BIN: analyse-headers: fix most shellcheck warnings

The only checks I haven't fixed are the unused variables for colours. I
may use them in the future so haven't removed them
Jonathan Hodgson 4 years ago
parent 6ac052cd39
commit 984298b29b
  1. 62
      bin/.bin/webtest/analyse-headers

@ -72,8 +72,10 @@ printKey(){
} }
generic_version_disclosure(){ generic_version_disclosure(){
local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)" local value
local header="$(echo "$1" | cut -d ':' -f 1 | trimWhitespace)" local header
value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
header="$(echo "$1" | cut -d ':' -f 1 | trimWhitespace)"
echo "$header" | drawInBox echo "$header" | drawInBox
wecho -e "The server responds with ${ORANGE}$value${NC} in the \ wecho -e "The server responds with ${ORANGE}$value${NC} in the \
$header header" $header header"
@ -82,7 +84,8 @@ $header header"
} }
test_server(){ test_server(){
local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)" local value
value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
echo "Server" | drawInBox echo "Server" | drawInBox
wecho -e "The server responds with ${ORANGE}$value${NC} in the Server header" wecho -e "The server responds with ${ORANGE}$value${NC} in the Server header"
wecho -e "This is potentially un-necesary information disclosure\n\n" wecho -e "This is potentially un-necesary information disclosure\n\n"
@ -90,7 +93,8 @@ test_server(){
} }
test_x-powered-by(){ test_x-powered-by(){
local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)" local value
value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
echo "X-Powered-By" | drawInBox echo "X-Powered-By" | drawInBox
wecho -e "The server responds with ${ORANGE}$value${NC} in the X-Powered-By header" wecho -e "The server responds with ${ORANGE}$value${NC} in the X-Powered-By header"
wecho -e "This is potentially un-necesary information disclosure\n\n" wecho -e "This is potentially un-necesary information disclosure\n\n"
@ -98,7 +102,8 @@ test_x-powered-by(){
} }
test_x-xss-protection(){ test_x-xss-protection(){
local value="$(echo "$1" | cut -d ':' -f 2 | grep -oE '[0-9]+' )" local value
value="$(echo "$1" | cut -d ':' -f 2 | grep -oE '[0-9]+' )"
if [ "$value" = "1" ]; then if [ "$value" = "1" ]; then
return 0 return 0
else else
@ -112,7 +117,8 @@ of old browsers\n\n"
} }
test_x-frame-options(){ test_x-frame-options(){
local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)" local value
value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
case "$value" in case "$value" in
"SAMEORIGIN"|"DENY") return 0 ;; "SAMEORIGIN"|"DENY") return 0 ;;
"ALLOW-FROM"*) "ALLOW-FROM"*)
@ -183,7 +189,8 @@ text-align: center;
#} #}
test_content-security-policy(){ test_content-security-policy(){
local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)" local value
value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
# TODO: work on content security testing # TODO: work on content security testing
if [ -z "$value" ]; then if [ -z "$value" ]; then
@ -211,10 +218,14 @@ DOM based XSS attacks\n\n"
} }
test_strict-transport-security(){ test_strict-transport-security(){
local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)" local value
local ret=0 local ret
local output="" local output
local maxAge="$(echo "$value" | grep -oE 'max-age=[0-9]+' | local maxAge
value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
ret=0
output=""
maxAge="$(echo "$value" | grep -oE 'max-age=[0-9]+' |
grep -oE '[0-9]+')" grep -oE '[0-9]+')"
if [ "$maxAge" -lt "31536000" ]; then if [ "$maxAge" -lt "31536000" ]; then
@ -243,10 +254,14 @@ channel.\n\n"
} }
test_set-cookie(){ test_set-cookie(){
local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)" local value
local cookieName="$(echo "$value" | cut -d '=' -f 1)" local cookieName
local ret=0 local ret
local output="" local output
value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
cookieName="$(echo "$value" | cut -d '=' -f 1)"
ret=0
output=""
if ! echo "$value" | grep -q "HttpOnly"; then if ! echo "$value" | grep -q "HttpOnly"; then
echo "$value" echo "$value"
@ -287,7 +302,6 @@ used to allow or disallow certain browser features or apis in the interest of \
security.\n\n" security.\n\n"
return 2 return 2
fi fi
local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
} }
test_feature-policy(){ test_feature-policy(){
@ -306,11 +320,11 @@ header but should still be included for legacy browsers.
It has been highlighted because the Permissions-policy header wasn't found.\n\n" It has been highlighted because the Permissions-policy header wasn't found.\n\n"
return 2 return 2
fi fi
local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
} }
test_expect-ct(){ test_expect-ct(){
local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)" local value
value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
if [ -z "$1" ]; then if [ -z "$1" ]; then
echo "Expect-CT" | drawInBox echo "Expect-CT" | drawInBox
wecho "When a site enables the Expect-CT header, they are requesting \ wecho "When a site enables the Expect-CT header, they are requesting \
@ -334,7 +348,8 @@ expired in June 2021.\n\n"
} }
test_referer-policy-ct(){ test_referer-policy-ct(){
local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)" local value
value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
if [ -z "$1" ]; then if [ -z "$1" ]; then
echo "Referrer-Policy" | drawInBox echo "Referrer-Policy" | drawInBox
wecho "The Referrer-Policy HTTP header controls how much referrer \ wecho "The Referrer-Policy HTTP header controls how much referrer \
@ -394,7 +409,6 @@ done
set -- "${options[@]}" set -- "${options[@]}"
unset options unset options
followRedirect="false"
# Read the options and set stuff # Read the options and set stuff
while [[ $1 = -?* ]]; do while [[ $1 = -?* ]]; do
@ -436,9 +450,9 @@ echo ""
echo "$headers" | sed -n '1p' echo "$headers" | sed -n '1p'
while read line; do while read -r line; do
headerKey="$(echo "$line" | cut -d ':' -f1)" headerKey="$(echo "$line" | cut -d ':' -f1)"
lowercase="$(echo "$headerKey" | tr '[A-Z]' '[a-z]')" lowercase="$(echo "$headerKey" | tr '[:upper:]' '[:lower:]')"
missingHeaders="$(echo -n "$missingHeaders" | sed '/'"$lowercase"'/d')" missingHeaders="$(echo -n "$missingHeaders" | sed '/'"$lowercase"'/d')"
functionName="test_$lowercase" functionName="test_$lowercase"
if declare -f "$functionName" > /dev/null; then if declare -f "$functionName" > /dev/null; then
@ -453,9 +467,9 @@ while read line; do
else else
echo "$line" echo "$line"
fi fi
done<<<$(echo "$headers" | sed '1d') # We don't want the initial http banner done<<<"$(echo "$headers" | sed '1d')" # We don't want the initial http banner
echo "$missingHeaders" | while read line; do echo "$missingHeaders" | while read -r line; do
echo -e "${RED}$line${NC}" echo -e "${RED}$line${NC}"
functionName="test_$line" functionName="test_$line"
"$functionName" >> "$tmpfile" "$functionName" >> "$tmpfile"

Loading…
Cancel
Save