BIN: analyse-headers: fix most shellcheck warnings

The only checks I haven't fixed are the unused variables for colours. I may use them in the future so haven't removed them
4 years ago · 984298b29b
parent 6ac052cd39
commit 984298b29b
1 changed files with 38 additions and 24 deletions
--- a/bin/.bin/webtest/analyse-headers
+++ b/bin/.bin/webtest/analyse-headers
@ -72,8 +72,10 @@ printKey(){
 }

 generic_version_disclosure(){
-	local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
-	local header="$(echo "$1" | cut -d ':' -f 1 | trimWhitespace)"
+	local value
+	local header
+	value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
+	header="$(echo "$1" | cut -d ':' -f 1 | trimWhitespace)"
 	echo "$header" | drawInBox
 	wecho -e "The server responds with ${ORANGE}$value${NC} in the \
 $header header"
@ -82,7 +84,8 @@ $header header"
 }

 test_server(){
-	local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
+	local value
+	value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
 	echo "Server" | drawInBox
 	wecho -e "The server responds with ${ORANGE}$value${NC} in the Server header"
 	wecho -e "This is potentially un-necesary information disclosure\n\n"
@ -90,7 +93,8 @@ test_server(){
 }

 test_x-powered-by(){
-	local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
+	local value
+	value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
 	echo "X-Powered-By" | drawInBox
 	wecho -e "The server responds with ${ORANGE}$value${NC} in the X-Powered-By header"
 	wecho -e "This is potentially un-necesary information disclosure\n\n"
@ -98,7 +102,8 @@ test_x-powered-by(){
 }

 test_x-xss-protection(){
-	local value="$(echo "$1" | cut -d ':' -f 2 | grep -oE '[0-9]+' )"
+	local value
+	value="$(echo "$1" | cut -d ':' -f 2 | grep -oE '[0-9]+' )"
 	if [ "$value" = "1" ]; then
 		return 0
 	else
@ -112,7 +117,8 @@ of old browsers\n\n"
 }

 test_x-frame-options(){
-	local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
+	local value
+	value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
 	case "$value" in
 		"SAMEORIGIN"|"DENY") return 0 ;;
 		"ALLOW-FROM"*)
@ -183,7 +189,8 @@ text-align: center;
 #}

 test_content-security-policy(){
-	local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
+	local value
+	value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
 	# TODO: work on content security testing
 	
 	if [ -z "$value" ]; then
@ -211,10 +218,14 @@ DOM based XSS attacks\n\n"
 }

 test_strict-transport-security(){
-	local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
-	local ret=0
-	local output=""
-	local maxAge="$(echo "$value" | grep -oE 'max-age=[0-9]+' |
+	local value
+	local ret
+	local output
+	local maxAge
+	value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
+	ret=0
+	output=""
+	maxAge="$(echo "$value" | grep -oE 'max-age=[0-9]+' |
 		grep -oE '[0-9]+')"

 	if [ "$maxAge" -lt "31536000" ]; then
@ -243,10 +254,14 @@ channel.\n\n"
 }

 test_set-cookie(){
-	local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
-	local cookieName="$(echo "$value" | cut -d '=' -f 1)"
-	local ret=0
-	local output=""
+	local value
+	local cookieName
+	local ret
+	local output
+	value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
+	cookieName="$(echo "$value" | cut -d '=' -f 1)"
+	ret=0
+	output=""

 	if ! echo "$value" | grep -q "HttpOnly"; then
 		echo "$value"
@ -287,7 +302,6 @@ used to allow or disallow certain browser features or apis in the interest of \
 security.\n\n"
 		return 2
 	fi
-	local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
 }

 test_feature-policy(){
@ -306,11 +320,11 @@ header but should still be included for legacy browsers.
 It has been highlighted because the Permissions-policy header wasn't found.\n\n"
 		return 2
 	fi
-	local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
 }

 test_expect-ct(){
-	local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
+	local value
+	value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
 	if [ -z "$1" ]; then
 		echo "Expect-CT" | drawInBox
 		wecho "When a site enables the Expect-CT header, they are requesting \
@ -334,7 +348,8 @@ expired in June 2021.\n\n"
 }

 test_referer-policy-ct(){
-	local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
+	local value
+	value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
 	if [ -z "$1" ]; then
 		echo "Referrer-Policy" | drawInBox
 		wecho "The Referrer-Policy HTTP header controls how much referrer \
@ -394,7 +409,6 @@ done
 set -- "${options[@]}"
 unset options

-followRedirect="false"

 # Read the options and set stuff
 while [[ $1 = -?* ]]; do
@ -436,9 +450,9 @@ echo ""

 echo "$headers" | sed -n '1p'

-while read line; do
+while read -r line; do
 	headerKey="$(echo "$line" | cut -d ':' -f1)"
-	lowercase="$(echo "$headerKey" | tr '[A-Z]' '[a-z]')"
+	lowercase="$(echo "$headerKey" | tr '[:upper:]' '[:lower:]')"
 	missingHeaders="$(echo -n "$missingHeaders" | sed '/'"$lowercase"'/d')"
 	functionName="test_$lowercase"
 	if declare -f "$functionName" > /dev/null; then
@ -453,9 +467,9 @@ while read line; do
 	else
 		echo "$line"
 	fi
-done<<<$(echo "$headers" | sed '1d') # We don't want the initial http banner
+done<<<"$(echo "$headers" | sed '1d')" # We don't want the initial http banner

-echo "$missingHeaders" | while read line; do
+echo "$missingHeaders" | while read -r line; do
 	echo -e "${RED}$line${NC}"
 	functionName="test_$line"
 	"$functionName" >> "$tmpfile"