In testssl.sh line 6:
[ -z "$BASH_VERSINFO" ] && printf "\n\033[1;35m Please make sure you're using \"bash\"! Bye...\033[m\n\n" >&2 && exit 245
^-- SC2128: Expanding an array without an index only gives the first element.
In testssl.sh line 7:
[ $(kill -l | grep -c SIG) -eq 0 ] && printf "\n\033[1;35m Please make sure you're calling me without leading \"sh\"! Bye...\033[m\n\n" >&2 && exit 245
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 100:
readonly CMDLINE="$@"
^-- SC2124: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.
In testssl.sh line 112:
date -d @735275209 >/dev/null 2>&1 && \
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 116:
date -j -f '%s' 1234567 >/dev/null 2>&1 && \
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 119:
echo A | sed -E 's/A//' >/dev/null 2>&1 && \
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 123:
tty -s && \
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 330:
pr_liteblue() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out "\033[0;32m$1" || out "\033[0;34m$1" ) || out "$1"; pr_off; } # not yet used
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 332:
pr_blue() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out "\033[1;32m$1" || out "\033[1;34m$1" ) || out "$1"; pr_off; } # used for head lines of single tests
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 335:
pr_warning() { [[ "$COLOR" -eq 2 ]] && out "\033[0;35m$1" || pr_underline "$1"; pr_off; } # some local problem: one test cannot be done
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 337:
pr_magenta() { [[ "$COLOR" -eq 2 ]] && out "\033[1;35m$1" || pr_underline "$1"; pr_off; } # fatal error: quitting because of this!
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 340:
pr_litecyan() { [[ "$COLOR" -eq 2 ]] && out "\033[0;36m$1" || out "$1"; pr_off; } # not yet used
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 342:
pr_cyan() { [[ "$COLOR" -eq 2 ]] && out "\033[1;36m$1" || out "$1"; pr_off; } # additional hint
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 346:
pr_litegrey() { [[ "$COLOR" -eq 2 ]] && out "\033[0;37m$1" || out "$1"; pr_off; }
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 347:
pr_grey() { [[ "$COLOR" -eq 2 ]] && out "\033[1;30m$1" || out "$1"; pr_off; }
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 351:
pr_done_good() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out "\033[0;34m$1" || out "\033[0;32m$1" ) || out "$1"; pr_off; } # litegreen (liteblue), This is good
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 353:
pr_done_best() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out "\033[1;34m$1" || out "\033[1;32m$1" ) || out "$1"; pr_off; } # green (blue), This is the best
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 356:
pr_svrty_minor() { [[ "$COLOR" -eq 2 ]] && out "\033[1;33m$1" || out "$1"; pr_off; } # yellow brown | academic or minor problem
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 358:
pr_svrty_medium() { [[ "$COLOR" -eq 2 ]] && out "\033[0;33m$1" || out "$1"; pr_off; } # brown | it is not a bad problem but you shouldn't do this
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 361:
pr_svrty_high() { [[ "$COLOR" -eq 2 ]] && out "\033[0;31m$1" || pr_bold "$1"; pr_off; } # litered
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 363:
pr_svrty_critical() { [[ "$COLOR" -eq 2 ]] && out "\033[1;31m$1" || pr_bold "$1"; pr_off; } # red
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 369:
pr_bold() { [[ "$COLOR" -ne 0 ]] && out "\033[1m$1" || out "$1"; pr_off; }
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 371:
pr_italic() { [[ "$COLOR" -ne 0 ]] && out "\033[3m$1" || out "$1"; pr_off; }
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 372:
pr_underline() { [[ "$COLOR" -ne 0 ]] && out "\033[4m$1" || out "$1"; pr_off; }
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 373:
pr_reverse() { [[ "$COLOR" -ne 0 ]] && out "\033[7m$1" || out "$1"; pr_off; }
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 374:
pr_reverse_bold() { [[ "$COLOR" -ne 0 ]] && out "\033[7m\033[1m$1" || out "$1"; pr_off; }
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 380:
pr_headline() { [[ "$COLOR" -ne 0 ]] && out "\033[1m\033[4m$1" || out "$1"; pr_off; }
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 482:
local finding=$(strip_lf "$(newline_to_spaces "$(strip_quote "$3")")")
^-- SC2155: Declare and assign separately to avoid masking return values.
In testssl.sh line 485:
"$FIRST_FINDING" || echo -n "," >> $JSONFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 492:
}" >> $JSONFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 496:
echo -e \""$1\"",\"$NODE/$NODEIP\",\"$PORT"\",\""$2"\",\""$finding"\"" >>$CSVFILE
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 545:
echo -n "$1" | tr 'a-z' 'A-Z'
^-- SC2018: Use '[:lower:]' to support accents and foreign alphabets.
^-- SC2019: Use '[:upper:]' to support accents and foreign alphabets.
In testssl.sh line 585:
echo "$1" | while read line; do
^-- SC2162: read without -r will mangle backslashes.
In testssl.sh line 598:
[[ $ERRFILE =~ dev.null ]] && return 0 || \
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 614:
if ! ps $pid >/dev/null ; then
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 617:
[[ "$DEBUG" -ge 6 ]] && ps $pid
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 623:
kill $pid >&2 2>/dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 624:
wait $pid 2>/dev/null # make sure pid terminated, see wait(1p)
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 653:
printf "$GET_REQ11" | $OPENSSL s_client $1 -quiet $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE &
^-- SC2059: Don't use variables in the printf format string. Use printf "..%s.." "$foo".
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 654:
wait_kill $! $HEADER_MAXSLEEP
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 696:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 713:
printf "$GET_REQ11" | $OPENSSL s_client $OPTIMAL_PROTO $BUGS -quiet -ign_eof -connect $NODEIP:$PORT $PROXY $SNI >$HEADERFILE 2>$ERRFILE &
^-- SC2059: Don't use variables in the printf format string. Use printf "..%s.." "$foo".
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 714:
wait_kill $! $HEADER_MAXSLEEP
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 718:
printf "$GET_REQ11" | $OPENSSL s_client $OPTIMAL_PROTO $BUGS -quiet -ign_eof -connect $NODEIP:$PORT $PROXY $SNI >$HEADERFILE 2>$ERRFILE
^-- SC2059: Don't use variables in the printf format string. Use printf "..%s.." "$foo".
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 814:
detect_ipv4() {
^-- SC2120: detect_ipv4 references arguments, but none are ever passed.
In testssl.sh line 832:
while read line; do
^-- SC2162: read without -r will mangle backslashes.
