Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 22:05:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix Shellcheck SC2034 issues

Browse Source 
This commit fixes several issues related to Shellcheck issue SC2034: unused variables.

In most cases variables are declared in a function, but are referenced later. The exceptions are:

* SESS_RESUMPTION is declared and values are assigned to it, but it us never used. (Same applies for not_new_reused in sub_seession_resumption().)

* In run_cipherlists(), there is a typo in the declaration of sslv2_tdes_ciphers.

* In get_caa_rr_record(), "hash", "len", and "line" are used but not declared.
This commit is contained in:
David Cooper
2020-06-01 15:31:01 -04:00
parent 4f9c5158dc
commit edefce5998
1 changed files with 17 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
testssl.sh
View File

@@ -266,7 +266,6 @@ V2_HELLO_CIPHERSPEC_LENGTH=0
declare -r NPN_PROTOs="spdy/4a2,spdy/3,spdy/3.1,spdy/2,spdy/1,http/1.1" declare -r NPN_PROTOs="spdy/4a2,spdy/3,spdy/3.1,spdy/2,spdy/1,http/1.1"
# alpn_protos needs to be space-separated, not comma-seperated, including odd ones observed @ facebook and others, old ones like h2-17 omitted as they could not be found # alpn_protos needs to be space-separated, not comma-seperated, including odd ones observed @ facebook and others, old ones like h2-17 omitted as they could not be found
declare -r ALPN_PROTOs="h2 spdy/3.1 http/1.1 grpc-exp h2-fb spdy/1 spdy/2 spdy/3 stun.turn stun.nat-discovery webrtc c-webrtc ftp" declare -r ALPN_PROTOs="h2 spdy/3.1 http/1.1 grpc-exp h2-fb spdy/1 spdy/2 spdy/3 stun.turn stun.nat-discovery webrtc c-webrtc ftp"
declare -a SESS_RESUMPTION
TEMPDIR="" TEMPDIR=""
TMPFILE="" TMPFILE=""
ERRFILE="" ERRFILE=""
@@ -1687,7 +1686,7 @@ http_get() {
# There the environment variable is used automatically # There the environment variable is used automatically
# Currently it is being used by check_pwnedkeys() only. # Currently it is being used by check_pwnedkeys() only.
http_get_header() { http_get_header() {
local proto z local proto
local node="" query="" local node="" query=""
local dl="$2" local dl="$2"
local useragent="$UA_STD" local useragent="$UA_STD"
@@ -5932,7 +5931,7 @@ run_cipherlists() {
local ossl_anon_ciphers anon_ciphers sslv2_anon_ciphers local ossl_anon_ciphers anon_ciphers sslv2_anon_ciphers
local ossl_exp_ciphers exp_ciphers sslv2_exp_ciphers local ossl_exp_ciphers exp_ciphers sslv2_exp_ciphers
local ossl_low_ciphers low_ciphers sslv2_low_ciphers local ossl_low_ciphers low_ciphers sslv2_low_ciphers
local ossl_tdes_ciphers tdes_ciphers sslv2_tdes_cipher local ossl_tdes_ciphers tdes_ciphers sslv2_tdes_ciphers
local ossl_obsoleted_ciphers obsoleted_ciphers local ossl_obsoleted_ciphers obsoleted_ciphers
local strong_ciphers local strong_ciphers
local cwe="CWE-327" local cwe="CWE-327"
@@ -6341,7 +6340,6 @@ sub_session_resumption() {
local tmpfile=$(mktemp $TEMPDIR/session_resumption.$NODEIP.XXXXXX) local tmpfile=$(mktemp $TEMPDIR/session_resumption.$NODEIP.XXXXXX)
local sess_data=$(mktemp $TEMPDIR/sub_session_data_resumption.$NODEIP.XXXXXX) local sess_data=$(mktemp $TEMPDIR/sub_session_data_resumption.$NODEIP.XXXXXX)
local -a rw_line local -a rw_line
local not_new_reused=false
local protocol="$1" local protocol="$1"
if [[ "$2" == ID ]]; then if [[ "$2" == ID ]]; then
@@ -6401,7 +6399,6 @@ sub_session_resumption() {
new_sid=true new_sid=true
else else
debugme echo -n "Problem with 2nd ServerHello " debugme echo -n "Problem with 2nd ServerHello "
not_new_reused=true
fi fi
# Now get the line and compare the numbers "read" and "written" as a second criteria. # Now get the line and compare the numbers "read" and "written" as a second criteria.
# If the "read" number is bigger: a new session ID was probably used # If the "read" number is bigger: a new session ID was probably used
@@ -6823,7 +6820,6 @@ cipher_pref_check() {
