Skip to content

Commit 26e90d4

Browse files
drwetterdrwetter
committed
Remove underlined headline for each vulnerability
This PR removes this legacy feature. There's a single headline for vulnerabilties instead. Fixes #2943.
1 parent 3430bd9 commit 26e90d4

1 file changed

Lines changed: 1 addition & 35 deletions

File tree

testssl.sh

Lines changed: 1 addition & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -17299,7 +17299,6 @@ run_heartbleed(){
1729917299
local cwe="CWE-119"
1730017300
local hint=""
1730117301

17302-
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for heartbleed vulnerability " && outln
1730317302
pr_bold " Heartbleed"; out " ($cve) "
1730417303

1730517304
if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
@@ -17409,7 +17408,6 @@ run_ccs_injection(){
1740917408
local cwe="CWE-310"
1741017409
local hint=""
1741117410

17412-
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for CCS injection vulnerability " && outln
1741317411
pr_bold " CCS"; out " ($cve) "
1741417412

1741517413
if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
@@ -17605,7 +17603,6 @@ run_ticketbleed() {
1760517603
local hint=""
1760617604

1760717605
[[ -n "$STARTTLS" ]] && return 0
17608-
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for Ticketbleed vulnerability " && outln
1760917606
pr_bold " Ticketbleed"; out " ($cve), experiment. "
1761017607

1761117608
if [[ "$SERVICE" != HTTP ]] && [[ "$CLIENT_AUTH" != required ]]; then
@@ -17885,7 +17882,6 @@ run_opossum() {
1788517882
local response=""
1788617883

1788717884
[[ -n "$STARTTLS" ]] && return 0
17888-
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for Opossum vulnerability " && outln
1788917885
pr_bold " Opossum"; out " ($cve) "
1789017886

1789117887
# we're trying to connect also if ASSUME_HTTP is not set, there should be either one of following hints though
@@ -17948,8 +17944,6 @@ run_renego() {
1794817944

1794917945
"$HAS_TLS13" && [[ -z "$proto" ]] && proto="-no_tls1_3"
1795017946

17951-
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for Renegotiation vulnerabilities " && outln
17952-
1795317947
pr_bold " Secure Renegotiation (RFC 5746) "
1795417948
jsonID="secure_renego"
1795517949

@@ -18162,7 +18156,6 @@ run_crime() {
1816218156
#
1816318157
# https://blog.qualys.com/ssllabs/2012/09/14/crime-information-leakage-attack-against-ssltls
1816418158

18165-
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for CRIME vulnerability " && outln
1816618159
pr_bold " CRIME, TLS " ; out "($cve) "
1816718160
jsonID="CRIME_TLS"
1816818161

@@ -18315,7 +18308,6 @@ run_breach() {
1831518308

1831618309
[[ $SERVICE != HTTP ]] && [[ "$CLIENT_AUTH" != required ]] && return 7
1831718310

18318-
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for BREACH (HTTP compression) vulnerability " && outln
1831918311
pr_bold " BREACH"; out " ($cve) "
1832018312
if [[ "$CLIENT_AUTH" == required ]] && [[ -z "$MTLS" ]]; then
1832118313
prln_warning "not having provided client certificate and private key file, the client x509-based authentication prevents this from being tested"
@@ -18430,7 +18422,6 @@ run_sweet32() {
1843018422
local using_sockets=true
1843118423
local tls1_1_vulnerable=false
1843218424

18433-
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for SWEET32 (Birthday Attacks on 64-bit Block Ciphers) " && outln
1843418425
pr_bold " SWEET32"; out " (${cve// /, }) "
1843518426

1843618427
if "$TLS13_ONLY"; then
@@ -18561,7 +18552,6 @@ run_ssl_poodle() {
1856118552
local cwe="CWE-310"
1856218553
local jsonID="POODLE_SSL"
1856318554

18564-
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for SSLv3 POODLE (Padding Oracle On Downgraded Legacy Encryption) " && outln
1856518555
pr_bold " POODLE, SSL"; out " ($cve) "
1856618556