In testssl.sh line 865:
difftime=$((HTTP_TIME - $NOW_TIME))
^-- SC2004: $/${} is unnecessary on arithmetic variables.
In testssl.sh line 878:
detect_ipv4
^-- SC2119: Use detect_ipv4 "$@" if function's $1 should mean script's $1.
In testssl.sh line 951:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 982:
pr_italic $i
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1033:
get_host_cert || return 1
^-- SC2119: Use get_host_cert "$@" if function's $1 should mean script's $1.
In testssl.sh line 1039:
while read hpkp_key; do
^-- SC2162: read without -r will mangle backslashes.
In testssl.sh line 1060:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1068:
-e "s/Debian/"$yellow"\Debian$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1069:
-e "s/Win32/"$yellow"\Win32$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1070:
-e "s/Win64/"$yellow"\Win64$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1071:
-e "s/Ubuntu/"$yellow"Ubuntu$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1072:
-e "s/ubuntu/"$yellow"ubuntu$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1073:
-e "s/jessie/"$yellow"jessie$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1074:
-e "s/squeeze/"$yellow"squeeze$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1075:
-e "s/wheezy/"$yellow"wheezy$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1076:
-e "s/lenny/"$yellow"lenny$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1077:
-e "s/SUSE/"$yellow"SUSE$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1078:
-e "s/Red Hat Enterprise Linux/"$yellow"Red Hat Enterprise Linux$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1079:
-e "s/Red Hat/"$yellow"Red Hat$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1080:
-e "s/CentOS/"$yellow"CentOS$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1081:
-e "s/Via/"$yellow"Via$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1082:
-e "s/X-Forwarded/"$yellow"X-Forwarded$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1083:
-e "s/Liferay-Portal/"$yellow"Liferay-Portal$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1084:
-e "s/X-Cache-Lookup/"$yellow"X-Cache-Lookup$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1085:
-e "s/X-Cache/"$yellow"X-Cache$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1086:
-e "s/X-Squid/"$yellow"X-Squid$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1087:
-e "s/X-Server/"$yellow"X-Server$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1088:
-e "s/X-Varnish/"$yellow"X-Varnish$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1089:
-e "s/X-OWA-Version/"$yellow"X-OWA-Version$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1090:
-e "s/MicrosoftSharePointTeamServices/"$yellow"MicrosoftSharePointTeamServices$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1091:
-e "s/X-Version/"$yellow"X-Version$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1092:
-e "s/X-Powered-By/"$yellow"X-Powered-By$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1093:
-e "s/X-UA-Compatible/"$yellow"X-UA-Compatible$off/g" \
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1094:
-e "s/X-AspNet-Version/"$yellow"X-AspNet-Version$off/g"
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1126:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1145:
while read line; do
^-- SC2162: read without -r will mangle backslashes.
In testssl.sh line 1153:
rp_banners="$rp_bannersline"
^-- SC2154: rp_bannersline is referenced but not assigned.
In testssl.sh line 1159:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1179:
cat $TMPFILE | while read line; do
^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
^-- SC2162: read without -r will mangle backslashes.
In testssl.sh line 1187:
app_banners="$app_bannersline"
^-- SC2030: Modification of app_banners is local (to subshell caused by pipeline).
^-- SC2154: app_bannersline is referenced but not assigned.
In testssl.sh line 1189:
fileout "app_banner" "WARN" "Application Banners found: $app_banners"
^-- SC2031: app_banners was modified in a subshell. That change might be lost.
In testssl.sh line 1191:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1220:
if [[ $nr_cookies == $nr_secure ]]; then
^-- SC2053: Quote the rhs of == in [[ ]] to prevent glob matching.
In testssl.sh line 1231:
if [[ $nr_cookies == $nr_httponly ]]; then
^-- SC2053: Quote the rhs of == in [[ ]] to prevent glob matching.
In testssl.sh line 1242:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1303:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1325:
HEXC=$(echo $HEXC | tr 'A-Z' 'a-z' | sed 's/0x/x/') #tolower + strip leading 0
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2019: Use '[:upper:]' to support accents and foreign alphabets.
^-- SC2018: Use '[:lower:]' to support accents and foreign alphabets.
In testssl.sh line 1343:
[[ $1 =~ $re ]] && \
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 1345:
pr_headline "matching word pattern "\"$1\"" (ignore case) "
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1351:
$OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE | while read hexcode dash ciph sslvers kx auth enc mac export ; do # -V doesn't work with openssl < 1.0
^-- SC2162: read without -r will mangle backslashes.
In testssl.sh line 1352:
normalize_ciphercode $hexcode
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1359:
$OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE | while read hexcode dash ciph sslvers kx auth enc mac export ; do # -V doesn't work with openssl < 1.0
^-- SC2162: read without -r will mangle backslashes.
^-- SC2030: Modification of export is local (to subshell caused by pipeline).
In testssl.sh line 1360:
normalize_ciphercode $hexcode
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1362:
[[ $arg =~ $re ]] && \
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 1377:
local debugname="$(sed -e s'/\!/not/g' -e 's/\:/_/g' <<< "$1")"
^-- SC2155: Declare and assign separately to avoid masking return values.
In testssl.sh line 1383:
tmpfile_handle $FUNCNAME.$debugname.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1394:
local debugname="$(sed -e s'/\!/not/g' -e 's/\:/_/g' <<< "$1")"
^-- SC2155: Declare and assign separately to avoid masking return values.
In testssl.sh line 1398:
$OPENSSL s_client -cipher "$1" $BUGS $STARTTLS -connect $NODEIP:$PORT $PROXY $SNI 2>$ERRFILE >$TMPFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1444:
tmpfile_handle $FUNCNAME.$debugname.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1467:
sleep $2
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1479:
dd bs=$1 of=$ddreply count=1 <&5 2>/dev/null &
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1480:
wait_kill $! $maxsleep
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1482:
SOCKREPLY=$(cat $ddreply 2>/dev/null)
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1483:
rm $ddreply
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1546:
echo "$export" | grep -iq export && strength="$strength,exp"
^-- SC2031: export was modified in a subshell. That change might be lost.
In testssl.sh line 1574:
pr_headline "word pattern "\"$1\"" (ignore case) "
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1584:
$OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE | while read hexcode dash ciph sslvers kx auth enc mac export ; do
^-- SC2162: read without -r will mangle backslashes.
