From f109c318d9f03be9adad9067c31b93640401a903 Mon Sep 17 00:00:00 2001
From: mboelen <michael@cisofy.com>
Date: Wed, 27 Apr 2016 16:51:12 +0200
Subject: [PATCH] Detect when weak protocols are used, simplify nginx test

---
 include/consts           |  1 +
 include/functions        | 22 +++++++++++++++-------
 include/tests_webservers |  3 +--
 3 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/include/consts b/include/consts
index 4dd60428..6fba69b4 100644
--- a/include/consts
+++ b/include/consts
@@ -123,6 +123,7 @@ unset LANG
     NGINX_SSL_PROTOCOLS=0
     NGINX_RETURN_FOUND=0
     NGINX_ROOT_FOUND=0
+    NGINX_WEAK_SSL_PROTOCOL_FOUND=0
     NTPD_ROLE=""
     ORACLE_RUNNING=0
     OS=""; OS_MODE=""
diff --git a/include/functions b/include/functions
index 83346f50..1e24813a 100644
--- a/include/functions
+++ b/include/functions
@@ -1415,6 +1415,12 @@
                     NGINX_SSL_PROTOCOLS=1
                     VALUE=`echo ${VALUE} | sed 's/;$//' | tr '[:upper:]' '[:lower:]'`
                     for ITEM in ${VALUE}; do
+                        LogText "Result: found protocol ${ITEM}"
+                        case ${ITEM} in
+                            "sslv2" | "sslv3")
+                                NGINX_WEAK_SSL_PROTOCOL_FOUND=1
+                            ;;
+                        esac
                         Report "ssl_tls_protocol_enabled[]=${ITEM}"
                         ReportDetails --service nginx --field protocol --value "${ITEM}"
                     done
@@ -1746,24 +1752,24 @@
             case $1 in
                 --description)
                     shift
-                    TEST_DESCRIPTION=$1
+                    TEST_DESCRIPTION="desc:$1;"
                 ;;
                 --field)
                     shift
-                    TEST_FIELD=$1
+                    TEST_FIELD="field:$1;"
                 ;;
                 --preferredvalue|--preferred-value)
                     shift
-                    TEST_PREFERRED_VALUE=$1
+                    TEST_PREFERRED_VALUE="prefval:$1;"
                 ;;
                 # Other details
                 --other)
                     shift
-                    TEST_OTHER=$1
+                    TEST_OTHER="other:$1;"
                 ;;
                 --service)
                     shift
-                    TEST_SERVICE=$1
+                    TEST_SERVICE="service:$1;"
                 ;;
                 --test)
                     shift
@@ -1771,7 +1777,7 @@
                 ;;
                 --value)
                     shift
-                    TEST_VALUE=$1
+                    TEST_VALUE="value:$1;"
                 ;;
 
                 *)
@@ -1781,7 +1787,9 @@
             esac
             shift # Go to next parameter
         done
-        Report "details[]=${TEST_ID}|service:${TEST_SERVICE}|desc:${TEST_DESCRIPTION};field:${TEST_FIELD};prefval:${TEST_PREFERRED_VALUE};value:${TEST_VALUE};other:${TEST_OTHER}|"
+        if [ "${TEST_ID}" = "" ]; then TEST_ID="-"; fi
+        if [ "${TEST_SERVICE}" = "" ]; then TEST_SERVICE="-"; fi
+        Report "details[]=${TEST_ID}|${TEST_SERVICE}|${TEST_DESCRIPTION}${TEST_FIELD}${TEST_PREFERRED_VALUE}${TEST_VALUE}${TEST_OTHER}|"
     }
 
     # Log exceptions
diff --git a/include/tests_webservers b/include/tests_webservers
index 7d0b3840..5f1fc101 100644
--- a/include/tests_webservers
+++ b/include/tests_webservers
@@ -504,8 +504,7 @@
 
             if [ ${NGINX_SSL_PROTOCOLS} -eq 1 ]; then
                 Display --indent 8 --text "- Protocols configured" --result "YES" --color GREEN
-                FIND=`${GREPBINARY} "ssl_protocols" ${NGINX_CONF_LOCATION} | ${GREPBINARY} "SSLv[123]"`
-                if [ "${FIND}" = "" ]; then
+                if [ ${NGINX_WEAK_SSL_PROTOCOL_FOUND} -eq 0 ]; then
                     Display --indent 10 --text "- Insecure protocols found" --result "NO" --color GREEN
                   else
                     Display --indent 10 --text "- Insecure protocols found" --result "YES" --color RED