Merge pull request #2785 from testssl/stderr

Ensure that stderr is caught / $prg=testssl.sh

Author: drwetter

.github/workflows/unit_tests_macos.yml

@@ -51,4 +51,4 @@ jobs:
 
       - name: run it
         run: |
-          prove -v t
+          prove -v t 2>&1

.github/workflows/unit_tests_ubuntu.yml

@@ -57,4 +57,4 @@ jobs:
 
       - name: run it
         run: |
-          prove -v t
+          prove -v t 2>&1

t/23_client_simulation.t

@@ -31,14 +31,14 @@ $uri="google.com";
 
 # unlink "tmp.json";
 printf "\n%s\n", "Client simulations unit test via sockets --> $uri ...";
-$socket_out = `./testssl.sh $check2run $uri 2>&1`;
+$socket_out = `$prg $check2run $uri 2>&1`;
 # $socket_json = json('tmp.json');
 unlike($socket_out, qr/$socket_regex_bl/, "");
 $tests++;
 
 # unlink "tmp.json";
 printf "\n%s\n", "Client simulations unit test via OpenSSL --> $uri ...";
-$openssl_out = `./testssl.sh $check2run --ssl-native $uri 2>&1`;
+$openssl_out = `$prg $check2run --ssl-native $uri 2>&1`;
 # $openssl_json = json('tmp.json');
 unlike($openssl_out, qr/$openssl_regex_bl/, "");
 $tests++;
@@ -48,7 +48,7 @@ $uri="smtp-relay.gmail.com:587";
 
 # unlink "tmp.json";
 printf "\n%s\n", "STARTTLS: Client simulations unit test via sockets --> $uri ...";
-$socket_out = `./testssl.sh $check2run -t smtp $uri 2>&1`;
+$socket_out = `$prg $check2run -t smtp $uri 2>&1`;
 # $socket_json = json('tmp.json');
 unlike($socket_out, qr/$socket_regex_bl/, "");
 $tests++;

t/31_isJSON_valid.t

@@ -29,7 +29,7 @@ unlink 'tmp.json';
 
 #1
 printf "%s\n", ".. plain JSON --> $uri ";
-$out = `./testssl.sh $check2run --jsonfile tmp.json $uri`;
+$out = `$prg $check2run --jsonfile tmp.json $uri`;
 $json = json('tmp.json');
 unlink 'tmp.json';
 my @errors=eval { decode_json($json) };
@@ -39,7 +39,7 @@ $tests++;
 
 #2
 printf "%s\n", ".. pretty JSON --> $uri ";
-$out = `./testssl.sh $check2run --jsonfile-pretty tmp.json $uri`;
+$out = `$prg $check2run --jsonfile-pretty tmp.json $uri`;
 $json = json('tmp.json');
 unlink 'tmp.json';
 @errors=eval { decode_json($json) };
@@ -50,7 +50,7 @@ $tests++;
 #3
 my $uri = "smtp-relay.gmail.com:587";
 printf "%s\n", " .. plain JSON and STARTTLS --> $uri ...";
-$out = `./testssl.sh  --jsonfile tmp.json $check2run -t smtp $uri`;
+$out = `$prg --jsonfile tmp.json $check2run -t smtp $uri`;
 $json = json('tmp.json');
 unlink 'tmp.json';
 @errors=eval { decode_json($json) };
@@ -65,7 +65,7 @@ if ( $os eq "linux" ){
      # This testssl.sh run deliberately does NOT work as github actions block port 25 egress.
      # but the output should be fine. The idea is to have a unit test for a failed connection.
      printf "%s\n", ".. plain JSON for a failed run: '--mx $uri' ...";
-     $out = `./testssl.sh --ssl-native --openssl-timeout=10 $check2run --jsonfile tmp.json --mx $uri`;
+     $out = `$prg --ssl-native --openssl-timeout=10 $check2run --jsonfile tmp.json --mx $uri`;
      $json = json('tmp.json');
      unlink 'tmp.json';
      @errors=eval { decode_json($json) };
@@ -75,7 +75,7 @@ if ( $os eq "linux" ){
      #5
      # Same as above but with pretty JSON
      printf "%s\n", ".. pretty JSON for a failed run '--mx $uri' ...";
-     $out = `./testssl.sh --ssl-native --openssl-timeout=10 $check2run --jsonfile-pretty tmp.json --mx $uri`;
+     $out = `$prg --ssl-native --openssl-timeout=10 $check2run --jsonfile-pretty tmp.json --mx $uri`;
      $json = json('tmp.json');
      unlink 'tmp.json';
      @errors=eval { decode_json($json) };

