mirror of
https://github.com/drwetter/testssl.sh.git
synced 2026-07-14 02:57:39 +02:00
Merge branch '3.2' into ready_for_3.2.4
This commit is contained in:
@@ -0,0 +1,63 @@
|
|||||||
|
#!/usr/bin/env perl
|
||||||
|
|
||||||
|
# Basics: are there semantic errors which are easy to spot?
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
use Test::More;
|
||||||
|
|
||||||
|
my $tests = 0;
|
||||||
|
my $prg="testssl.sh";
|
||||||
|
my $os="$^O";
|
||||||
|
|
||||||
|
if ( $os eq "darwin" ){
|
||||||
|
plan skip_all => 'No checks on MacOS';
|
||||||
|
}
|
||||||
|
|
||||||
|
#1
|
||||||
|
printf "\n%s\n", "Testing for missing vars at left hand side in double square brackets ...";
|
||||||
|
|
||||||
|
# I know this isn't nice but perl doesn't seem for this so great either
|
||||||
|
my @matches = `grep -n '\\[\\[ [[:alpha:]]' $prg`;
|
||||||
|
is(scalar(@matches), 0, "Checking bad '[[ LHS' patterns")
|
||||||
|
or diag(@matches);
|
||||||
|
$tests++;
|
||||||
|
|
||||||
|
# The following works only on GNU grep
|
||||||
|
|
||||||
|
#2
|
||||||
|
printf "\n%s\n", "Testing for backticks ...";
|
||||||
|
|
||||||
|
my @matches = qx(grep -nP '`[^`]*`' $prg);
|
||||||
|
is(scalar(@matches), 0, "Checking bad backtick patterns")
|
||||||
|
or diag(@matches);
|
||||||
|
$tests++;
|
||||||
|
|
||||||
|
#3
|
||||||
|
printf "\n%s\n", "Sourcing without checking the file exists #1 ...";
|
||||||
|
|
||||||
|
my @matches = qx(grep -nP '^\s*\.\s+\$' $prg);
|
||||||
|
is(scalar(@matches), 0, "Checking bad sourcing pattern #1")
|
||||||
|
or diag(@matches);
|
||||||
|
$tests++;
|
||||||
|
|
||||||
|
#4
|
||||||
|
printf "\n%s\n", "Sourcing without checking the file exists #2 ...";
|
||||||
|
|
||||||
|
my @matches = qx(grep -nP '^\s*source\s+\$' $prg);
|
||||||
|
is(scalar(@matches), 0, "Checking bad sourcing pattern #2")
|
||||||
|
or diag(@matches);
|
||||||
|
$tests++;
|
||||||
|
|
||||||
|
|
||||||
|
# We have three eval already, a) re-analyse + exempt them
|
||||||
|
#my @matches = qx(grep -nP '\beval\b' $prg);
|
||||||
|
|
||||||
|
|
||||||
|
# more would go here
|
||||||
|
|
||||||
|
printf "\n";
|
||||||
|
done_testing($tests);
|
||||||
|
|
||||||
|
|
||||||
|
# vim:ts=5:sw=5:expandtab
|
||||||
|
|
||||||
+4
-4
@@ -433,7 +433,7 @@ KEY_EXCH_SCORE=100 # Keeps track of the score for category
|
|||||||
CIPH_STR_BEST=0 # Keeps track of the best bit size for category 3 "Cipher Strength"
|
CIPH_STR_BEST=0 # Keeps track of the best bit size for category 3 "Cipher Strength"
|
||||||
CIPH_STR_WORST=100000 # Keeps track of the worst bit size for category 3 "Cipher Strength"
|
CIPH_STR_WORST=100000 # Keeps track of the worst bit size for category 3 "Cipher Strength"
|
||||||
# Intentionally set very high, so it can be set to 0, if necessary
|
# Intentionally set very high, so it can be set to 0, if necessary
|
||||||
TRUSTED1ST="" # Contains the `-trusted_first` flag, if this version of openssl supports it
|
TRUSTED1ST="" # Contains the "-trusted_first" flag, if this version of openssl supports it
|
||||||
|
|
||||||
########### Global variables for parallel mass testing
|
########### Global variables for parallel mass testing
|
||||||
#
|
#
|
||||||
@@ -17801,7 +17801,7 @@ run_renego() {
|
|||||||
tmp_result=2
|
tmp_result=2
|
||||||
rm -f $TEMPDIR/was_killed
|
rm -f $TEMPDIR/was_killed
|
||||||
fi
|
fi
|
||||||
if [[ $tmp_result -eq 1 ]] && [[ loop_reneg -eq 1 ]]; then
|
if [[ $tmp_result -eq 1 ]] && [[ $loop_reneg -eq 1 ]]; then
|
||||||
tmp_result=3
|
tmp_result=3
|
||||||
fi
|
fi
|
||||||
if [[ $SERVICE != HTTP ]]; then
|
if [[ $SERVICE != HTTP ]]; then
|
||||||
@@ -19023,7 +19023,7 @@ run_drown() {
|
|||||||
if [[ $(has_server_protocol ssl2) -ne 1 ]]; then
|
if [[ $(has_server_protocol ssl2) -ne 1 ]]; then
|
||||||
sslv2_sockets
|
sslv2_sockets
|
||||||
else
|
else
|
||||||
[[ aaa == bbb ]] # provoke return code=1
|
false
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case $? in
|
case $? in
|
||||||
@@ -20935,7 +20935,7 @@ find_openssl_binary() {
|
|||||||
|
|
||||||
# In order to avoid delays due to lookups of the hostname "invalid." we just try to avoid using "-connect invalid."
|
# In order to avoid delays due to lookups of the hostname "invalid." we just try to avoid using "-connect invalid."
|
||||||
# when possible. The following does a check fopr that. For WSL we stick for now to the old scheme. Not sure about Cygwin
|
# when possible. The following does a check fopr that. For WSL we stick for now to the old scheme. Not sure about Cygwin
|
||||||
if [[ SYSTEM2 == "WSL" ]]; then
|
if [[ $SYSTEM2 == "WSL" ]]; then
|
||||||
NXCONNECT=-connect $NXDNS
|
NXCONNECT=-connect $NXDNS
|
||||||
else
|
else
|
||||||
# If this connects and bails out with an error message, we do not need "-connect invalid."
|
# If this connects and bails out with an error message, we do not need "-connect invalid."
|
||||||
|
|||||||
Reference in New Issue
Block a user