[ -n "$HTTP_TIME" ]]; then
HTTP_TIME="$(strip_lf "$HTTP_TIME")"
if "$HAS_OPENBSDDATE"; then if "$HAS_OPENBSDDATE"; then
# We won't normalize the date under an OpenBSD thus no subtraction is feasible # We won't normalize the date under an OpenBSD thus no subtraction is feasible
outln "remote: $HTTP_TIME" outln "remote: $HTTP_TIME"
out "${spaces}local: $(LC_ALL=C TZ=GMT date "+%a, %d %b %Y %T %Z")" out "${spaces}local: $(LC_ALL=C TZ=GMT date "+%a, %d %b %Y %T %Z")"
fileout "$jsonID" "INFO" "$HTTP_TIME - $(TZ=GMT date "+%a, %d %b %Y %T %Z")" fileout "$jsonID" "INFO" "$HTTP_TIME - $(TZ=GMT date "+%a, %d %b %Y %T %Z")"
else else
# modifying the global from string to a number
HTTP_TIME="$(parse_date "$HTTP_TIME" "+%s" "%a, %d %b %Y %T %Z" 2>>$ERRFILE)" HTTP_TIME="$(parse_date "$HTTP_TIME" "+%s" "%a, %d %b %Y %T %Z" 2>>$ERRFILE)"
HTTP_TIME="$(strip_lf "$HTTP_TIME")"
difftime=$((HTTP_TIME + HTTP_AGE - NOW_TIME)) difftime=$((HTTP_TIME + HTTP_AGE - NOW_TIME))
[[ $difftime != "-"* ]] && [[ $difftime != "0" ]] && difftime="+$difftime" [[ $difftime != "-"* ]] && [[ $difftime != "0" ]] && difftime="+$difftime"
# process was killed, so we need to add an error # process was killed, so we need to add an error
@@ -2540,11 +2543,19 @@ run_http_date() {
out "$difftime sec from localtime"; out "$difftime sec from localtime";
fileout "$jsonID" "INFO" "$difftime seconds from localtime" fileout "$jsonID" "INFO" "$difftime seconds from localtime"
fi fi
if [[ -n "$HTTP_TIME" ]]; then
# out " (HTTP header time: $HTTP_TIME)"
fileout "HTTP_headerTime" "INFO" "$HTTP_TIME"
fi
if [[ -n "$HTTP_AGE" ]]; then
out " (Age: $HTTP_AGE)"
fileout "HTTP_headerAge" "INFO" "$HTTP_AGE seconds"
fi
else else
out "Got no HTTP time, maybe try different URL?"; out "Got no HTTP time, maybe try different URL?";
fileout "$jsonID" "INFO" "Got no HTTP time, maybe try different URL?" fileout "$jsonID" "INFO" "Got no HTTP time, maybe try different URL?"
fi fi
debugme tm_out ", HTTP_TIME in epoch: $HTTP_TIME" debugme tm_out ", HTTP_TIME + HTTP_AGE in epoch: $HTTP_TIME / $HTTP_AGE"
outln outln
match_ipv4_httpheader "$1" match_ipv4_httpheader "$1"
return 0 return 0