From f3f6be6630f3b3ecfa40daf99e2e8ea81022849c Mon Sep 17 00:00:00 2001
From: Michael Boelen <michael.boelen@cisofy.com>
Date: Mon, 8 Jul 2019 21:20:45 +0200
Subject: Fix for incorrect subdirectory retrieval and adding enhancement to
 reduce number of evaluations needed

---
 include/tests_crypto | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

(limited to 'include/tests_crypto')

diff --git a/include/tests_crypto b/include/tests_crypto
index 2d064b5f..9be27b6f 100644
--- a/include/tests_crypto
+++ b/include/tests_crypto
@@ -34,6 +34,7 @@
         COUNT_EXPIRED=0
         COUNT_TOTAL=0
         FOUNDPROBLEM=0
+        SKIP=0
         sSSL_PATHS=$(echo ${SSL_CERTIFICATE_PATHS} | ${SEDBINARY} 's/:space:/__space__/g' | ${SEDBINARY} 's/:/ /g')
         sSSL_PATHS=$(echo ${sSSL_PATHS} | ${SEDBINARY} 's/^ //' | ${SORTBINARY} | ${UNIQBINARY})
         LogText "Paths to scan: ${sSSL_PATHS}"
@@ -46,20 +47,30 @@
             if [ -d ${DIR} ]; then
                 FileIsReadable ${DIR}
                 if [ ${CANREAD} -eq 1 ]; then
+                    LASTSUBDIR=""
                     LogText "Result: found directory ${DIR}"
                     # Search for certificate files
                     FILES=$(${FINDBINARY} ${DIR} -type f 2> /dev/null | ${EGREPBINARY} ".crt$|.pem$|^cert" | ${SORTBINARY} | ${SEDBINARY} 's/ /__space__/g')
                     for FILE in ${FILES}; do
-                        SKIP=0
                         FILE=$(echo ${FILE} | ${SEDBINARY} 's/__space__/ /g')
                         # See if we need to skip this path
-                        SUBDIR=$(echo ${FILE} | ${AWKBINARY} -F/ '{print $NF}' | ${SEDBINARY} 's/__space__/ /g')
-                        for D in ${SSL_CERTIFICATE_PATHS_TO_IGNORE}; do
-                            if Equals "${D}" "${SUBDIR}"; then
-                                SKIP=1
-                            fi
-                        done
+                        SUBDIR=$(echo ${FILE} | ${AWKBINARY} -F/ 'sub(FS $NF,x)' | ${SEDBINARY} 's/__space__/ /g')
+                        # If we discover a new directory, do evaluation
+                        #Debug "File   : ${FILE}"
+                        #Debug "Lastdir: ${LASTSUBDIR}"
+                        #Debug "Curdir : ${SUBDIR}"
+                        if [ ! "${SUBDIR}" = "${LASTSUBDIR}" ]; then
+                            SKIP=0
+                            # Now check if this path is on the to-be-ignored list
+                            for D in ${SSL_CERTIFICATE_PATHS_TO_IGNORE}; do
+                                if Equals "${D}" "${SUBDIR}"; then
+                                    SKIP=1
+                                    LogText "Result: skipping directory (${SUBDIR}) as it is on ignore list"
+                                fi
+                            done
+                        fi
                         if [ ${SKIP} -eq 0 ]; then
+                            #Debug "Testing ${FILE} in path: $SUBDIR"
                             COUNT_DIR=$((COUNT_DIR + 1))
                             FileIsReadable "${FILE}"
                             if [ ${CANREAD} -eq 1 ]; then
@@ -93,9 +104,8 @@
                             else
                                 LogText "Result: can not read file ${FILE} (no permission)"
                             fi
-                        else
-                            LogText "Result: path ${SUBDIR} skipped according to profile"
                         fi
+                        LASTSUBDIR="${SUBDIR}"
                     done
                     COUNT_TOTAL=$((COUNT_TOTAL + COUNT_DIR))
                     LogText "Result: found ${COUNT_DIR} certificates in ${DIR}"
-- 
cgit v1.2.3