Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-02 01:58:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2785 from testssl/stderr

Browse Source 
Ensure that stderr is caught / $prg=testssl.sh
This commit is contained in:
Dirk Wetter
2025-05-28 20:16:32 +02:00
committed by GitHub
parent 75d8f8aa90 ba360bae7e
commit fbbf68857f
7 changed files with 18 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/unit_tests_macos.yml vendored
View File

@ -51,4 +51,4 @@ jobs:
- name: run it - name: run it
run: | run: |
prove -v t prove -v t 2>&1

2
.github/workflows/unit_tests_ubuntu.yml vendored
View File

@ -57,4 +57,4 @@ jobs:
- name: run it - name: run it
run: | run: |
prove -v t prove -v t 2>&1

6
t/23_client_simulation.t
View File

@ -31,14 +31,14 @@ $uri="google.com";
# unlink "tmp.json"; # unlink "tmp.json";
printf "\n%s\n", "Client simulations unit test via sockets --> $uri ..."; printf "\n%s\n", "Client simulations unit test via sockets --> $uri ...";
$socket_out = `./testssl.sh $check2run $uri 2>&1`; $socket_out = `$prg $check2run $uri 2>&1`;
# $socket_json = json('tmp.json'); # $socket_json = json('tmp.json');
unlike($socket_out, qr/$socket_regex_bl/, ""); unlike($socket_out, qr/$socket_regex_bl/, "");
$tests++; $tests++;
# unlink "tmp.json"; # unlink "tmp.json";
printf "\n%s\n", "Client simulations unit test via OpenSSL --> $uri ..."; printf "\n%s\n", "Client simulations unit test via OpenSSL --> $uri ...";
$openssl_out = `./testssl.sh $check2run --ssl-native $uri 2>&1`; $openssl_out = `$prg $check2run --ssl-native $uri 2>&1`;
# $openssl_json = json('tmp.json'); # $openssl_json = json('tmp.json');
unlike($openssl_out, qr/$openssl_regex_bl/, ""); unlike($openssl_out, qr/$openssl_regex_bl/, "");
$tests++; $tests++;
@ -48,7 +48,7 @@ $uri="smtp-relay.gmail.com:587";
# unlink "tmp.json"; # unlink "tmp.json";
printf "\n%s\n", "STARTTLS: Client simulations unit test via sockets --> $uri ..."; printf "\n%s\n", "STARTTLS: Client simulations unit test via sockets --> $uri ...";
$socket_out = `./testssl.sh $check2run -t smtp $uri 2>&1`; $socket_out = `$prg $check2run -t smtp $uri 2>&1`;
# $socket_json = json('tmp.json'); # $socket_json = json('tmp.json');
unlike($socket_out, qr/$socket_regex_bl/, ""); unlike($socket_out, qr/$socket_regex_bl/, "");
$tests++; $tests++;

