diff --git a/t/00_testssl_help.t b/t/00_testssl_help.t index 99ae17cde..c38ec69e9 100755 --- a/t/00_testssl_help.t +++ b/t/00_testssl_help.t @@ -13,7 +13,7 @@ my $out=""; # Try to detect remainders from debugging: my $debug_regexp='^(\s)*set (-|\+)x'; -# Blacklists we use to trigger an error: +# Patterns used to trigger an error: my $error_regexp1='(syntax|parse) (e|E)rror'; my $error_regexp2='testssl.sh: line'; my $error_regexp3='bash: warning'; diff --git a/t/01_testssl_banner.t b/t/01_testssl_banner.t index 410bca56d..4566655df 100755 --- a/t/01_testssl_banner.t +++ b/t/01_testssl_banner.t @@ -8,7 +8,7 @@ use Test::More; my $tests = 0; my $fileout=""; -# Blacklists we use to trigger an error: +# Patterns used to trigger an error: my $error_regexp1='(syntax|parse) (e|E)rror'; my $error_regexp2='testssl.sh: line'; my $error_regexp3='bash: warning'; diff --git a/t/02_clientsim_txt_parsable.t b/t/02_clientsim_txt_parsable.t index 597c92246..6885ef8e0 100755 --- a/t/02_clientsim_txt_parsable.t +++ b/t/02_clientsim_txt_parsable.t @@ -8,7 +8,7 @@ use Test::More; my $tests = 0; my $fileout=""; -# Blacklists we use to trigger an error: +# Patterns used to trigger an error: my $error_regexp1='(syntax|parse) (e|E)rror'; my $error_regexp2='client-simulation.txt:'; diff --git a/t/10_baseline_ipv4_http.t b/t/10_baseline_ipv4_http.t index 4dd38e805..57d40cfc3 100755 --- a/t/10_baseline_ipv4_http.t +++ b/t/10_baseline_ipv4_http.t @@ -1,8 +1,6 @@ #!/usr/bin/env perl -# baseline test for testssl, screen and JSON output - -# This is referred by the documentation. +# Baseline test for testssl, screen and JSON output # We could also inspect the JSON for any problems for # "id" : "scanProblem" @@ -15,13 +13,11 @@ use JSON; my $tests = 0; my $prg="./testssl.sh"; -my $tmp_json="tmp.json"; -my $check2run="-p -s -P --fs -S -h -U -q --ip=one --color 0 --jsonfile $tmp_json"; +my $json_file=""; +my $check2run="-p -s -P --fs -S -h -U -q --ip=one --color 0 --jsonfile"; my $uri="google.com"; -my $socket_out=""; -my $openssl_out=""; -my $socket_json=""; -my $openssl_json=""; +my $terminal_out=""; +my $json_string=""; #FIXME: Pattern we use to trigger an error, but likely we can skip that and instead we should?/could use the following?? # @args="$prg $check2run $uri >/dev/null"; # system("@args") == 0 @@ -29,6 +25,7 @@ my $openssl_json=""; my $socket_errors='(e|E)rror|FIXME|\.\/testssl\.sh: line |(f|F)atal|(c|C)ommand not found'; my $openssl_errors='(e|E)rror|FIXME|(f|F)atal|\.\/testssl\.sh: line |Oops|s_client connect problem|(c|C)ommand not found'; my $json_errors='(id".*:\s"scanProblem"|severity".*:\s"FATAL"|"Scan interrupted")'; +my $os="$^O"; # useful against "failed to flush stdout" messages STDOUT->autoflush(1); @@ -36,37 +33,69 @@ STDOUT->autoflush(1); die "Unable to open $prg" unless -f $prg; # Provide proper start conditions -unlink $tmp_json; +$json_file="tmp.json"; +unlink $json_file; # Title printf "\n%s\n", "Baseline unit test IPv4 against \"$uri\""; -$socket_out = `$prg $check2run $uri 2>&1`; -$socket_json = json($tmp_json); + + +# run the check +$terminal_out = `$prg $check2run $json_file $uri 2>&1`; +$json_string = json($json_file); + #1 -unlike($socket_out, qr/$socket_errors≈/, "via sockets, checking terminal