In testssl.sh line 1586:
normalize_ciphercode $hexcode
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1589:
neat_list $HEXC $ciph $kx $enc | grep -qai "$arg"
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1591:
neat_list $HEXC $ciph $kx $enc | grep -qwai "$arg"
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1595:
$OPENSSL s_client -ssl2 -cipher $ciph $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY 2>$ERRFILE >$TMPFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1597:
$OPENSSL s_client -cipher $ciph $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI 2>$ERRFILE >$TMPFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1609:
neat_list $HEXC $ciph "$kx" $enc
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1612:
fileout "cipher_$HEXC" "INFO" "$(neat_header)(neat_list $HEXC $ciph "$kx" $enc) available"
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1615:
fileout "cipher_$HEXC" "INFO" "$(neat_header)(neat_list $HEXC $ciph "$kx" $enc) not a/v"
^-- SC2027: The surrounding quotes actually unquote this. Remove or escape them.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1624:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1643:
while read hexcode[nr_ciphers] n ciph[nr_ciphers] sslvers[nr_ciphers] kx[nr_ciphers] auth enc[nr_ciphers] mac export2[nr_ciphers]; do
^-- SC2162: read without -r will mangle backslashes.
^-- SC2102: Ranges can only match single chars (mentioned due to duplicates).
^-- SC2102: Ranges can only match single chars (mentioned due to duplicates).
^-- SC2102: Ranges can only match single chars (mentioned due to duplicates).
^-- SC2102: Ranges can only match single chars (mentioned due to duplicates).
^-- SC2102: Ranges can only match single chars (mentioned due to duplicates).
^-- SC2102: Ranges can only match single chars (mentioned due to duplicates).
In testssl.sh line 1654:
$OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY -ssl2 >$TMPFILE 2>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1675:
for (( i=4**$round_num; i<2*4**$round_num; i++ )); do
^-- SC2004: $/${} is unnecessary on arithmetic variables.
^-- SC2004: $/${} is unnecessary on arithmetic variables.
In testssl.sh line 1689:
parent=4**$round_num+$i/4
^-- SC2125: Brace expansions and globs are literal in assignments. Quote it or use an array.
In testssl.sh line 1691:
child=4*4**$round_num+$i
^-- SC2125: Brace expansions and globs are literal in assignments. Quote it or use an array.
In testssl.sh line 1694:
end_of_bundle=$i*$bundle_size+$bundle_size
^-- SC2125: Brace expansions and globs are literal in assignments. Quote it or use an array.
In testssl.sh line 1701:
$OPENSSL s_client -cipher "${ciphers_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1711:
$OPENSSL s_client -cipher "${ciph[i]}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY -ssl2 >$TMPFILE 2>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1744:
round_num=round_num+1
^-- SC2100: Use $((..)) for arithmetics, e.g. i=$((i + 2))
In testssl.sh line 1748:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1768:
outln " -ssl2 SSLv2\n -ssl3 SSLv3\n -tls1 TLS 1\n -tls1_1 TLS 1.1\n -tls1_2 TLS 1.2"| while read proto proto_text; do
^-- SC2162: read without -r will mangle backslashes.
In testssl.sh line 1781:
while read hexcode[nr_ciphers] n ciph[nr_ciphers] sslvers kx[nr_ciphers] auth enc[nr_ciphers] mac export2[nr_ciphers]; do
^-- SC2162: read without -r will mangle backslashes.
^-- SC2102: Ranges can only match single chars (mentioned due to duplicates).
^-- SC2102: Ranges can only match single chars (mentioned due to duplicates).
^-- SC2102: Ranges can only match single chars (mentioned due to duplicates).
^-- SC2102: Ranges can only match single chars (mentioned due to duplicates).
^-- SC2102: Ranges can only match single chars (mentioned due to duplicates).
In testssl.sh line 1801:
for (( i=4**$round_num; i<2*4**$round_num; i++ )); do
^-- SC2004: $/${} is unnecessary on arithmetic variables.
^-- SC2004: $/${} is unnecessary on arithmetic variables.
In testssl.sh line 1814:
parent=4**$round_num+$i/4
^-- SC2125: Brace expansions and globs are literal in assignments. Quote it or use an array.
In testssl.sh line 1816:
child=4*4**$round_num+$i
^-- SC2125: Brace expansions and globs are literal in assignments. Quote it or use an array.
In testssl.sh line 1819:
end_of_bundle=$i*$bundle_size+$bundle_size
^-- SC2125: Brace expansions and globs are literal in assignments. Quote it or use an array.
In testssl.sh line 1827:
$OPENSSL s_client -cipher "${ciphers_to_test:1}" $proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY >$TMPFILE 2>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1829:
$OPENSSL s_client -cipher "${ciphers_to_test:1}" $proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1868:
round_num=round_num+1
^-- SC2100: Use $((..)) for arithmetics, e.g. i=$((i + 2))
In testssl.sh line 1871:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1902:
len=2*$(hex2dec "${tls_handshake_ascii:86:2}")+2
^-- SC2125: Brace expansions and globs are literal in assignments. Quote it or use an array.
In testssl.sh line 1906:
len=2*$(hex2dec "${tls_handshake_ascii:$offset:4}")+4
^-- SC2125: Brace expansions and globs are literal in assignments. Quote it or use an array.
In testssl.sh line 1910:
len=2*$(hex2dec "${tls_handshake_ascii:$offset:2}")+2
^-- SC2125: Brace expansions and globs are literal in assignments. Quote it or use an array.
In testssl.sh line 1920:
len_extensions=2*$(hex2dec "${tls_handshake_ascii:$offset:4}")
^-- SC2125: Brace expansions and globs are literal in assignments. Quote it or use an array.
In testssl.sh line 1925:
len_extension=2*$(hex2dec "${tls_handshake_ascii:$offset:4}")
^-- SC2125: Brace expansions and globs are literal in assignments. Quote it or use an array.
In testssl.sh line 1938:
servername_hexstr=$(printf $NODE | hexdump -v -e "${hexdump_format_str}")
^-- SC2059: Don't use variables in the printf format string. Use printf "..%s.." "$foo".
In testssl.sh line 1954:
len_extensions_hex=$(printf "%02x\n" $len_extensions)
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1960:
len_clienthello_hex=$(printf "%02x\n" $len_clienthello)
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1965:
tls_handshake_ascii_len_hex=$(printf "%02x\n" $tls_handshake_ascii_len)
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 1990:
data=$(echo $NW_STR)
^-- SC2116: Useless echo? Instead of 'cmd $(echo foo)', just use 'cmd foo'.