10
t/31_isJSON_valid.t
View File

@ -29,7 +29,7 @@ unlink 'tmp.json';
#1 #1
printf "%s\n", ".. plain JSON --> $uri "; printf "%s\n", ".. plain JSON --> $uri ";
$out = `./testssl.sh $check2run --jsonfile tmp.json $uri`; $out = `$prg $check2run --jsonfile tmp.json $uri`;
$json = json('tmp.json'); $json = json('tmp.json');
unlink 'tmp.json'; unlink 'tmp.json';
my @errors=eval { decode_json($json) }; my @errors=eval { decode_json($json) };
@ -39,7 +39,7 @@ $tests++;
#2 #2
printf "%s\n", ".. pretty JSON --> $uri "; printf "%s\n", ".. pretty JSON --> $uri ";
$out = `./testssl.sh $check2run --jsonfile-pretty tmp.json $uri`; $out = `$prg $check2run --jsonfile-pretty tmp.json $uri`;
$json = json('tmp.json'); $json = json('tmp.json');
unlink 'tmp.json'; unlink 'tmp.json';
@errors=eval { decode_json($json) }; @errors=eval { decode_json($json) };
@ -50,7 +50,7 @@ $tests++;
#3 #3
my $uri = "smtp-relay.gmail.com:587"; my $uri = "smtp-relay.gmail.com:587";
printf "%s\n", " .. plain JSON and STARTTLS --> $uri ..."; printf "%s\n", " .. plain JSON and STARTTLS --> $uri ...";
$out = `./testssl.sh --jsonfile tmp.json $check2run -t smtp $uri`; $out = `$prg --jsonfile tmp.json $check2run -t smtp $uri`;
$json = json('tmp.json'); $json = json('tmp.json');
unlink 'tmp.json'; unlink 'tmp.json';
@errors=eval { decode_json($json) }; @errors=eval { decode_json($json) };
@ -65,7 +65,7 @@ if ( $os eq "linux" ){
# This testssl.sh run deliberately does NOT work as github actions block port 25 egress. # This testssl.sh run deliberately does NOT work as github actions block port 25 egress.
# but the output should be fine. The idea is to have a unit test for a failed connection. # but the output should be fine. The idea is to have a unit test for a failed connection.
printf "%s\n", ".. plain JSON for a failed run: '--mx $uri' ..."; printf "%s\n", ".. plain JSON for a failed run: '--mx $uri' ...";
$out = `./testssl.sh --ssl-native --openssl-timeout=10 $check2run --jsonfile tmp.json --mx $uri`; $out = `$prg --ssl-native --openssl-timeout=10 $check2run --jsonfile tmp.json --mx $uri`;
$json = json('tmp.json'); $json = json('tmp.json');
unlink 'tmp.json'; unlink 'tmp.json';
@errors=eval { decode_json($json) }; @errors=eval { decode_json($json) };
@ -75,7 +75,7 @@ if ( $os eq "linux" ){
#5 #5
# Same as above but with pretty JSON # Same as above but with pretty JSON
printf "%s\n", ".. pretty JSON for a failed run '--mx $uri' ..."; printf "%s\n", ".. pretty JSON for a failed run '--mx $uri' ...";
$out = `./testssl.sh --ssl-native --openssl-timeout=10 $check2run --jsonfile-pretty tmp.json --mx $uri`; $out = `$prg --ssl-native --openssl-timeout=10 $check2run --jsonfile-pretty tmp.json --mx $uri`;
$json = json('tmp.json'); $json = json('tmp.json');
unlink 'tmp.json'; unlink 'tmp.json';
@errors=eval { decode_json($json) }; @errors=eval { decode_json($json) };

2
t/32_isHTML_valid.t
View File

@ -57,7 +57,7 @@ $tests++;
#2 #2
printf "%s\n", " .. running again $prg against \"$uri\", now with --debug 4 to create HTML output (may take another ~2 minutes)"; printf "%s\n", " .. running again $prg against \"$uri\", now with --debug 4 to create HTML output (may take another ~2 minutes)";
# Redirect stderr to /dev/null in order to avoid some unexplained "date: invalid date" error messages # Redirect stderr to /dev/null in order to avoid some unexplained "date: invalid date" error messages
$out = `TERM_WIDTH=120 $prg $check2run --debug 4 $uri 2> /dev/null`; $out = `TERM_WIDTH=120 $prg $check2run --debug 4 $uri 2>/dev/null`;
$debughtml = `cat $htmlfile`; $debughtml = `cat $htmlfile`;
unlink $htmlfile; unlink $htmlfile;