output"); +unlike($terminal_out, qr/$socket_errors≈/, "via sockets, checking terminal output"); $tests++; #2 -unlike($socket_json, qr/$json_errors/, "via sockets checking JSON output"); +unlike($json_string, qr/$json_errors/, "via sockets checking JSON output"); $tests++; -unlink $tmp_json; - #3 -$openssl_out = `$prg --ssl-native $check2run $uri 2>&1`; -$openssl_json = json($tmp_json); -unlike($openssl_out, qr/$openssl_errors/, "via (builtin) OpenSSL, checking terminal output"); +if ( $os eq "linux" ){ + unlink $json_file; + $terminal_out = `$prg --ssl-native $check2run $json_file $uri 2>&1`; + $json_string = json($json_file); + unlike($terminal_out, qr/$openssl_errors/, "via (builtin) OpenSSL, checking terminal output"); +} elsif ( $os eq "darwin" ){ + printf "%s\n", "Skipping test. The result of the check under MacOS is not understood" ; +} $tests++; #4 -unlike($openssl_json, qr/$json_errors/, "via OpenSSL (builtin) checking JSON output"); +unlike($json_string, qr/$json_errors/, "via OpenSSL (builtin) checking JSON output"); $tests++; -unlink $tmp_json; +#5 -- early data test. We just take the last check +my $found=0; +open my $fh, '<', $json_file or die "Can't open '$json_file': $!"; +local $/; # undef slurp mode +my $data = decode_json(<$fh>); +close $fh; + +# Check if the decoded data is an array +if (ref $data eq 'ARRAY') { + # Iterate through the array of JSON objects + foreach my $obj (@$data) { + # Check if the 'id' is "early_data" and 'severity' is "HIGH" + if ($obj->{id} eq 'early_data' && $obj->{severity} eq 'HIGH') { + $found=1; + last; # we can leave the loop + } + } +} + +if ($found) { + ok(1, "0‑RTT found in JSON from $uri"); +} else { + fail("0‑RTT test for $uri failed"); +} +$tests++; done_testing($tests); -printf "\n"; +printf "\n\n"; sub json($) { @@ -76,6 +105,5 @@ sub json($) { return from_json($file); } - # vim:ts=5:sw=5:expandtab diff --git a/t/11_baseline_ipv6_http.t.DISABLED b/t/11_baseline_ipv6_http.t.DISABLED index 028cbea98..9e1e97168 100755 --- a/t/11_baseline_ipv6_http.t.DISABLED +++ b/t/11_baseline_ipv6_http.t.DISABLED @@ -1,6 +1,6 @@ #!/usr/bin/env perl -# disabled as IPv6 wasn't supported by Travis CI and isn't by GH action, see https://github.com/testssl/testssl.sh/issues/1177 +# disabled as IPv6 wasn't supported by Travis CI and isn't also supported by GH action, see https://github.com/testssl/testssl.sh/issues/1177 # Just a functional test, whether there are any problems on the client side # Probably we could also inspect the JSON for any problems for @@ -10,8 +10,8 @@ use strict; use Test::More; use Data::Dumper; +# if JSON it'll be needed to uncommented this and the lines below # use JSON; -# if we need JSON we need to comment this and the lines below in my $tests = 0; my $prg="./testssl.sh"; @@ -19,7 +19,7 @@ my $check2run ="-p -s -P --fs -S -h -U -q --ip=one --color 0"; my $uri=""; my $socket_out=""; my $openssl_out=""; -# Blacklists we use to trigger an error: +# Patterns used to trigger an error: my $socket_regex_bl='(e|E)rror|\.\/testssl\.sh: line |(f|F)atal|(c|C)ommand not found'; my $openssl_regex_bl='(e|E)rror|(f|F)atal|\.