diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2019-07-08 22:20:45 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2019-07-08 22:20:45 +0300 |
commit | f3f6be6630f3b3ecfa40daf99e2e8ea81022849c (patch) | |
tree | 0ac1f8c88e8f37fe21d292d9b3a3041a08a7d63c /include/tests_crypto | |
parent | 054ca21ee34475ae123570b110aedbb7f5221af9 (diff) |
Fix for incorrect subdirectory retrieval and adding enhancement to reduce number of evaluations needed
Diffstat (limited to 'include/tests_crypto')
-rw-r--r-- | include/tests_crypto | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/include/tests_crypto b/include/tests_crypto index 2d064b5f..9be27b6f 100644 --- a/include/tests_crypto +++ b/include/tests_crypto @@ -34,6 +34,7 @@ COUNT_EXPIRED=0 COUNT_TOTAL=0 FOUNDPROBLEM=0 + SKIP=0 sSSL_PATHS=$(echo ${SSL_CERTIFICATE_PATHS} | ${SEDBINARY} 's/:space:/__space__/g' | ${SEDBINARY} 's/:/ /g') sSSL_PATHS=$(echo ${sSSL_PATHS} | ${SEDBINARY} 's/^ //' | ${SORTBINARY} | ${UNIQBINARY}) LogText "Paths to scan: ${sSSL_PATHS}" @@ -46,20 +47,30 @@ if [ -d ${DIR} ]; then FileIsReadable ${DIR} if [ ${CANREAD} -eq 1 ]; then + LASTSUBDIR="" LogText "Result: found directory ${DIR}" # Search for certificate files FILES=$(${FINDBINARY} ${DIR} -type f 2> /dev/null | ${EGREPBINARY} ".crt$|.pem$|^cert" | ${SORTBINARY} | ${SEDBINARY} 's/ /__space__/g') for FILE in ${FILES}; do - SKIP=0 FILE=$(echo ${FILE} | ${SEDBINARY} 's/__space__/ /g') # See if we need to skip this path - SUBDIR=$(echo ${FILE} | ${AWKBINARY} -F/ '{print $NF}' | ${SEDBINARY} 's/__space__/ /g') - for D in ${SSL_CERTIFICATE_PATHS_TO_IGNORE}; do - if Equals "${D}" "${SUBDIR}"; then - SKIP=1 - fi - done + SUBDIR=$(echo ${FILE} | ${AWKBINARY} -F/ 'sub(FS $NF,x)' | ${SEDBINARY} 's/__space__/ /g') + # If we discover a new directory, do evaluation + #Debug "File : ${FILE}" + #Debug "Lastdir: ${LASTSUBDIR}" + #Debug "Curdir : ${SUBDIR}" + if [ ! "${SUBDIR}" = "${LASTSUBDIR}" ]; then + SKIP=0 + # Now check if this path is on the to-be-ignored list + for D in ${SSL_CERTIFICATE_PATHS_TO_IGNORE}; do + if Equals "${D}" "${SUBDIR}"; then + SKIP=1 + LogText "Result: skipping directory (${SUBDIR}) as it is on ignore list" + fi + done + fi if [ ${SKIP} -eq 0 ]; then + #Debug "Testing ${FILE} in path: $SUBDIR" COUNT_DIR=$((COUNT_DIR + 1)) FileIsReadable "${FILE}" if [ ${CANREAD} -eq 1 ]; then @@ -93,9 +104,8 @@ else LogText "Result: can not read file ${FILE} (no permission)" fi - else - LogText "Result: path ${SUBDIR} skipped according to profile" fi + LASTSUBDIR="${SUBDIR}" done COUNT_TOTAL=$((COUNT_TOTAL + COUNT_DIR)) LogText "Result: found ${COUNT_DIR} certificates in ${DIR}" |