1
0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-02-24 08:31:16 +01:00
Commit Graph

4324 Commits

Author SHA1 Message Date
Brennan Kinney
6af0a801ec chore: Bring back ZYPPER_OPTIONS 2023-03-22 22:56:59 +13:00
Brennan Kinney
1212ad8e59 refactor: Support syntax without BuildKit features
These have been available via opt-in prior to v23 of Docker Engine with `DOCKER_BUILDKIT=1` ENV as a prefix to running `docker build`, however it's been requested to avoid the syntax.

No HereDoc (multi-line RUN with EOF marker) or `RUN --mount` available. This makes the `busybox` approach a hassle, so I've brought back the explicit creation of user and home dir.

Without the cache mounts, bring back `zypper clean`. It's not doing much as the `--cache-dir` is still set, but should reduce disk space for the `builder` layer. Local builds will be slower as a result when this layer is invalidated.

AFAIK, this also makes it tricky to use the `ZYPPER_OPTIONS`? So no longer DRY.
2023-03-22 22:16:28 +13:00
Brennan Kinney
718eb3461c chore: Revise Dockerfile
- Removing bulk of the noise from inline documentation.
- Packages bundled into single line like previous the Alpine version had.
- `CACHE_ZYPPER` is only used as an `ARG` in the `builder` stage.
- `zypper clean` wasn't able to clear anything from the install root, other than the `CACHE_ZYPPER` mount.
2023-03-22 21:31:34 +13:00
Brennan Kinney
0b86094ab9 fix: WORKDIR before adduser avoids surprises
The additions from `adduser` reading `/etc` does not appear to apply if the directory already exists, and permissions (including SGID) are adjusted properly for the home dir.

This mean the excess backup copies in `/etc` are introduced again however.
2023-03-22 21:19:05 +13:00
Brennan Kinney
48c180d0d8 fix: Manually create testssl user and home
BusyBox `adduser` was reading config from `/etc` that unnecessarily populates the home folder with various dot files.

Alternative approach is to create the user and home folder manually. This avoids some extra files like the `-` suffixed backup copies from `adduser`.
2023-03-22 21:19:05 +13:00
Brennan Kinney
1392987f01 refactor: Change base image from alpine:3.17 to opensuse/leap:15.4 2023-03-22 21:19:05 +13:00
Dirk Wetter
cb451777d2
Merge pull request from drwetter/CAstores_update
CA astores update
2023-03-18 20:19:03 +01:00
Dirk Wetter
aac696b0a0 Updated root CA stores 2023-03-17 18:06:57 +01:00
Dirk Wetter
6106887fdd Update DST CA 2023-03-17 18:06:03 +01:00
Dirk Wetter
419aae3c98 updates docu to reflekt actual status 2023-03-17 18:05:24 +01:00
Dirk Wetter
2659a13086
Merge pull request from drwetter/drwetter-patch-4
Update codespell.yml
2023-03-12 18:12:29 +01:00
Dirk Wetter
6cea273a68
Update codespell.yml
add exception for aNULL which should work now
2023-03-12 17:55:10 +01:00
Dirk Wetter
b84e182ca2
Merge pull request from drwetter/sanitize_fileout
Make sure control chars from HTTP header don't end up in html,csv,json
2023-03-12 16:18:20 +01:00
Dirk Wetter
83f67b4fb7
Merge pull request from drwetter/drwetter-patch-4
Update .gitignore
2023-03-12 16:00:11 +01:00
Dirk Wetter
8643ed4c72
Update .gitignore 2023-03-12 15:57:01 +01:00
Dirk Wetter
cacd8c57b1 Add variable htmlfile + filter GOST message
... which is needed for newer LibreSSL/OpenSSL versions
2023-03-12 15:09:24 +01:00
Dirk Wetter
2e33c483dd remove comma in tr as it was interpreted as such 2023-03-12 14:52:11 +01:00
Dirk Wetter
fab67d0cca Remove CR in server banner
... which caused a problem in t/32_isHTML_valid.t.

Also the test for an empty server banner was simplified
2023-03-12 14:00:55 +01:00
Dirk Wetter
d298b41d2c add aNULL exception to codespell 2023-03-11 14:06:47 +01:00
Dirk Wetter
06506b371e Make sure control chars from HTTP header don't end up in html,csv,json
This addresses the bug  by implementing a function which removes
control characters from the file output format html,csv,json at the
output.

In every instance called there's a check before whether the string
contains control chars, hoping it'll save a few milli seconds.

A tr function is used, omitting LF.

It doesn't filter the terminal output and the log file output.
2023-03-11 13:38:28 +01:00
Dirk Wetter
88763f47a8
Merge pull request from drwetter/fix_mime-type
Fix Accept Header
2023-02-20 20:29:14 +01:00
Dirk
a14fc5bdcf Fix Accept header
see .