\/testssl\.sh: line |Oops|s_client connect problem|(c|C)ommand not found'; diff --git a/t/12_diff_opensslversions.t b/t/12_diff_opensslversions.t index b848dc00f..74a1b9548 100755 --- a/t/12_diff_opensslversions.t +++ b/t/12_diff_opensslversions.t @@ -21,7 +21,7 @@ my $diff=""; my $distro_openssl="/usr/bin/openssl"; my @args=""; # that can be done better but I am a perl n00b ;-) -my $os=`perl -e 'print "$^O";'`; +my $os="$^O"; # useful against "failed to flush stdout" messages STDOUT->autoflush(1); diff --git a/t/21_baseline_starttls.t b/t/21_baseline_starttls.t index ad50f90b5..0946a529e 100755 --- a/t/21_baseline_starttls.t +++ b/t/21_baseline_starttls.t @@ -22,9 +22,11 @@ my $check2run="-q --ip=one --color 0"; my $uri=""; my $socket_out=""; my $openssl_out=""; -# Blacklists we use to trigger an error: +# Patterns used to trigger an error: my $socket_regex_bl='(e|E)rror|\.\/testssl\.sh: line |(f|F)atal|(c|C)ommand not found'; my $openssl_regex_bl='(e|E)rror|(f|F)atal|\.\/testssl\.sh: line |Oops|s_client connect problem|(c|C)ommand not found'; +my $openssl_fallback_cmd=""; # empty for Linux +my $os="$^O"; # useful against "failed to flush stdout" messages STDOUT->autoflush(1); @@ -36,10 +38,26 @@ STDOUT->autoflush(1); die "Unable to open $prg" unless -f $prg; -$uri="smtp-relay.gmail.com:587"; +if ( $os eq "darwin" ){ + # MacOS silicon doesn't have ~/bin/openssl.Darwin.arm64 binary so we use the + # homebrew version which was moved to /opt/homebrew/bin/openssl.NOPE in + # .github/workflows/unit_tests_macos.yml . The LibreSSL version from MacOS + # sometimes have problems to finish the run, thus we use homebrew's version + # as fallback. + # If this will be run outside GH actions, i.e. locally, we provide a fallback to + # /opt/homebrew/bin/openssl or just leave this thing + if ( -x "/opt/homebrew/bin/openssl.NOPE" ) { + $openssl_fallback_cmd="--openssl /opt/homebrew/bin/openssl.NOPE"; + } + elsif ( -x "/opt/homebrew/bin/openssl" ) { + $openssl_fallback_cmd="--openssl /opt/homebrew/bin/openssl"; + } +} +$check2run_smtp="$check2run_smtp $openssl_fallback_cmd" ; #1 +$uri="smtp-relay.gmail.com:587"; # unlink "tmp.json"; # we will have client simulations later, so we don't need to run everything again: printf "\n%s\n", "STARTTLS SMTP unit test via sockets --> $uri ..."; @@ -49,16 +67,7 @@ unlike($socket_out, qr/$socket_regex_bl/, ""); $tests++; #2 -# unlink "tmp.json"; -printf "\n%s\n", "STARTTLS SMTP unit tests via OpenSSL --> $uri ..."; -$openssl_out = `$prg --ssl-native $check2run_smtp -t smtp $uri 2>&1`; -# $openssl_json = json('tmp.json'); -unlike($openssl_out, qr/$openssl_regex_bl/, ""); -$tests++; - $uri="pop.gmx.net:110"; - -#3 # unlink "tmp.json"; printf "\n%s\n", "STARTTLS POP3 unit tests via sockets --> $uri ..."; $socket_out = `$prg $check2run -t pop3 $uri 2>&1`; @@ -66,16 +75,8 @@ $socket_out = `$prg $check2run -t pop3 $uri 2>&1`; unlike($socket_out, qr/$socket_regex_bl/, ""); $tests++; -#4 -printf "\n%s\n", "STARTTLS POP3 unit tests via OpenSSL --> $uri ..."; -$openssl_out = `$prg --ssl-native $check2run -t pop3 $uri 2>&1`; -# $openssl_json = json('tmp.json'); -unlike($openssl_out, qr/$openssl_regex_bl/, ""); -$tests++; - +#3 $uri="imap.gmx.net:143"; - -#5 # unlink "tmp.json"; printf "\n%s\n", "STARTTLS IMAP unit tests via sockets --> $uri ..."; $socket_out = `$prg $check2run -t imap $uri 2>&1`; @@ -83,16 +84,8 @@ $socket_out = `$prg $check2run -t imap $uri 2>&1`; unlike($socket_out, qr/$socket_regex_bl/, ""); $tests++; -#6 -printf "\n%s\n", "STARTTLS IMAP unit tests via OpenSSL --> $uri ..."; -$openssl_out = `$prg --ssl-native $check2run -t imap $uri 2>&1`; -# $openssl_json = json('tmp.json'); -unlike($openssl_out, qr/$openssl_regex_bl/, ""); -$tests++; - +#4 $uri="mail.tigertech.net:4190"; - -#7 # unlink "tmp.json"; printf "\n%s\n", "STARTTLS MANAGE(SIEVE) unit tests via sockets --> $uri ..."; $socket_out = `$prg $check2run -t sieve $uri 2>&1`; @@ -100,9 +93,8 @@ $socket_out = `$prg $check2run -t sieve $uri 2>&1`; unlike($openssl_out, qr/$openssl_regex_bl/, ""); $tests++; +#5 $uri="jabber.org:5222"; - -#8 # unlink "tmp.json"; printf "\n%s\n", "STARTTLS XMPP unit tests via sockets --> $uri ..."; $socket_out = `$prg $check2run -t xmpp $uri 2>&1`; @@ -112,12 +104,6 @@ $tests++; # commented out, bc of travis' limits # -#printf "\n%s\n", "STARTTLS XMPP unit tests via OpenSSL --> $uri ..."; -#$openssl_out = `$prg --ssl-native $check2run -t xmpp $uri 2>&1`; -# $openssl_json = json('tmp.json'); -#unlike($openssl_out, qr/$openssl_regex_bl/, ""); -#$tests++; - # $uri="jabber.ccc.de:5269"; # printf "\n%s\n", "Quick STARTTLS XMPP S2S unit tests via sockets --> $uri ..."; # $openssl_out = `$prg --openssl=/usr/bin/openssl -p $check2run -t xmpp-server $uri 2>&1`; @@ -125,10 +111,8 @@ $tests++; # unlike($openssl_out, qr/$openssl_regex_bl/, ""); # $tests++; - +#6 $uri="ldap.uni-rostock.de:21"; - -#9 # unlink "tmp.json"; printf "\n%s\n", "STARTTLS FTP unit tests via sockets --> $uri ..."; $socket_out = `$prg $check2run -t ftp $uri 2>&1`; @@ -138,35 +122,15 @@ $socket_out =~ s/ error querying OCSP responder .*\n//g; unlike($socket_out, qr/$socket_regex_bl/, ""); $tests++; -# commented out, bc of travis' limits -# -# printf "\n%s\n", "STARTTLS FTP unit tests via OpenSSL --> $uri ..."; -# $openssl_out = `$prg --ssl-native $check2run -t ftp $uri 2>&1`; -# $openssl_json = json('tmp.json'); -# OCSP stapling fails sometimes with: 'offered, error querying OCSP responder (ERROR: No Status found)' -# $openssl_out =~ s/ error querying OCSP responder .*\n//g; -# unlike($openssl_out, qr/$openssl_regex_bl/, ""); -# $tests++; - - +#7 # https://ldapwiki.com/wiki/Public%20LDAP%20Servers $uri="db.debian.org:389"; - -#10 printf "\n%s\n", "STARTTLS LDAP unit tests via sockets --> $uri ..."; $socket_out = `$prg $check2run -t ldap $uri 2>&1`; # $socket_json = json('tmp.json'); unlike($socket_out, qr/$socket_regex_bl/, ""); $tests++; -#11 -printf "\n%s\n", "STARTTLS LDAP unit tests via OpenSSL --> $uri ..."; -$openssl_out = `$prg --ssl-native $check2run -t ldap $uri 2>&1`; -# $openssl_json = json('tmp.json'); -unlike($openssl_out, qr/$openssl_regex_bl/, ""); -$tests++; - - # For NNTP there doesn't seem to be reliable host out there #$uri="144.76.182.167:119"; @@ -174,14 +138,7 @@ $tests++; #$socket_out = `$prg $check2run -t nntp $uri 2>&1`; #unlike($socket_out, qr/$socket_regex_bl/, ""); #$tests++; - -# commented out, bc of travis' limits -# -#printf "\n%s\n", "STARTTLS NNTP unit tests via OpenSSL --> $uri ..."; -#$openssl_out = `$prg --ssl-native $check2run -t nntp $uri 2>&1`; -# $openssl_json = json('tmp.json'); -#unlike($openssl_out, qr/$openssl_regex_bl/, ""); -#$tests++; +# also: commented out, bc of travis' limits # IRC: missing # LTMP, mysql, postgres diff --git a/t/23_client_simulation.t b/t/23_client_simulation.t index ff2b34b91..107efcd26 100755 --- a/t/23_client_simulation.t +++ b/t/23_client_simulation.t @@ -1,15 +1,16 @@ #!