From f203b8b299bd8bd9a810f80b340037d28aa4fd1f Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Sun, 15 Feb 2015 13:37:44 +0100
Subject: [PATCH] - Fix #46 (preload lists HPKP and HSTS) - word match for
 includeSubDomains (useful if one specified the keyword wrong)

---
 testssl.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 93d345d..41e9d7a 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -435,13 +435,17 @@ EOF
 }
 
 includeSubDomains() {
-	if grep -aiq includeSubDomains "$1"; then
+	if grep -aiqw includeSubDomains "$1"; then
 		pr_litegreen ", includeSubDomains"
 	else
 		pr_litecyan ", just this domain"
 	fi
 }
 
+preload() {
+	grep -aiqw preload "$1" && pr_litegreen ", preload"
+}
+
 hsts() {
 	pr_bold " HSTS          "
 	if [ ! -s $HEADERFILE ] ; then
@@ -458,6 +462,7 @@ hsts() {
 			pr_brown "$AGE_DAYS days (<$HSTS_MIN is not good enough)"
 		fi
 		includeSubDomains "$TMPFILE"
+		preload "$TMPFILE"  #FIXME: To be checked against: e.g. https://dxr.mozilla.org/mozilla-central/source/security/manager/boot/src/nsSTSPreloadList.inc and https://chromium.googlesource.com/chromium/src/+/master/net/http/transport_security_state_static.json
 	else
 		out "--"
 	fi
@@ -483,6 +488,7 @@ hpkp() {
 			pr_brown "$AGE_DAYS days (<$HPKP_MIN is not good enough)"
 		fi
 		includeSubDomains "$TMPFILE"
+		preload "$TMPFILE"
 		out ", fingerprints not checked"
 	else
 		out "--"
@@ -2853,6 +2859,6 @@ case "$1" in
 		exit $ret ;;
 esac
 
-#  $Id: testssl.sh,v 1.189 2015/02/15 12:14:10 dirkw Exp $ 
+#  $Id: testssl.sh,v 1.190 2015/02/15 12:37:43 dirkw Exp $ 
 # vim:ts=5:sw=5