In testssl.sh line 1993:
sleep $USLEEP_SND
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 2020:
tmpfile_handle $FUNCNAME.dd
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 2801:
$OPENSSL s_client -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null >$TMPFILE 2>$ERRFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 2816:
$OPENSSL s_client $tls -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null >$TMPFILE 2>$ERRFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 2851:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 2875:
local sni="$SNI"
^-- SC2178: Variable was used as an array but is now assigned a string.
In testssl.sh line 2878:
$OPENSSL s_client -state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $sni >$TMPFILE 2>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2128: Expanding an array without an index only gives the first element.
In testssl.sh line 2885:
[[ "$1" =~ ssl ]] && sni="" # newer openssl throw an error if SNI is supplied with SSLv2,
^-- SC2178: Variable was used as an array but is now assigned a string.
In testssl.sh line 2887:
$OPENSSL s_client -state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $sni >$TMPFILE 2>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2128: Expanding an array without an index only gives the first element.
In testssl.sh line 2893:
tmpfile_handle $FUNCNAME$1.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3250:
what_dh=$(awk -F',' '{ print $1 }' <<< $temp)
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3251:
bits=$(awk -F',' '{ print $3 }' <<< $temp)
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3253:
grep -q bits <<< $bits || bits=$(awk -F',' '{ print $2 }' <<< $temp)
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3254:
bits=$(tr -d ' bits' <<< $bits)
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3322:
$OPENSSL s_client $STARTTLS -cipher $list_fwd $BUGS -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3334:
$OPENSSL s_client $STARTTLS $STARTTLS_OPTIMAL_PROTO -cipher $list_fwd $BUGS -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3346:
$OPENSSL s_client $STARTTLS $STARTTLS_OPTIMAL_PROTO -cipher $list_reverse $BUGS -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3363:
$OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3366:
$OPENSSL s_client $STARTTLS $OPTIMAL_PROTO $BUGS -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3372:
pr_done_bestln $default_proto
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3376:
pr_done_goodln $default_proto
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3380:
outln $default_proto
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3384:
pr_svrty_criticalln $default_proto
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3388:
pr_svrty_criticalln $default_proto
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3459:
$OPENSSL s_client $STARTTLS -"$p" $BUGS -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3469:
i=$(($i + 1))
^-- SC2004: $/${} is unnecessary on arithmetic variables.
In testssl.sh line 3475:
$OPENSSL s_client -connect $NODEIP:$PORT $BUGS -nextprotoneg "$NPN_PROTOs" $SNI </dev/null 2>>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3508:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3525:
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "ALL:$tested_cipher:$batchremoved" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3527:
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
^-- SC2178: Variable was used as an array but is now assigned a string.
In testssl.sh line 3528:
order+=" $cipher"
^-- SC2128: Expanding an array without an index only gives the first element.
In testssl.sh line 3529:
tested_cipher="$tested_cipher:-$cipher"
^-- SC2128: Expanding an array without an index only gives the first element.
In testssl.sh line 3539:
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "$batchremoved" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3542:
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
^-- SC2178: Variable was used as an array but is now assigned a string.
In testssl.sh line 3543:
order+=" $cipher"
^-- SC2128: Expanding an array without an index only gives the first element.
In testssl.sh line 3544:
batchremoved="$batchremoved:-$cipher"
^-- SC2128: Expanding an array without an index only gives the first element.
In testssl.sh line 3556:
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "$combined_ciphers" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3559:
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
^-- SC2178: Variable was used as an array but is now assigned a string.
In testssl.sh line 3560:
order="$cipher"
^-- SC2128: Expanding an array without an index only gives the first element.
In testssl.sh line 3561:
tested_cipher="-$cipher"
^-- SC2128: Expanding an array without an index only gives the first element.
In testssl.sh line 3567:
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "$combined_ciphers:$tested_cipher" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3569:
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
^-- SC2178: Variable was used as an array but is now assigned a string.
In testssl.sh line 3570:
order+=" $cipher"
^-- SC2128: Expanding an array without an index only gives the first element.
In testssl.sh line 3571:
tested_cipher="$tested_cipher:-$cipher"
^-- SC2128: Expanding an array without an index only gives the first element.
In testssl.sh line 3584:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3607:
$OPENSSL s_client $STARTTLS -"$p" $BUGS -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3622:
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "$overflow_probe_cipherlist" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3634:
$OPENSSL s_client $STARTTLS -"$p" $BUGS -cipher "ALL:$tested_cipher" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3650:
npn_protos=$($OPENSSL s_client $BUGS -nextprotoneg \"\" -connect $NODEIP:$PORT $SNI </dev/null 2>>$ERRFILE | grep -a "^Protocols " | sed -e 's/^Protocols.*server: //' -e 's/,//g')
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3653:
$OPENSSL s_client $BUGS -nextprotoneg "$p" -connect $NODEIP:$PORT $SNI </dev/null 2>>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3659:
$OPENSSL s_client -cipher "ALL:$tested_cipher" $BUGS -nextprotoneg "$p" -connect $NODEIP:$PORT $SNI </dev/null 2>>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3672:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3678:
get_host_cert() {
^-- SC2120: get_host_cert references arguments, but none are ever passed.
In testssl.sh line 3679:
local tmpvar=$TEMPDIR/$FUNCNAME.txt # change later to $TMPFILE
^-- SC2128: Expanding an array without an index only gives the first element.
In testssl.sh line 3681:
$OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $1 2>/dev/null </dev/null >$tmpvar
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3682:
if sclient_connect_successful $? $tmpvar; then
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3683:
awk '/-----BEGIN/,/-----END/ { print $0 }' $tmpvar >$HOSTCERT
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3728:
local -i certificates_provided=1+$(grep -c "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TEMPDIR/intermediatecerts.pem)
^-- SC2155: Declare and assign separately to avoid masking return values.
In testssl.sh line 3741:
certificate_file[i]=$(basename ${bundle_fname//.pem})
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3750:
$OPENSSL verify -purpose sslserver -CAfile "$bundle_fname" -untrusted $TEMPDIR/intermediatecerts.pem $HOSTCERT >$TEMPDIR/${certificate_file[i]}.1 2>$TEMPDIR/${certificate_file[i]}.2
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3752:
$OPENSSL verify -purpose sslserver -CAfile "$bundle_fname" $HOSTCERT >$TEMPDIR/${certificate_file[i]}.1 2>$TEMPDIR/${certificate_file[i]}.2
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3754:
verify_retcode[i]=$(awk '/error [1-9][0-9]? at [0-9]+ depth lookup:/ { if (!found) {print $2; found=1} }' $TEMPDIR/${certificate_file[i]}.1)
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3827:
difftime=$(($TLS_TIME - $TLS_NOW)) # TLS_NOW is being set in tls_sockets()
^-- SC2004: $/${} is unnecessary on arithmetic variables.