/usr/bin/env perl # Just a functional test, whether there are any problems on the client side -# Probably we could also inspect the JSON for any problems for + +# We could also inspect the JSON for any problems for # "id" : "scanProblem" # "finding" : "Scan interrupted" use strict; use Test::More; use Data::Dumper; +# if needed: comment this and the lines below in: # use JSON; -# if we need JSON we need to comment this and the lines below in my $tests = 0; my $prg="./testssl.sh"; @@ -17,7 +18,7 @@ my $check2run ="--client-simulation -q --ip=one --color 0"; my $uri=""; my $socket_out=""; my $openssl_out=""; -# Blacklists we use to trigger an error: +# Pattern we use to trigger an error: my $socket_regex_bl='(e|E)rror|\.\/testssl\.sh: line |(f|F)atal|(c|C)ommand not found'; my $openssl_regex_bl='(e|E)rror|(f|F)atal|\.\/testssl\.sh: line |Oops|s_client connect problem|(c|C)ommand not found'; @@ -30,8 +31,8 @@ STDOUT->autoflush(1); die "Unable to open $prg" unless -f $prg; +#1 $uri="google.com"; - # unlink "tmp.json"; printf "\n%s\n", "Client simulations unit test via sockets --> $uri ..."; $socket_out = `$prg $check2run $uri 2>&1`; @@ -39,6 +40,7 @@ $socket_out = `$prg $check2run $uri 2>&1`; unlike($socket_out, qr/$socket_regex_bl/, ""); $tests++; +#2 Makes little sense anymore but lets just keep this unit test # unlink "tmp.json"; printf "\n%s\n", "Client simulations unit test via OpenSSL --> $uri ..."; $openssl_out = `$prg $check2run --ssl-native $uri 2>&1`; @@ -47,8 +49,8 @@ unlike($openssl_out, qr/$openssl_regex_bl/, ""); $tests++; +#3 $uri="smtp-relay.gmail.com:587"; - # unlink "tmp.json"; printf "\n%s\n", "STARTTLS: Client simulations unit test via sockets --> $uri ..."; $socket_out = `$prg $check2run -t smtp $uri 2>&1`; @@ -56,18 +58,10 @@ $socket_out = `$prg $check2run -t smtp $uri 2>&1`; unlike($socket_out, qr/$socket_regex_bl/, ""); $tests++; -# commented out, bc of travis' limits -# # unlink "tmp.json"; -#printf "\n%s\n", "STARTTLS: Client simulations unit test via OpenSSL --> $uri ..."; -#$openssl_out = `$prg --ssl-native $check2run -t smtp $uri 2>&1`; -## $openssl_json = json('tmp.json'); -#unlike($openssl_out, qr/$openssl_regex_bl/, ""); -#$tests++; done_testing($tests); -unlink "tmp.json"; - +printf "\n"; sub json($) { @@ -78,5 +72,5 @@ sub json($) { } -# vim:ts=5:sw=5:expandtab +# vim:ts=5:sw=5:expandtab diff --git a/t/31_isJSON_valid.t b/t/31_isJSON_valid.t index 9becf16d9..27ad4b2d9 100755 --- a/t/31_isJSON_valid.t +++ b/t/31_isJSON_valid.t @@ -1,6 +1,6 @@ #!/usr/bin/env perl -# This is more a PoC. Improvements welcome! +# Checking whether both JSON outputs are valid # use strict; @@ -9,50 +9,55 @@ use JSON; my $tests = 0; my $prg="./testssl.sh"; -my $check2run ="--ip=one --ids-friendly -q --color 0"; -my $uri=""; my $json=""; +my $json_file=""; +my $check2run ="--ip=one --ids-friendly -q --color 0"; +my $uri="example.com"; # Cloudflare blocks too often my $out=""; my $cmd_timeout="--openssl-timeout=10"; -# Blacklists we use to trigger an error: + +# Patterns used to trigger an error: my $socket_regex_bl='(e|E)rror|\.