1856718557
if "$TLS13_ONLY" || [[ $(has_server_protocol ssl3) -eq 1 ]]; then
@@ -18647,7 +18637,6 @@ run_tls_fallback_scsv() {
1864718637

1864818638
"$SSL_NATIVE" && using_sockets=false
1864918639

18650-
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for TLS_FALLBACK_SCSV Protection " && outln
1865118640
pr_bold " TLS_FALLBACK_SCSV"; out " (RFC 7507) "
1865218641

1865318642
# First check we have support for TLS_FALLBACK_SCSV in our local OpenSSL
@@ -18907,7 +18896,6 @@ run_freak() {
1890718896
local hint=""
1890818897
local jsonID="FREAK"
1890918898

18910-
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for FREAK attack " && outln
1891118899
pr_bold " FREAK"; out " ($cve) "
1891218900

1891318901
if "$TLS13_ONLY"; then
@@ -19117,7 +19105,6 @@ run_logjam() {
1911719105
local jsonID="LOGJAM"
1911819106
local jsonID2="${jsonID}-common_primes"
1911919107

19120-
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for LOGJAM vulnerability " && outln
1912119108
pr_bold " LOGJAM"; out " ($cve), experimental "
1912219109

1912319110
"$SSL_NATIVE" && using_sockets=false
@@ -19286,11 +19273,6 @@ run_drown() {
1928619273
local jsonID="DROWN"
1928719274
local censys_host_url="https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE"
1928819275

19289-
if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
19290-
outln
19291-
pr_headlineln " Testing for DROWN vulnerability "
19292-
outln
19293-
fi
1929419276
# if we want to use OPENSSL: check for < openssl 1.0.2g, openssl 1.0.1s if native openssl
1929519277
pr_bold " DROWN"; out " (${cve// /, }) "
1929619278

@@ -19387,11 +19369,6 @@ run_beast(){
1938719369
local hint=""
1938819370
local jsonID="BEAST"
1938919371

19390-
if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
19391-
outln
19392-
pr_headlineln " Testing for BEAST vulnerability "
19393-
outln
19394-
fi
1939519372
pr_bold " BEAST"; out " ($cve) "
1939619373

1939719374
if "$TLS13_ONLY" || [[ $(has_server_protocol ssl3) -eq 1 && $(has_server_protocol tls1) -eq 1 ]]; then
@@ -19711,11 +19688,6 @@ run_winshock() {
1971119688
local cwe="CWE-94"
1971219689
local jsonID="winshock"
1971319690

19714-
if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
19715-
outln
19716-
pr_headlineln " Testing for winshock vulnerability "
19717-
outln
19718-
fi
1971919691
pr_bold " Winshock"; out " ($cve), experimental "
1972019692

1972119693
if [[ "$(has_server_protocol "tls1_3")" -eq 0 ]] ; then
@@ -19898,11 +19870,6 @@ run_lucky13() {
1989819870
local hint=""
1989919871
local jsonID="LUCKY13"
1990019872

19901-
if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
19902-
outln
19903-
pr_headlineln " Testing for LUCKY13 vulnerability "
19904-
outln
19905-
fi
1990619873
pr_bold " LUCKY13"; out " ($cve), experimental "
1990719874

1990819875
if "$TLS13_ONLY"; then
@@ -20707,7 +20674,6 @@ run_robot() {
2070720674
local cwe="CWE-203"
2070820675
local jsonID="ROBOT"
2070920676

20710-
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for Return of Bleichenbacher's Oracle Threat (ROBOT) vulnerability " && outln
2071120677
pr_bold " ROBOT "
2071220678

2071320679
if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
@@ -25425,7 +25391,7 @@ lets_roll() {
2542525391
fi
2542625392

2542725393
# vulnerabilities
25428-
if [[ $VULN_COUNT -gt $VULN_THRESHLD ]] || "$do_vulnerabilities"; then
25394+
if [[ $VULN_COUNT -ge 1 ]] || "$do_vulnerabilities"; then
2542925395
outln; pr_headlineln " Testing vulnerabilities "
2543025396
outln
2543125397
fi

0 commit comments

Comments
 (0)