local using_sockets="$4" local using_sockets="$4"
local wide="$5" # at the moment always = true local wide="$5" # at the moment always = true
local tested_cipher cipher order rfc_cipher rfc_order local tested_cipher cipher order rfc_cipher rfc_order
local overflow_probe_cipherlist="ALL:-ECDHE-RSA-AES256-GCM-SHA384:-AES128-SHA:-DES-CBC3-SHA"
local -i i nr_ciphers nr_nonossl_ciphers num_bundles bundle_size bundle end_of_bundle success local -i i nr_ciphers nr_nonossl_ciphers num_bundles bundle_size bundle end_of_bundle success
local -i nr_ciphers_found local -i nr_ciphers_found
local hexc ciphers_to_test local hexc ciphers_to_test
@@ -8198,7 +8194,6 @@ certificate_transparency() {
local tls_version="$6" local tls_version="$6"
local sni="" local sni=""
local ciphers="" local ciphers=""
local hexc n ciph sslver kx auth enc mac export
local extra_extns="" local extra_extns=""
local -i success local -i success
# Cipher suites that use a certifiate with an RSA (signature) public key # Cipher suites that use a certifiate with an RSA (signature) public key
@@ -9562,25 +9557,20 @@ run_server_defaults() {
jsonID="sessionresumption_ticket" jsonID="sessionresumption_ticket"
sub_session_resumption "$sessticket_proto" sub_session_resumption "$sessticket_proto"
case $? in case $? in
0) SESS_RESUMPTION[2]="ticket=yes" 0) out "Tickets: yes, "
out "Tickets: yes, "
fileout "$jsonID" "INFO" "supported" fileout "$jsonID" "INFO" "supported"
;; ;;
1) SESS_RESUMPTION[2]="ticket=no" 1) out "Tickets no, "
out "Tickets no, "
fileout "$jsonID" "INFO" "not supported" fileout "$jsonID" "INFO" "not supported"
;; ;;
5) SESS_RESUMPTION[2]="ticket=noclue" 5) pr_warning "Ticket resumption test failed, pls report / "
pr_warning "Ticket resumption test failed, pls report / "
fileout "$jsonID" "WARN" "check failed, pls report" fileout "$jsonID" "WARN" "check failed, pls report"
((ret++)) ((ret++))
;; ;;
6) SESS_RESUMPTION[2]="ticket=clientauth" 6) pr_warning "Client Auth: Ticket resumption test not supported / "
pr_warning "Client Auth: Ticket resumption test not supported / "
fileout "$jsonID" "WARN" "check couldn't be performed because of client authentication" fileout "$jsonID" "WARN" "check couldn't be performed because of client authentication"
;; ;;
7) SESS_RESUMPTION[2]="ticket=unsuccessful" 7) pr_warning "Connect problem: Ticket resumption test not possible / "
pr_warning "Connect problem: Ticket resumption test not possible / "
fileout "$jsonID" "WARN" "check failed because of connect problem" fileout "$jsonID" "WARN" "check failed because of connect problem"
((ret++)) ((ret++))
;; ;;
@@ -9588,32 +9578,25 @@ run_server_defaults() {
jsonID="sessionresumption_ID" jsonID="sessionresumption_ID"
if "$NO_SSL_SESSIONID"; then if "$NO_SSL_SESSIONID"; then
SESS_RESUMPTION[1]="ID=no"
outln "ID: no" outln "ID: no"
fileout "$jsonID" "INFO" "No Session ID, no resumption" fileout "$jsonID" "INFO" "No Session ID, no resumption"
else else
sub_session_resumption "$sessticket_proto" ID sub_session_resumption "$sessticket_proto" ID
case $? in case $? in
0) SESS_RESUMPTION[1]="ID=yes" 0) outln "ID: yes"
outln "ID: yes"
fileout "$jsonID" "INFO" "supported" fileout "$jsonID" "INFO" "supported"
;; ;;
1|2) SESS_RESUMPTION[1]="ID=no" 1|2) outln "ID: no"
outln "ID: no"
fileout "$jsonID" "INFO" "not supported" fileout "$jsonID" "INFO" "not supported"
;; ;;
5) SESS_RESUMPTION[1]="ID=noclue" 5) prln_warning "ID resumption test failed, pls report"
prln_warning "ID resumption test failed, pls report"
fileout "$jsonID" "WARN" "check failed, pls report" fileout "$jsonID" "WARN" "check failed, pls report"