^-- SC2004: $/${} is unnecessary on arithmetic variables.
In testssl.sh line 3877:
$OPENSSL s_client $STARTTLS $BUGS $1 -showcerts -connect $NODEIP:$PORT $PROXY $SNI -$proto -tlsextdebug -nextprotoneg $alpn -status </dev/null 2>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3882:
$OPENSSL s_client $STARTTLS $BUGS $1 -showcerts -connect $NODEIP:$PORT $PROXY $SNI -$proto -tlsextdebug </dev/null 2>>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3887:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3899:
TLS_EXTENSIONS=$(echo $TLS_EXTENSIONS) # into one line
^-- SC2116: Useless echo? Instead of 'cmd $(echo foo)', just use 'cmd foo'.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3903:
savedir=$(pwd); cd $TEMPDIR
^-- SC2164: Use cd ... || exit in case cd fails.
In testssl.sh line 3922:
cd "$savedir"
^-- SC2164: Use cd ... || exit in case cd fails.
In testssl.sh line 3924:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3938:
subject="$($OPENSSL x509 -in $1 -noout -subject -nameopt multiline,-align,sname,-esc_msb,utf8,-space_eq 2>>$ERRFILE)"
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 3939:
echo "$(awk -F'=' '/CN=/ { print $2 }' <<< "$subject")"
^-- SC2005: Useless echo? Instead of 'echo $(cmd)', just use 'cmd'.
In testssl.sh line 4020:
local servername="$(toupper "$1")"
^-- SC2155: Declare and assign separately to avoid masking return values.
In testssl.sh line 4032:
if [[ $req -eq 0 ]]; then
^-- SC2154: req is referenced but not assigned.
In testssl.sh line 4204:
fileout "${json_prefix}algorithm" "DEBUG" "Signature Algorithm: $sign_algo"
^-- SC2154: sign_algo is referenced but not assigned.
In testssl.sh line 4303:
$OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $OPTIMAL_PROTO 2>>$ERRFILE </dev/null | awk '/-----BEGIN/,/-----END/ { print $0 }' >$HOSTCERT.nosni
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4340:
while read san; do
^-- SC2162: read without -r will mangle backslashes.
In testssl.sh line 4509:
if ! echo $expire | grep -qw not; then
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4621:
for ciph in $(colon_to_spaces $($OPENSSL ciphers "aRSA")); do
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 4622:
if grep -q "\-RSA\-" <<<$ciph; then
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4646:
if [[ -n "${ciphers_to_test[n]}" ]] && [[ $(count_ciphers $($OPENSSL ciphers "${ciphers_to_test[n]}" 2>>$ERRFILE)) -ge 1 ]]; then
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 4663:
done <<<$TLS_EXTENSIONS
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4710:
[[ " $sans_sni " =~ " $san " ]] && success[n]=0 && break
^-- SC2076: Don't quote rhs of =~, it'll match literally rather than as a regex.
In testssl.sh line 4721:
certs_found=$(($certs_found + 1))
^-- SC2004: $/${} is unnecessary on arithmetic variables.
In testssl.sh line 4763:
lifetime=$(echo $sessticket_str | grep -a lifetime | sed 's/[A-Za-z:() ]//g')
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4764:
unit=$(echo $sessticket_str | grep -a lifetime | sed -e 's/^.*'"$lifetime"'//' -e 's/[ ()]//g')
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4811:
nr_supported_ciphers=$(count_ciphers $(actually_supported_ciphers $pfs_cipher_list))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 4812:
debugme echo $nr_supported_ciphers
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4813:
debugme echo $(actually_supported_ciphers $pfs_cipher_list)
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 4821:
$OPENSSL s_client -cipher $pfs_cipher_list $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4839:
while read hexcode dash pfs_cipher sslvers kx auth enc mac; do
^-- SC2162: read without -r will mangle backslashes.
In testssl.sh line 4841:
$OPENSSL s_client -cipher $pfs_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI &>$tmpfile </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4842:
sclient_connect_successful $? $tmpfile
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4850:
normalize_ciphercode $hexcode
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4855:
neat_list $HEXC $pfs_cipher "$kx" $enc $strength
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4872:
debugme rm $tmpfile
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4889:
$OPENSSL ecparam -list_curves | grep -q $curve
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4905:
[[ ! " $curves_offered " =~ " ${supported_curves[j]} " ]] && curves_to_test+=":${supported_curves[j]}"
^-- SC2076: Don't quote rhs of =~, it'll match literally rather than as a regex.
In testssl.sh line 4908:
$OPENSSL s_client -cipher "${ecdhe_cipher_list:1}" -curves "${curves_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI &>$tmpfile </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4909:
sclient_connect_successful $? $tmpfile
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4916:
curve_found="$(awk -F', ' '{ print $2 }' <<< $temp)"
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4933:
[[ " $curves_offered " =~ " $curve " ]] && curve_found+="$curve "
^-- SC2076: Don't quote rhs of =~, it'll match literally rather than as a regex.
In testssl.sh line 4943:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 4978:
http2_pre(){
^-- SC2120: http2_pre references arguments, but none are ever passed.
In testssl.sh line 5009:
$OPENSSL s_client -connect $NODEIP:$PORT $BUGS $SNI -nextprotoneg $NPN_PROTOs </dev/null 2>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5017:
if echo $tmpstr | egrep -aq "h2|spdy|http" ; then
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5031:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5044:
if ! http2_pre ; then
^-- SC2119: Use http2_pre "$@" if function's $1 should mean script's $1.
In testssl.sh line 5050:
$OPENSSL s_client -connect $NODEIP:$PORT $BUGS $SNI -alpn $proto </dev/null 2>$ERRFILE >$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5074:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5087:
wait_kill $! $STARTTLS_SLEEP
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5127:
wait_kill $! $STARTTLS_SLEEP
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5130:
wait_kill $! $STARTTLS_SLEEP
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5141:
local nodeip="$(tr -d '[]' <<< $NODEIP)" # sockets do not need the square brackets we have of IPv6 addresses
^-- SC2155: Declare and assign separately to avoid masking return values.
In testssl.sh line 5151:
read proyxline <&5
^-- SC2162: read without -r will mangle backslashes.