9
t/51_badssl.com.t
View File

@ -6,6 +6,7 @@ use Data::Dumper;
use JSON; use JSON;
my $tests = 0; my $tests = 0;
my $prg="./testssl.sh";
my ( my (
$out, $out,
@ -14,14 +15,14 @@ my (
); );
# OK # OK
pass("Running testssl.sh against badssl.com to create a baseline (may take 2~3 minutes)"); $tests++; pass("Running testssl.sh against badssl.com to create a baseline (may take 2~3 minutes)"); $tests++;
my $okout = `./testssl.sh -S -e --freak --logjam --drown --rc4 --sweet32 --breach --winshock --crime --jsonfile tmp.json --color 0 badssl.com`; my $okout = `$prg -S -e --freak --logjam --drown --rc4 --sweet32 --breach --winshock --crime --jsonfile tmp.json --color 0 badssl.com`;
my $okjson = json('tmp.json'); my $okjson = json('tmp.json');
unlink 'tmp.json'; unlink 'tmp.json';
cmp_ok(@$okjson,'>',10,"We should have more then 10 findings"); $tests++; cmp_ok(@$okjson,'>',10,"We should have more then 10 findings"); $tests++;
# Expiration # Expiration
pass("Running testssl against expired.badssl.com"); $tests++; pass("Running testssl against expired.badssl.com"); $tests++;
$out = `./testssl.sh -S --jsonfile tmp.json --color 0 expired.badssl.com`; $out = `$prg -S --jsonfile tmp.json --color 0 expired.badssl.com`;
like($out, qr/Chain of trust\s+NOT ok \(expired\)/,"The chain of trust should be expired"); $tests++; like($out, qr/Chain of trust\s+NOT ok \(expired\)/,"The chain of trust should be expired"); $tests++;
like($out, qr/Certificate Validity \(UTC\)\s+expired/,"The certificate should be expired"); $tests++; like($out, qr/Certificate Validity \(UTC\)\s+expired/,"The certificate should be expired"); $tests++;
$json = json('tmp.json'); $json = json('tmp.json');
@ -39,7 +40,7 @@ is($found,1,"We should have a finding for this in the JSON output"); $tests++;
# Self signed and not-expired # Self signed and not-expired
pass("Running testssl against self-signed.badssl.com"); $tests++; pass("Running testssl against self-signed.badssl.com"); $tests++;
$out = `./testssl.sh -S --jsonfile tmp.json --color 0 self-signed.badssl.com`; $out = `$prg -S --jsonfile tmp.json --color 0 self-signed.badssl.com`;
unlike($out, qr/Certificate Validity \(UTC\)s+expired/,"The certificate should not be expired"); $tests++; unlike($out, qr/Certificate Validity \(UTC\)s+expired/,"The certificate should not be expired"); $tests++;
$json = json('tmp.json'); $json = json('tmp.json');
unlink 'tmp.json'; unlink 'tmp.json';
@ -98,7 +99,7 @@ is($found,1,"We should have a finding for this in the JSON output"); $tests++;
# Incomplete chain # Incomplete chain
pass("Running testssl against incomplete-chain.badssl.com"); $tests++; pass("Running testssl against incomplete-chain.badssl.com"); $tests++;
$out = `./testssl.sh -S --jsonfile tmp.json --color 0 incomplete-chain.badssl.com`; $out = `$prg -S --jsonfile tmp.json --color 0 incomplete-chain.badssl.com`;
like($out, qr/Chain of trust.*?NOT ok\s+\(chain incomplete\)/,"Chain of trust should fail because of incomplete"); $tests++; like($out, qr/Chain of trust.*?NOT ok\s+\(chain incomplete\)/,"Chain of trust should fail because of incomplete"); $tests++;
$json = json('tmp.json'); $json = json('tmp.json');
unlink 'tmp.json'; unlink 'tmp.json';

3
t/baseline_data/default_testssl.csvfile
View File

@ -81,9 +81,10 @@
"cookie_count","testssl.sh/81.169.166.184","443","INFO","0 at '/'","","" "cookie_count","testssl.sh/81.169.166.184","443","INFO","0 at '/'","",""
"X-Frame-Options","testssl.sh/81.169.166.184","443","OK","DENY","","" "X-Frame-Options","testssl.sh/81.169.166.184","443","OK","DENY","",""
"X-Content-Type-Options","testssl.sh/81.169.166.184","443","OK","nosniff","","" "X-Content-Type-Options","testssl.sh/81.169.166.184","443","OK","nosniff","",""
"Content-Security-Policy","testssl.sh/81.169.166.184","443","OK","script-src 'unsafe-inline'; style-src 'unsafe-inline' 'self'; object-src 'self'; base-uri 'none'; form-action 'none'; img-src 'self' ; default-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests;","","" "Content-Security-Policy","testssl.sh/81.169.166.184","443","OK","script-src 'unsafe-inline'; style-src 'unsafe-inline' 'self'; object-src 'self'; base-uri 'none'; form-action 'none'; img-src 'self' ; default-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; form-action 'none'","",""
"Cross-Origin-Opener-Policy","testssl.sh/81.169.166.184","443","INFO","same-origin-allow-popups","","" "Cross-Origin-Opener-Policy","testssl.sh/81.169.166.184","443","INFO","same-origin-allow-popups","",""
"Cross-Origin-Resource-Policy","testssl.sh/81.169.166.184","443","INFO","same-site","","" "Cross-Origin-Resource-Policy","testssl.sh/81.169.166.184","443","INFO","same-site","",""
"Cross-Origin-Embedder-Policy","testssl.sh/81.169.166.184","443","INFO","require-corp","",""
"banner_reverseproxy","testssl.sh/81.169.166.184","443","INFO","--","","CWE-200" "banner_reverseproxy","testssl.sh/81.169.166.184","443","INFO","--","","CWE-200"
"heartbleed","testssl.sh/81.169.166.184","443","OK","not vulnerable, no heartbeat extension","CVE-2014-0160","CWE-119" "heartbleed","testssl.sh/81.169.166.184","443","OK","not vulnerable, no heartbeat extension","CVE-2014-0160","CWE-119"
"CCS","testssl.sh/81.169.166.184","443","OK","not vulnerable","CVE-2014-0224","CWE-310" "CCS","testssl.sh/81.169.166.184","443","OK","not vulnerable","CVE-2014-0224","CWE-310"