((ret++)) ((ret++))
;; ;;
6) SESS_RESUMPTION[1]="ID=clientauth" 6) prln_warning "Client Auth: ID resumption test not supported"
# [[ ${SESS_RESUMPTION[2]} =~ clientauth ]] || pr_warning "Client Auth: "
prln_warning "Client Auth: ID resumption test not supported"
fileout "$jsonID" "WARN" "check couldn't be performed because of client authentication" fileout "$jsonID" "WARN" "check couldn't be performed because of client authentication"
;; ;;
7) SESS_RESUMPTION[1]="ID=unsuccessful" 7) prln_warning "ID resumption test failed"
prln_warning "ID resumption test failed"
fileout "$jsonID" "WARN" "check failed because of connect problem" fileout "$jsonID" "WARN" "check failed because of connect problem"
((ret++)) ((ret++))
;; ;;
@@ -10565,7 +10548,6 @@ starttls_mysql_dialog() {
# returns 6 if opening the socket caused a problem, 1 if STARTTLS handshake failed, 0: all ok # returns 6 if opening the socket caused a problem, 1 if STARTTLS handshake failed, 0: all ok
# #
fd_socket() { fd_socket() {
local jabber=""
local proyxline="" local proyxline=""
local nodeip="$(tr -d '[]' <<< $NODEIP)" # sockets do not need the square brackets we have of IPv6 addresses local nodeip="$(tr -d '[]' <<< $NODEIP)" # sockets do not need the square brackets we have of IPv6 addresses
# we just need do it here, that's all! # we just need do it here, that's all!
@@ -14238,7 +14220,7 @@ prepare_tls_clienthello() {
local len_client_hello_word len_all_word local len_client_hello_word len_all_word
local ecc_cipher_suite_found=false local ecc_cipher_suite_found=false
local extension_signature_algorithms extension_heartbeat session_id local extension_signature_algorithms extension_heartbeat session_id
local extension_session_ticket extension_next_protocol extension_padding local extension_session_ticket extension_next_protocol
local extension_supported_groups="" extension_supported_point_formats="" local extension_supported_groups="" extension_supported_point_formats=""
local extensions_key_share="" extn_type supported_groups_c2n="" extn_psk_mode="" local extensions_key_share="" extn_type supported_groups_c2n="" extn_psk_mode=""
local extra_extensions extra_extensions_list="" extension_supported_versions="" local extra_extensions extra_extensions_list="" extension_supported_versions=""
@@ -14656,11 +14638,11 @@ prepare_tls_clienthello() {
resend_if_hello_retry_request() { resend_if_hello_retry_request() {
local original_clienthello="$1" local original_clienthello="$1"
local tls_hello_ascii="$2" local tls_hello_ascii="$2"
local msg_type tls_low_byte server_version cipher_suite rfc_cipher_suite local msg_type server_version cipher_suite rfc_cipher_suite
local key_share="" new_key_share="" cookie="" second_clienthello data="" local key_share="" new_key_share="" cookie="" second_clienthello data=""
local -i i j msg_len tls_hello_ascii_len sid_len local -i i j msg_len tls_hello_ascii_len sid_len
local -i extns_offset hrr_extns_len extra_extensions_len len_extn local -i extns_offset hrr_extns_len len_extn
local extra_extensions extn_type part2 new_extra_extns="" local extn_type
local sha256_hrr="CF21AD74E59A6111BE1D8C021E65B891C2A211167ABB8C5E079E09E2C8A8339C" local sha256_hrr="CF21AD74E59A6111BE1D8C021E65B891C2A211167ABB8C5E079E09E2C8A8339C"
tls_hello_ascii_len=${#tls_hello_ascii} tls_hello_ascii_len=${#tls_hello_ascii}
@@ -19480,6 +19462,7 @@ get_aaaa_record() {
# arg1: domain to check for # arg1: domain to check for
get_caa_rr_record() { get_caa_rr_record() {
local raw_caa="" local raw_caa=""
local hash len line
local -i len_caa_property local -i len_caa_property
local caa_property_name local caa_property_name
local caa_property_value local caa_property_value