\/testssl\.sh: line |(f|F)atal|(c|C)ommand not found'; my $openssl_regex_bl='(e|E)rror|(f|F)atal|\.\/testssl\.sh: line |Oops|s_client connect problem|(c|C)ommand not found'; -# that can be done better but I am a perl n00b ;-) -my $os=`perl -e 'print "$^O";'`; +my $os="$^O"; + +# useful against "failed to flush stdout" messages +STDOUT->autoflush(1); die "Unable to open $prg" unless -f $prg; -my $uri="cloudflare.com"; +# Provide proper start conditions +$json_file="tmp.json"; +unlink $json_file; +# Title printf "\n%s\n", "Unit testing JSON output ..."; -unlink 'tmp.json'; #1 printf "%s\n", ".. plain JSON --> $uri "; -$out = `$prg $check2run --jsonfile tmp.json $uri`; -$json = json('tmp.json'); -unlink 'tmp.json'; +$out = `$prg $check2run --jsonfile $json_file $uri`; +$json = json($json_file); +unlink $json_file; my @errors=eval { decode_json($json) }; is(@errors,0,"no errors"); $tests++; - #2 printf "%s\n", ".. pretty JSON --> $uri "; -$out = `$prg $check2run --jsonfile-pretty tmp.json $uri`; -$json = json('tmp.json'); -unlink 'tmp.json'; +$out = `$prg $check2run --jsonfile-pretty $json_file $uri`; +$json = json($json_file); +unlink $json_file; @errors=eval { decode_json($json) }; is(@errors,0,"no errors"); $tests++; #3 -my $uri = "smtp-relay.gmail.com:587"; +$uri = "smtp-relay.gmail.com:587"; printf "%s\n", " .. plain JSON and STARTTLS --> $uri ..."; -$out = `$prg --jsonfile tmp.json $check2run -t smtp $uri`; -$json = json('tmp.json'); -unlink 'tmp.json'; +$out = `$prg --jsonfile $json_file $check2run -t smtp $uri`; +$json = json($json_file); +unlink $json_file; @errors=eval { decode_json($json) }; is(@errors,0,"no errors"); $tests++; @@ -65,9 +70,9 @@ if ( $os eq "linux" ){ # This testssl.sh run deliberately does NOT work as github actions block port 25 egress. # but the output should be fine. The idea is to have a unit test for a failed connection. printf "%s\n", ".. plain JSON for a failed run: '--mx $uri' ..."; - $out = `$prg --ssl-native --openssl-timeout=10 $check2run --jsonfile tmp.json --mx $uri`; - $json = json('tmp.json'); - unlink 'tmp.json'; + $out = `$prg --ssl-native --openssl-timeout=10 $check2run --jsonfile $json_file --mx $uri`; + $json = json($json_file); + unlink $json_file; @errors=eval { decode_json($json) }; is(@errors,0,"no errors"); $tests++; @@ -75,9 +80,9 @@ if ( $os eq "linux" ){ #5 # Same as above but with pretty JSON printf "%s\n", ".. pretty JSON for a failed run '--mx $uri' ..."; - $out = `$prg --ssl-native --openssl-timeout=10 $check2run --jsonfile-pretty tmp.json --mx $uri`; - $json = json('tmp.json'); - unlink 'tmp.json'; + $out = `$prg --ssl-native --openssl-timeout=10 $check2run --jsonfile-pretty $json_file --mx $uri`; + $json = json($json_file); + unlink $json_file; @errors=eval { decode_json($json) }; is(@errors,0,"no errors"); $tests++; @@ -86,15 +91,16 @@ if ( $os eq "linux" ){ printf "skipped two checks on MacOS\n\n"; } -printf "\n"; done_testing($tests); +printf "\n\n"; sub json($) { my $file = shift; $file = `cat $file`; + unlink $file; return from_json($file); } -# vim:ts=5:sw=5:expandtab +# vim:ts=5:sw=5:expandtab diff --git