- Fix #46 (preload lists HPKP and HSTS)

- word match for includeSubDomains (useful if one specified the keyword wrong)
2025-01-01 06:19:44 +01:00 · 2015-02-15 13:37:44 +01:00 · 2015-02-15 13:37:44 +01:00 · f203b8b299
commit f203b8b299
parent b0a40ae1e8
1 changed files with 8 additions and 2 deletions
--- a/testssl.sh
+++ b/testssl.sh
@ -435,13 +435,17 @@ EOF
 }

 includeSubDomains() {
-	if grep -aiq includeSubDomains "$1"; then
+	if grep -aiqw includeSubDomains "$1"; then
 		pr_litegreen ", includeSubDomains"
 	else
 		pr_litecyan ", just this domain"
 	fi
 }

+preload() {
+	grep -aiqw preload "$1" && pr_litegreen ", preload"
+}
+
 hsts() {
 	pr_bold " HSTS          "
 	if [ ! -s $HEADERFILE ] ; then
@ -458,6 +462,7 @@ hsts() {
 			pr_brown "$AGE_DAYS days (<$HSTS_MIN is not good enough)"
 		fi
 		includeSubDomains "$TMPFILE"
+		preload "$TMPFILE"  #FIXME: To be checked against: e.g. https://dxr.mozilla.org/mozilla-central/source/security/manager/boot/src/nsSTSPreloadList.inc and https://chromium.googlesource.com/chromium/src/+/master/net/http/transport_security_state_static.json
 	else
 		out "--"
 	fi
@ -483,6 +488,7 @@ hpkp() {
 			pr_brown "$AGE_DAYS days (<$HPKP_MIN is not good enough)"
 		fi
 		includeSubDomains "$TMPFILE"
+		preload "$TMPFILE"
 		out ", fingerprints not checked"
 	else
 		out "--"
@ -2853,6 +2859,6 @@ case "$1" in
 		exit $ret ;;
 esac

-#  $Id: testssl.sh,v 1.189 2015/02/15 12:14:10 dirkw Exp $ 
+#  $Id: testssl.sh,v 1.190 2015/02/15 12:37:43 dirkw Exp $ 
 # vim:ts=5:sw=5