t/32_isHTML_valid.t

@@ -57,7 +57,7 @@ $tests++;
 #2
 printf "%s\n", " .. running again $prg against \"$uri\", now with --debug 4 to create HTML output (may take another ~2 minutes)";
 # Redirect stderr to /dev/null in order to avoid some unexplained "date: invalid date" error messages
-$out = `TERM_WIDTH=120 $prg $check2run --debug 4 $uri 2> /dev/null`;
+$out = `TERM_WIDTH=120 $prg $check2run --debug 4 $uri 2>/dev/null`;
 $debughtml = `cat $htmlfile`;
 unlink $htmlfile;
 

t/51_badssl.com.t

@@ -6,6 +6,7 @@ use Data::Dumper;
 use JSON;
 
 my $tests = 0;
+my $prg="./testssl.sh";
 
 my (
 	$out,
@@ -14,14 +15,14 @@ my (
 );
 # OK
 pass("Running testssl.sh against badssl.com to create a baseline (may take 2~3 minutes)"); $tests++;
-my $okout = `./testssl.sh -S -e --freak --logjam --drown --rc4 --sweet32 --breach --winshock --crime --jsonfile tmp.json --color 0 badssl.com`;
+my $okout = `$prg -S -e --freak --logjam --drown --rc4 --sweet32 --breach --winshock --crime --jsonfile tmp.json --color 0 badssl.com`;
 my $okjson = json('tmp.json');
 unlink 'tmp.json';
 cmp_ok(@$okjson,'>',10,"We should have more then 10 findings"); $tests++;
 
 # Expiration
 pass("Running testssl against expired.badssl.com"); $tests++;
-$out = `./testssl.sh -S --jsonfile tmp.json --color 0 expired.badssl.com`;
+$out = `$prg -S --jsonfile tmp.json --color 0 expired.badssl.com`;
 like($out, qr/Chain of trust\s+NOT ok \(expired\)/,"The chain of trust should be expired"); $tests++;
 like($out, qr/Certificate Validity \(UTC\)\s+expired/,"The certificate should be expired"); $tests++;
 $json = json('tmp.json');
@@ -39,7 +40,7 @@ is($found,1,"We should have a finding for this in the JSON output"); $tests++;
 
 # Self signed and not-expired
 pass("Running testssl against self-signed.badssl.com"); $tests++;
-$out = `./testssl.sh -S --jsonfile tmp.json --color 0 self-signed.badssl.com`;
+$out = `$prg -S --jsonfile tmp.json --color 0 self-signed.badssl.com`;
 unlike($out, qr/Certificate Validity \(UTC\)s+expired/,"The certificate should not be expired"); $tests++;
 $json = json('tmp.json');
 unlink 'tmp.json';
@@ -98,7 +99,7 @@ is($found,1,"We should have a finding for this in the JSON output"); $tests++;
 
 # Incomplete chain
 pass("Running testssl against incomplete-chain.badssl.com"); $tests++;
-$out = `./testssl.sh -S --jsonfile tmp.json --color 0 incomplete-chain.badssl.com`;
+$out = `$prg -S --jsonfile tmp.json --color 0 incomplete-chain.badssl.com`;
 like($out, qr/Chain of trust.*?NOT ok\s+\(chain incomplete\)/,"Chain of trust should fail because of incomplete"); $tests++;
 $json = json('tmp.json');
 unlink 'tmp.json';

t/baseline_data/default_testssl.csvfile

@@ -81,9 +81,10 @@
 "cookie_count","testssl.sh/81.169.166.184","443","INFO","0 at '/'","",""
 "X-Frame-Options","testssl.sh/81.169.166.184","443","OK","DENY","",""
 "X-Content-Type-Options","testssl.sh/81.169.166.184","443","OK","nosniff","",""
-"Content-Security-Policy","testssl.sh/81.169.166.184","443","OK","script-src 'unsafe-inline'; style-src 'unsafe-inline' 'self'; object-src 'self'; base-uri 'none'; form-action 'none'; img-src 'self' ; default-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests;","",""
+"Content-Security-Policy","testssl.sh/81.169.166.184","443","OK","script-src 'unsafe-inline'; style-src 'unsafe-inline' 'self'; object-src 'self'; base-uri 'none'; form-action 'none'; img-src 'self' ; default-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; form-action 'none'","",""
 "Cross-Origin-Opener-Policy","testssl.sh/81.169.166.184","443","INFO","same-origin-allow-popups","",""
 "Cross-Origin-Resource-Policy","testssl.sh/81.169.166.184","443","INFO","same-site","",""
+"Cross-Origin-Embedder-Policy","testssl.sh/81.169.166.184","443","INFO","require-corp","",""
 "banner_reverseproxy","testssl.sh/81.169.166.184","443","INFO","--","","CWE-200"
 "heartbleed","testssl.sh/81.169.166.184","443","OK","not vulnerable, no heartbeat extension","CVE-2014-0160","CWE-119"
 "CCS","testssl.sh/81.169.166.184","443","OK","not vulnerable","CVE-2014-0224","CWE-310"