In testssl.sh line 5164:
elif ! exec 5<>/dev/tcp/$nodeip/$PORT; then # 2>/dev/null would remove an error message, but disables debugging
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5257:
sleep $USLEEP_SND
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5265:
dd bs=$1 of=$SOCK_REPLY_FILE count=1 <&5 2>/dev/null &
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5266:
wait_kill $! $maxsleep
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5288:
v2_hello_ascii=$(hexdump -v -e '16/1 "%02X"' $1)
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5325:
local tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$1")
^-- SC2155: Declare and assign separately to avoid masking return values.
In testssl.sh line 5342:
[[ "$DEBUG" -eq 5 ]] && echo $tls_hello_ascii # one line without any blanks
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5365:
msg_len=2*$(hex2dec "${tls_hello_ascii:i:4}")
^-- SC2125: Brace expansions and globs are literal in assignments. Quote it or use an array.
In testssl.sh line 5412:
debugme out " tls_err_descr: 0x${tls_err_descr} / = $(hex2dec ${tls_err_descr})"
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5482:
msg_len=2*$(hex2dec "${tls_handshake_ascii:i:6}")
^-- SC2125: Brace expansions and globs are literal in assignments. Quote it or use an array.
In testssl.sh line 5556:
tls_sid_len=2*$(hex2dec "$tls_sid_len_hex")
^-- SC2125: Brace expansions and globs are literal in assignments. Quote it or use an array.
In testssl.sh line 5577:
echo "Cipher : $(strip_spaces $(show_rfc_style "x${tls_cipher_suite:2:2}"))" >> $TMPFILE
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 5579:
echo "Cipher : $(strip_spaces $(show_rfc_style "x${tls_cipher_suite:0:4}"))" >> $TMPFILE
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 5604:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5664:
tmpfile_handle $FUNCNAME.dd
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5688:
len_ciph_suites_byte=$(echo ${#cipher_suites})
^-- SC2116: Useless echo? Instead of 'cmd $(echo foo)', just use 'cmd foo'.
In testssl.sh line 5692:
len_ciph_suites=$(printf "%02x\n" $(($len_ciph_suites_byte / 4 )))
^-- SC2004: $/${} is unnecessary on arithmetic variables.
In testssl.sh line 5739:
servername_hexstr=$(printf $NODE | hexdump -v -e "${hexdump_format_str}" | sed 's/,$//')
^-- SC2059: Don't use variables in the printf format string. Use printf "..%s.." "$foo".
In testssl.sh line 5829:
len2twobytes $(printf "%02x\n" $((0x$len_ciph_suites + 0x27)))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 5831:
len2twobytes $(printf "%02x\n" $((0x$len_ciph_suites + 0x27 + 0x$len_extension_hex + 0x2)))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 5837:
len2twobytes $(printf "%02x\n" $((0x$len_ciph_suites + 0x2b)))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 5839:
len2twobytes $(printf "%02x\n" $((0x$len_ciph_suites + 0x2b + 0x$len_extension_hex + 0x2)))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 5869:
data=$(echo $NW_STR)
^-- SC2116: Useless echo? Instead of 'cmd $(echo foo)', just use 'cmd foo'.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5872:
sleep $USLEEP_SND
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5907:
hexdump -C $SOCK_REPLY_FILE | head -6
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5936:
tmpfile_handle $FUNCNAME.dd
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5961:
$OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY -tlsextdebug >$TMPFILE 2>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5964:
tls_proto_offered=$(grep -aw Protocol $TMPFILE | sed -E 's/[^[:digit:]]//g')
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 5966:
tls_proto_offered=$(grep -aw Protocol $TMPFILE | sed -r 's/[^[:digit:]]//g')
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6069:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6087:
$OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY >$TMPFILE 2>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6090:
tls_proto_offered=$(grep -aw Protocol $TMPFILE | sed -E 's/[^[:digit:]]//g')
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6092:
tls_proto_offered=$(grep -aw Protocol $TMPFILE | sed -r 's/[^[:digit:]]//g')
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6198:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6212:
$OPENSSL s_client $OPTIMAL_PROTO $STARTTLS $BUGS -connect $NODEIP:$PORT $SNI $PROXY 2>&1 </dev/null >$TMPFILE 2>$ERRFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6213:
if sclient_connect_successful $? $TMPFILE; then
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6214:
grep -iaq "$insecure_renogo_str" $TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6265:
echo R | $OPENSSL s_client $OPTIMAL_PROTO $BUGS $legacycmd $STARTTLS -msg -connect $NODEIP:$PORT $SNI $PROXY >$TMPFILE 2>>$ERRFILE &
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6266:
wait_kill $! $HEADER_MAXSLEEP
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6273:
echo R | $OPENSSL s_client $legacycmd $STARTTLS $BUGS -msg -connect $NODEIP:$PORT $SNI $PROXY >$TMPFILE 2>>$ERRFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6294:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6295:
return $(($sec_renego + $sec_client_renego))
^-- SC2004: $/${} is unnecessary on arithmetic variables.
^-- SC2004: $/${} is unnecessary on arithmetic variables.
In testssl.sh line 6320:
$OPENSSL s_client $OPTIMAL_PROTO $BUGS $addcmd $STARTTLS -connect $NODEIP:$PORT $PROXY $SNI </dev/null &>$TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6321:
if grep -a Compression $TMPFILE | grep -aq NONE >/dev/null; then
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6377:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6409:
printf "GET $url HTTP/1.1\r\nHost: $NODE\r\nUser-Agent: $useragent\r\nReferer: $referer\r\nConnection: Close\r\nAccept-encoding: gzip,deflate,compress\r\nAccept: text/*\r\n\r\n" | $OPENSSL s_client $OPTIMAL_PROTO $BUGS -quiet -ign_eof -connect $NODEIP:$PORT $PROXY $SNI 1>$TMPFILE 2>$ERRFILE &
^-- SC2059: Don't use variables in the printf format string. Use printf "..%s.." "$foo".