a/t/32_isHTML_valid.t b/t/32_isHTML_valid.t index 81852643f..39ea276d5 100755 --- a/t/32_isHTML_valid.t +++ b/t/32_isHTML_valid.t @@ -10,30 +10,38 @@ use Text::Diff; my $tests = 0; my $prg="./testssl.sh"; +my $html=""; +my $html_file=""; +my $check2run="--ip=one -4 --openssl /usr/bin/openssl --sneaky --ids-friendly --color 0 --htmlfile"; my $uri="github.com"; my $out=""; -my $html=""; my $debughtml=""; my $edited_html=""; -my $htmlfile="tmp.html"; # Pick /usr/bin/openssl as we want to avoid the debug messages like "Your ./bin/openssl.Linux.x86_64 doesn't support X25519" -my $check2run="--ip=one -4 --openssl /usr/bin/openssl --sneaky --ids-friendly --color 0 --htmlfile $htmlfile"; my $diff=""; my $ip=""; + +# useful against "failed to flush stdout" messages +STDOUT->autoflush(1); + die "Unable to open $prg" unless -f $prg; -printf "\n%s\n", "Doing HTML output checks"; -unlink $htmlfile; +# Provide proper start conditions +$html_file="tmp.html"; +unlink $html_file; + +# Title +printf "\n%s\n", "Unit testing HTML output ..."; #1 printf "%s\n", " .. running $prg against \"$uri\" to create HTML and terminal outputs (may take ~2 minutes)"; # specify a TERM_WIDTH so that the two calls to testssl.sh don't create HTML files with different values of TERM_WIDTH -$out = `TERM_WIDTH=120 $prg $check2run $uri`; -$html = `cat $htmlfile`; +$out = `TERM_WIDTH=120 $prg $check2run $html_file $uri`; +$html = `cat $html_file`; # $edited_html will contain the HTML with formatting information removed in order to compare against terminal output # Start by removing the HTML header. -$edited_html = `tail -n +11 $htmlfile`; -unlink $htmlfile; +$edited_html = `tail -n +11 $html_file`; +unlink $html_file; # Remove the HTML footer $edited_html =~ s/\n\<\/pre\>\n\<\/body\>\n\<\/html\>//; @@ -66,9 +74,9 @@ if ( $^O eq "darwin" ){ #2 printf "%s\n", " .. running again $prg against \"$uri\", now with --debug 4 to create HTML output (may take another ~2 minutes)"; # Redirect stderr to /dev/null in order to avoid some unexplained "date: invalid date" error messages -$out = `TERM_WIDTH=120 $prg $check2run --debug 4 $uri 2>/dev/null`; -$debughtml = `cat $htmlfile`; -unlink $htmlfile; +$out = `TERM_WIDTH=120 $prg $check2run $html_file --debug 4 $uri 2>/dev/null`; +$debughtml = `cat $html_file`; +unlink $html_file; # Remove date information from the Start and Done banners in the two HTML files, since they were created at different times $html =~ s/Start 2[0-9][0-9][0-9]-[0-3][0-9]-[0-3][0-9] [0-2][0-9]:[0-5][0-9]:[0-5][0-9]/Start XXXX-XX-XX XX:XX:XX/; @@ -108,10 +116,9 @@ ok($debughtml eq $html, "Checking if HTML file created with --debug 4 matches HT diag ("\n%s\n", "$diff"); $tests++; - -printf "\n\n"; done_testing($tests); +printf "\n\n"; -# vim:ts=5:sw=5:expandtab +# vim:ts=5:sw=5:expandtab diff --git a/t/33_isJSON_severitylevel_valid.t b/t/33_isJSON_severitylevel_valid.t index d669e345f..a6815072b 100755 --- a/t/33_isJSON_severitylevel_valid.t +++ b/t/33_isJSON_severitylevel_valid.t @@ -5,30 +5,39 @@ use Test::More; use Data::Dumper; use JSON; -my ( - $out, - $json, - $json_pretty, - $found, - $tests -); +my $tests = 0; + -$tests = 0; my $prg="./testssl.sh"; +my $json=""; +my $json_file=""; my $check2run = '-S --beast --sweet32 --breach --beast --lucky13 --rc4 --severity LOW --color 0'; my $uri = 'badssl.com'; +my $out=""; +my $json_pretty=""; +my $found=1; + + -printf "\n%s\n", "Doing severity level checks"; + +# useful against "failed to flush stdout" messages +STDOUT->autoflush(1); die "Unable to open $prg" unless -f $prg; -unlink 'tmp.json'; + +# Provide proper start conditions +$json_file="tmp.json"; +unlink $json_file; + +# Title +printf "\n%s\n", "Doing severity level checks"; #1 pass(" .. running testssl.sh against $uri to create a JSON report with severity level >= LOW (may take 2~3 minutes)"); $tests++; -$out = `$prg $check2run --jsonfile tmp.json $uri`; -$json = json('tmp.json'); -unlink 'tmp.json'; +$out = `$prg $check2run --jsonfile $json_file $uri`; +$json = json($json_file); +unlink $json_file; $found = 0; cmp_ok(@$json,'>',0,"At least 1 finding is expected"); $tests++; foreach my $f ( @$json ) { @@ -41,9 +50,9 @@ is($found,0,"We should not have any finding with INFO level"); $tests++; #2 pass(" .. running testssl.sh against $uri to create a JSON-PRETTY report with severity level >= LOW (may take 2~3 minutes)"); $tests++; -$out = `$prg $check2run --jsonfile-pretty tmp.json $uri`; -$json_pretty = json('tmp.json'); -unlink 'tmp.json'; +$out = `$prg $check2run --jsonfile-pretty $json_file $uri`; +$json_pretty = json($json_file); +unlink $json_file; $found = 0; my $vulnerabilities = $json_pretty->{scanResult}->[0]->{vulnerabilities}; foreach my $f ( @$vulnerabilities ) { @@ -54,8 +63,8 @@ foreach my $f ( @$vulnerabilities ) { } is($found,0,"We should not have any finding with INFO level"); $tests++; -printf "\n"; done_testing($tests); +printf "\n\n"; sub json($) { my $file = shift; @@ -65,5 +74,5 @@ sub json($) { } -# vim:ts=5:sw=5:expandtab +# vim:ts=5:sw=5:expandtab diff --git a/t/51_badssl.com.t b/t/51_badssl.com.t index e215e3471..88c59febe 100755 --- a/t/51_badssl.com.t +++ b/t/51_badssl.com.t @@ -20,6 +20,9 @@ my ( die "Unable to open $prg" unless -f $prg; +# useful against "failed to flush stdout" messages +STDOUT->autoflush(1); + # Provide proper start conditions unlink 'tmp.json'; diff --git a/t/61_diff_testsslsh.t b/t/61_diff_testsslsh.t index 27f683a73..5e813ebf5 100755 --- a/t/61_diff_testsslsh.t +++ b/t/61_diff_testsslsh.t @@ -3,7 +3,7 @@ # Baseline diff test against testssl.sh (csv output) # # We don't use a full run yet and only the certificate section. -# There we would need to blacklist more, like: +# There we would need to block-list more, like: # cert_serialNumber, cert_fingerprintSHA1, cert_fingerprintSHA256, cert # cert_expirationStatus, cert_notBefore, cert_notAfter, cert_caIssuers, intermediate_cert # diff --git a/testssl.sh b/testssl.sh index 6de980243..20bf60c19 100755 --- a/testssl.sh +++ b/testssl.sh @@ -1971,8 +1971,9 @@ http_head_printf() { safe_echo "HEAD ${path} HTTP/1.1\r\nUser-Agent: ${useragent}\r\nHost: ${node}\r\nAccept: */*\r\n${extra_header}\r\n\r\n" >&33 2>$errfile ret=0 touch $tmpfile - # This doesn't block - while IFS= read -r line <&33; do + # This doesn't block. A timeout seems necessary for MacOS 18 and e.g. Akamai + # but maybe it's due because the server side keeps the connection open + while IFS= read -t 4 -r line <&33; do safe_echo "$line" >>$tmpfile done cat $tmpfile