"whenever HTTP/1.1 is used then the Accept header uses "text/*" as a MIME type.
This causes some minor issues with some of the checks we are doing"
2023-02-20 15:01:40 +01:00
Dirk Wetter
e57527f3ec
Merge pull request from drwetter/align_json+terminal@run_cipherlists
Rename 3 jsonIDs in run_cipherlists(): breaking change
2023-02-08 17:07:42 +01:00
Dirk Wetter
8260ca16e2
Merge pull request from polarathene/chore/dockerfile-improved-copy
chore: Use a single `COPY` by better leveraging `.dockerignore` patterns
2023-02-07 12:23:04 +01:00
Dirk Wetter
363c0d0a69
Merge pull request from drwetter/drwetter-patch-4
Remove mkdir in Dockerfile
2023-02-07 10:29:08 +01:00
Dirk Wetter
f914423978
Remove mkdir in Dockerfile
see https://github.com/drwetter/testssl.sh/pull/2312#pullrequestreview-1286620850
2023-02-07 10:28:26 +01:00
Brennan Kinney
81634ce13d
chore: Bring back group value for COPY --chown 2023-02-07 21:36:47 +13:00
Dirk Wetter
1ee21b7f22
Merge pull request from polarathene/chore/dockerfile-simplify-user
chore(Dockerfile): Simplify `testssl` user creation
2023-02-07 09:03:23 +01:00
Dirk Wetter
64ae161218
Merge branch '3.1dev' into chore/dockerfile-simplify-user 2023-02-07 09:03:15 +01:00
Dirk Wetter
66ebfb2f58 Add changes to CSV baseline 2023-02-06 21:56:54 +01:00
Dirk Wetter
6f881dc70b Rename 3 jsonIDs in run_cipherlists(): breaking change
see  / 

AVERAGE --> OBSOLETED
GOOD    --> STRONG_NOFS
STRONG  --> STRONG_FS
2023-02-05 19:32:08 +01:00
Dirk Wetter
e87b745c93
Merge pull request from dcooper16/cipherlists_doc
Update documentation for cipherlists tests
2023-02-05 19:25:02 +01:00
Dirk Wetter
05b4cdcc0d
Merge pull request from dcooper16/fix_html
Fix HTML output in Bash 5.2 and newer
2023-02-04 09:22:03 +01:00
David Cooper
3d82f7cb21 Fix HTML output in Bash 5.2 and newer
As noted in , the way that the '&' character is treated in the string part of a pattern substitution changed in Bash 5.2. As a result, the change that was made in  to accommodate older versions of Bash (e.g., on MacOS) now causes testssl.sh to produce incorrect HTML output when run on Bash 5.2.

This commit encodes the '&' characters in the substitution strings in a way that produces correct results on multiple versions of Bash (3.2 on MacOS, 5.2 on Ubuntu 23.10, 5.0 on Ubuntu 20.04).
2023-02-03 14:18:02 -08:00
David Cooper
b661f7b8d3 Update documentation for cipherlists tests
The sets of cipher lists checked by `run_cipherslists()` changed in 3.1dev, but the documentation was not updated.
2023-02-03 11:24:04 -08:00
Dirk Wetter
70237b2328
Merge pull request from polarathene/chore/dockerfile-remove-mkdir
chore: Remove redundant `mkdir`
2023-02-03 19:54:51 +01:00
Dirk Wetter
6c2663aeb6
Merge pull request from SSLbrain/3.1dev
Feature Trustcor certificates being removed/disabled from root stores 
2023-02-02 13:55:07 +01:00
Brennan Kinney
76b8f0c981 chore: Remove redundant mkdir
- If local folder ownership is for example `644` it will fail to handle the `COPY` regardless (while `744` would work).
- Creating the directory with higher permissions in the container does not appear to help.
2023-02-02 14:26:16 +13:00
Sole
3670c1e4ad Removed non-relevant CA's that no longer have active certificates. 2023-02-02 01:13:00 +00:00
Brennan Kinney
dc7d13b853 chore(Dockerfile): Simplify testssl user creation
Create `testssl` user (_and group_) with no password (`-D`) and default their shell to bash (`-s`):
- A group will implicitly be created with the same value as the user. `addgroup testssl` and `-G testssl` are not needed.
- Gecos data (`-g "testssl user"`) doesn't appear relevant to the project to be required? The default gecos value (`Linux User,,,`) should be fine.
2023-02-02 14:07:51 +13:00
Sole
9fc8c33704 Change exception for removed root certificates into easy edit multi-value regular expression for Organization name and making it clear that CA's are actively removed from 1+ root stores. 2023-02-02 00:42:15 +00:00
Brennan Kinney
74892e45c5 chore: Use a single COPY by better leveraging .dockerignore patterns 2023-02-02 12:49:30 +13:00
Dirk Wetter
e02e8be19f
Merge pull request from drwetter/upgrade_alpine_perf-fix
Upgrade Alpine version for both Dockerfiles
2023-02-01 19:45:57 +01:00
Dirk Wetter
beb94d9efc Upgrade Alpine version for both Dockerfiles
... to improve/mitigate performance problems, see .
(musl libc vs. glibc)
2023-02-01 19:40:40 +01:00
Dirk Wetter
5a1a114adc
Merge pull request from drwetter/dependabot/github_actions/docker/build-push-action-4.0.0
Bump docker/build-push-action from 3.3.0 to 4.0.0
2023-01-31 09:37:28 +01:00
Dirk Wetter
0b5c414970
Merge pull request from drwetter/nntp_ci_remove
Remove NNTP from CI tests
2023-01-31 09:37:06 +01:00
Dirk Wetter
2e0898c9ef Remove NNTP from CI tests
Maybe for the future we should check whether host is available and
if so then run the test
2023-01-31 09:34:18 +01:00
dependabot[bot]
8ae8a6fc44
Bump docker/build-push-action from 3.3.0 to 4.0.0
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.3.0 to 4.0.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v3.3.0...v4.0.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-31 00:03:02 +00:00
Dirk Wetter
8099dc0106
Merge pull request from drwetter/ldap_starttls_improvements
Add logic for STARTTLS enabled AD servers
2023-01-17 14:27:01 +01:00
Dirk Wetter
fdd72d2785 Cleanup code, clarfy comments for AD/LDAP + STARTTLS 2023-01-17 14:23:53 +01:00