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6410:
wait_kill $! $HEADER_MAXSLEEP
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6412:
result=$(awk '/^Content-Encoding/ { print $2 }' $TMPFILE)
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6414:
debugme grep '^Content-Encoding' $TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6439:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6452:
debugme echo $cbc_ciphers
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6453:
$OPENSSL s_client -ssl3 $STARTTLS $BUGS -cipher $cbc_ciphers -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6454:
sclient_connect_successful $? $TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6465:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6497:
$OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI -no_tls1_2 >$TMPFILE 2>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6498:
if ! sclient_connect_successful $? $TMPFILE; then
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6503:
$OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI -no_tls1_2 -fallback_scsv &>$TMPFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6535:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6551:
nr_supported_ciphers=$(count_ciphers $(actually_supported_ciphers $exportrsa_cipher_list))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 6567:
$OPENSSL s_client $STARTTLS $BUGS -cipher $exportrsa_cipher_list -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6568:
sclient_connect_successful $? $TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6580:
debugme echo $(actually_supported_ciphers $exportrsa_cipher_list)
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 6581:
debugme echo $nr_supported_ciphers
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6583:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6598:
nr_supported_ciphers=$(count_ciphers $(actually_supported_ciphers $exportdhe_cipher_list))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 6610:
$OPENSSL s_client $STARTTLS $BUGS -cipher $exportdhe_cipher_list -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6611:
sclient_connect_successful $? $TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6632:
debugme echo $(actually_supported_ciphers $exportdhe_cipher_list)
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 6633:
debugme echo $nr_supported_ciphers
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6635:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6693:
get_host_cert || return 7
^-- SC2119: Use get_host_cert "$@" if function's $1 should mean script's $1.
In testssl.sh line 6738:
$OPENSSL s_client -state -"$proto" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI 2>>$ERRFILE >$TMPFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6739:
if sclient_connect_successful $? $TMPFILE; then
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6740:
higher_proto_supported="$higher_proto_supported ""$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol .*://' -e 's/ //g')"
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6745:
$OPENSSL s_client -"$proto" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6746:
if ! sclient_connect_successful $? $TMPFILE; then # protocol supported?
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6760:
$OPENSSL s_client -"$proto" -cipher "$cbc_cipher_list" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6761:
sclient_connect_successful $? $TMPFILE || continue
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6770:
read hexcode dash cbc_cipher sslvers kx auth enc mac < <($OPENSSL ciphers -V "$ciph" 2>>$ERRFILE) # -V doesn't work with openssl < 1.0
^-- SC2162: read without -r will mangle backslashes.
In testssl.sh line 6772:
$OPENSSL s_client -cipher "$cbc_cipher" -"$proto" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6773:
sclient_connect_successful $? $TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6802:
detected_cbc_ciphers="$detected_cbc_ciphers ""$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')"
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6818:
[[ -n "$higher_proto_supported" ]] && \
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 6862:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6896:
$OPENSSL s_client -cipher $rc4_ciphers_list $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6897:
sclient_connect_successful $? $TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6900:
$OPENSSL s_client -cipher $rc4_ssl2_ciphers_list $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY -ssl2 >$TMPFILE 2>$ERRFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6901:
sclient_connect_successful $? $TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6913:
$OPENSSL s_client -cipher $rc4_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY -ssl2 </dev/null >$TMPFILE 2>$ERRFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6915:
$OPENSSL s_client -cipher $rc4_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI </dev/null >$TMPFILE 2>$ERRFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6917:
sclient_connect_successful $? $TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6952:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6983:
INSTALL_DIR=$(dirname ${BASH_SOURCE[0]})
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6996:
INSTALL_DIR=$(readlink -f $(basename ${BASH_SOURCE[0]})) || \
^-- SC2046: Quote this to prevent word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6997:
INSTALL_DIR=$(readlink $(basename ${BASH_SOURCE[0]}))
^-- SC2046: Quote this to prevent word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 6999:
INSTALL_DIR=$(dirname $INSTALL_DIR 2>/dev/null)
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7007:
INSTALL_DIR=$(dirname $(realpath ${BASH_SOURCE[0]}))
^-- SC2046: Quote this to prevent word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7019:
local naming_ext="$(uname).$(uname -m)"
^-- SC2155: Declare and assign separately to avoid masking return values.
In testssl.sh line 7020:
local uname_arch="$(uname -m)"
^-- SC2155: Declare and assign separately to avoid masking return values.
In testssl.sh line 7048:
elif test_openssl_suffix $RUN_DIR; then
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7050:
elif test_openssl_suffix $RUN_DIR/bin; then
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7064:
OSSL_VER_MAJOR=$(echo "$OSSL_VER" | sed 's/\..*$//')
^-- SC2001: See if you can use ${variable//search/replace} instead.
In testssl.sh line 7069:
echo $OSSL_BUILD_DATE | grep -q "not available" && OSSL_BUILD_DATE=""
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7233:
exit $1
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7247:
cat >$TEMPDIR/environment.txt << EOF
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7313:
which locale &>/dev/null && locale >>$TEMPDIR/environment.txt || echo "locale doesn't exist" >>$TEMPDIR/environment.txt
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7314:
$OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL' &>$TEMPDIR/all_local_ciphers.txt
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7322:
local openssl_location="$(which $OPENSSL)"
^-- SC2155: Declare and assign separately to avoid masking return values.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7380:
exit $2
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7409:
cat >$OPENSSL_CONF << EOF
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7440:
read a
^-- SC2162: read without -r will mangle backslashes.
In testssl.sh line 7460:
if grep -q ':$' <<< $NODE ; then
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7466:
tmp_port=$(printf "$NODE" | sed 's/\[.*\]//' | sed 's/://')
^-- SC2059: Don't use variables in the printf format string. Use printf "..%s.." "$foo".
In testssl.sh line 7476:
PORT=$(echo "$NODE" | sed 's/^.*\://') && NODE=$(echo "$NODE" | sed 's/\:.*$//')
^-- SC2001: See if you can use ${variable//search/replace} instead.
^-- SC2001: See if you can use ${variable//search/replace} instead.
