PoC for unit test in bash

wondratsch · May 31, 2017 · 91b9236 · 91b9236
1 parent 55b89ee
commit 91b9236
Showing 1 changed file with 105 additions and 0 deletions.
diff --git a/utils/00_unittest_baseline.sh b/utils/00_unittest_baseline.sh
@@ -0,0 +1,105 @@
+#!/usr/bin/env bash
+#
+# PoC for unit tests in bash. Basic test with s_server, works under Linux only atm
+
+OPENSSL="bin/openssl.$(uname).$(uname -m)"
+$OPENSSL version -a || exit 1
+
+FILE=tmp.json
+
+remove_quotes() {
+     sed -i 's/"//g' $FILE
+}
+
+# arg1:   id_value
+# arg2:   string to check against severity_value (optional)
+# arg2,3: string to check against finding_value
+# return: 0 whether it contains arg2 or arg3 (0: yes, 1: matches not)
+check_result() {
+     # id           : sslv3,
+     # ip           : localhost/127.0.0.1,
+     # port         : 4433,
+     # severity     : HIGH,
+     # finding      : SSLv3 is offered
+
+     local json_result=""
+     local severity_value=""
+     local finding_value=""
+
+     remove_quotes
+     json_result="$(awk '/id.*'"${1}"'/,/finding.*$/' $FILE)"
+     [[ -z $json_result ]] && exit -1
+     # is4lines?
+     finding_value="$(awk -F':' '/finding/ { print $2" "$3" "$4 }' <<< "$json_result")"
+     if [[ $# -eq 2 ]]; then
+          [[ $finding_value =~ "$2" ]] && return 0 || return 1
+     fi
+     severity_value="$(awk -F':' '/severity/ { print $2 }' <<< "$json_result")"
+     if [[ $finding_value =~ "$3" ]] && [[ $severity_value =~ "$2" ]] ; then
+          return 0
+     else
+          return 1
+     fi
+}
+
+### generate self signed certificate
+$OPENSSL req -new -x509 -out /tmp/server.crt -nodes -keyout /tmp/server.pem -subj '/CN=localhost' &>/dev/null || exit 2
+echo
+
+
+### 1) test protocol SSlv2:
+$OPENSSL s_server -www -ssl2 -key /tmp/server.pem -cert /tmp/server.crt &>/dev/null &
+pid=$!
+rm $FILE 2>/dev/null
+echo "Running testssl.sh SSLv2 protocol check against localhost for SSLv2: "
+./testssl.sh -p -q --warnings=off --jsonfile=$FILE localhost:4433
+check_result sslv2 CRITICAL "SSLv2 offered"
+[[ $? -eq 0 ]] && echo "SSLv2: PASSED" || echo "FAILED"
+echo
+kill $pid
+wait $pid 2>/dev/null
+
+### 2) test NPN + ALPN
+$OPENSSL s_server -cipher 'ALL:COMPLEMENTOFALL' -alpn "h2" -nextprotoneg "spdy/3, http/1.1" -www -key /tmp/server.pem -cert /tmp/server.crt &>/dev/null &
+pid=$!
+rm $FILE
+echo "Running testssl.sh HTTP/2 protocol checks against localhost: "
+./testssl.sh -q --jsonfile=$FILE --protocols localhost:4433
+if check_result spdy_npn "spdy/3,  http/1.1"; then
+     echo "SPDY/NPN:  PASSED"
+else
+     echo "SPDY/NPN:  FAILED"
+fi
+
+if check_result https_alpn "h2"; then
+     echo "HTTP2/ALPN: PASSED"
+else
+     echo "HTTP2/ALPN: FAILED"
+fi
+kill $pid
+wait $pid 2>/dev/null
+
+rm $FILE
+exit 0
+
+### 3) test almost all other stuff
+$OPENSSL s_server -cipher 'ALL:COMPLEMENTOFALL' -www -key /tmp/server.pem -cert /tmp/server.crt &>/dev/null &
+pid=$!
+rm $FILE
+echo "Running basline check with testssl.sh against localhost"
+./testssl.sh -q --jsonfile=$FILE --protocols --standard  --pfs --vulnerable --each-cipher --client-simulation localhost:4433
+#check_result sslv2 CRITICAL "is offered"
+kill -9 $pid
+wait $pid 2>/dev/null
+
+
+
+### test server defaults
+# ./testssl.sh -q --jsonfile=$FILE --server-defaults localhost:4433
+# -serverpref
+# -no_ticket
+# -no_resumption_on_reneg
+# -status
+
+# vim:ts=5:sw=5:expandtab
+