In testssl.sh line 7478:
debugme echo $NODE:$PORT
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7505:
>$LOGFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7506:
outln "## Scan started as: \"$PROG_NAME $CMDLINE\"" >>${LOGFILE}
^-- SC2129: Consider using { cmd1; cmd2; } >> file instead of individual redirects.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7507:
outln "## at $HNAME:$OPENSSL_LOCATION" >>${LOGFILE}
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7508:
outln "## version testssl: $VERSION ${GIT_REL_SHORT:-$CVS_REL_SHORT} from $REL_DATE" >>${LOGFILE}
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7509:
outln "## version openssl: \"$OSSL_VER\" from \"$OSSL_BUILD_DATE\")\n" >>${LOGFILE}
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7510:
exec > >(tee -a ${LOGFILE})
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7573:
ip6=$(grep -wh "$NODE" $etchosts 2>/dev/null | grep ':' | grep -v '^#' | egrep "[[:space:]]$NODE" | awk '{ print $1 }')
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7586:
ip4=$(grep -wh "$1" $etchosts 2>/dev/null | egrep -v ':|^#' | egrep "[[:space:]]$1" | awk '{ print $1 }')
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7609:
ip4=$(filter_ip4_address $(avahi-resolve -4 -n "$1" 2>/dev/null | awk '{ print $2 }'))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 7611:
ip4=$(filter_ip4_address $(dig @224.0.0.251 -p 5353 +short -t a +notcp "$1" 2>/dev/null | sed '/^;;/d'))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 7618:
ip4=$(filter_ip4_address $(dig +short -t a "$1" 2>/dev/null | sed '/^;;/d'))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 7622:
ip4=$(filter_ip4_address $(host -t a "$1" 2>/dev/null | grep -v alias | sed 's/^.*address //'))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 7626:
ip4=$(filter_ip4_address $(drill a "$1" 2>/dev/null | awk '/^\;\;\sANSWER\sSECTION\:$/,/\;\;\sAUTHORITY\sSECTION\:$/ { print $5,$6 }' | sed '/^\s$/d'))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 7630:
ip4=$(filter_ip4_address $(nslookup -querytype=a "$1" 2>/dev/null | awk '/^Name/,/EOF/ { print $0 }' | grep -v Name))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 7646:
ip6=$(filter_ip6_address $(avahi-resolve -6 -n "$NODE" 2>/dev/null | awk '{ print $2 }'))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 7648:
ip6=$(filter_ip6_address $(dig @ff02::fb -p 5353 -t aaaa +short +notcp "$NODE"))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 7653:
ip6=$(filter_ip6_address $(host -t aaaa "$NODE" | grep -v alias | grep -v "no AAAA record" | sed 's/^.*address //'))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 7655:
ip6=$(filter_ip6_address $(dig +short -t aaaa "$NODE" 2>/dev/null))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 7657:
ip6=$(filter_ip6_address $(drill aaaa "$NODE" 2>/dev/null | awk '/^\;\;\sANSWER\sSECTION\:$/,/^\;\;\sAUTHORITY\sSECTION\:$/ { print $5,$6 }' | sed '/^\s$/d'))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 7659:
ip6=$(filter_ip6_address $(nslookup -type=aaaa "$NODE" 2>/dev/null | grep -A10 Name | grep -v Name))
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 7676:
ip4=$(get_local_a $NODE) # is there a local host entry?
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7679:
ip4=$(get_a_record $NODE)
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7684:
ip6=$(get_local_aaaa $NODE)
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7687:
ip6=$(get_aaaa_record $NODE)
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7715:
local nodeip="$(tr -d '[]' <<< $NODEIP)" # for DNS we do not need the square brackets of IPv6 addresses
^-- SC2155: Declare and assign separately to avoid masking return values.
In testssl.sh line 7719:
rDNS=$(avahi-resolve -a $nodeip 2>/dev/null | awk '{ print $2 }')
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7721:
rDNS=$(dig -x $nodeip @224.0.0.251 -p 5353 +notcp +noall +answer | awk '/PTR/ { print $NF }')
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7724:
rDNS=$(dig -x $nodeip +noall +answer | awk '/PTR/ { print $NF }') # +short returns also CNAME, e.g. openssl.org
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7726:
rDNS=$(host -t PTR $nodeip 2>/dev/null | awk '/pointer/ { print $NF }')
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7728:
rDNS=$(drill -x ptr $nodeip 2>/dev/null | awk '/^\;\;\sANSWER\sSECTION\:$/,/\;\;\sAUTHORITY\sSECTION\:$/ { print $5,$6 }' | sed '/^\s$/d')
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7730:
rDNS=$(nslookup -type=PTR $nodeip 2>/dev/null | grep -v 'canonical name =' | grep 'name = ' | awk '{ print $NF }' | sed 's/\.$//')
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7733:
rDNS="$(echo $rDNS)"
^-- SC2116: Useless echo? Instead of 'cmd $(echo foo)', just use 'cmd foo'.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7819:
>$ERRFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7824:
$OPENSSL s_client $STARTTLS_OPTIMAL_PROTO $BUGS -connect "$NODEIP:$PORT" $PROXY -msg -starttls $1 </dev/null >$TMPFILE 2>>$ERRFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7825:
if sclient_auth $? $TMPFILE; then
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7835:
$OPENSSL s_client $OPTIMAL_PROTO $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $sni </dev/null >$TMPFILE 2>>$ERRFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7836:
if sclient_auth $? $TMPFILE; then
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7849:
grep -q '^Server Temp Key' $TMPFILE && HAS_DH_BITS=true # FIX #190
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7858:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7864:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7875:
[[ -n "$PROXY" ]] && \
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 7912:
$OPENSSL s_client -connect $NODEIP:$PORT $PROXY $BUGS $STARTTLS 2>$ERRFILE >$TMPFILE </dev/null
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7914:
debugme cat $TMPFILE
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7918:
grep -q '^Server Temp Key' $TMPFILE && HAS_DH_BITS=true # FIX #190
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7931:
tmpfile_handle $FUNCNAME.txt
^-- SC2128: Expanding an array without an index only gives the first element.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7938:
local nodeip="$(tr -d '[]' <<< $NODEIP)" # for displaying IPv6 addresses we don't need []
^-- SC2155: Declare and assign separately to avoid masking return values.
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 7974:
printf -- "$1"'%.s' $(eval "echo {1.."$(($2))"}")
^-- SC2046: Quote this to prevent word splitting.
In testssl.sh line 8035:
while read cmdline; do
^-- SC2162: read without -r will mangle backslashes.
In testssl.sh line 8043:
$cmdline >$LOGFILE &
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 8044:
sleep $PARALLEL_SLEEP
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 8060:
while read cmdline; do
^-- SC2162: read without -r will mangle backslashes.
In testssl.sh line 8172:
echo ${1#*=}
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 8175:
echo $2
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 8504:
if is_ipv6addr $NODEIP; then
^-- SC2086: Double quote to prevent globbing and word splitting.
In testssl.sh line 8530:
$do_tls_sockets && { [[ $TLS_LOW_BYTE -eq 22 ]] && \
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In testssl.sh line 8533:
$do_test_just_one && test_just_one ${single_cipher}
^-- SC2086: Double quote to prevent globbing and word splitting.
Hello,
I ran this script through shellcheck and found some issues. Here are the issues it found: