Fix for incorrect subdirectory retrieval and adding enhancement to reduce number of evaluations needed

2019-07-08 21:20:45 +02:00 · 2019-07-08 21:20:45 +02:00 · f3f6be6630
parent 054ca21ee3
commit f3f6be6630
1 changed files with 19 additions and 9 deletions
--- a/include/tests_crypto
+++ b/include/tests_crypto
@ -34,6 +34,7 @@
        COUNT_EXPIRED=0
        COUNT_TOTAL=0
        FOUNDPROBLEM=0
+        SKIP=0
        sSSL_PATHS=$(echo ${SSL_CERTIFICATE_PATHS} | ${SEDBINARY} 's/:space:/__space__/g' | ${SEDBINARY} 's/:/ /g')
        sSSL_PATHS=$(echo ${sSSL_PATHS} | ${SEDBINARY} 's/^ //' | ${SORTBINARY} | ${UNIQBINARY})
        LogText "Paths to scan: ${sSSL_PATHS}"
@ -46,20 +47,30 @@
            if [ -d ${DIR} ]; then
                FileIsReadable ${DIR}
                if [ ${CANREAD} -eq 1 ]; then
+                    LASTSUBDIR=""
                    LogText "Result: found directory ${DIR}"
                    # Search for certificate files
                    FILES=$(${FINDBINARY} ${DIR} -type f 2> /dev/null | ${EGREPBINARY} ".crt$|.pem$|^cert" | ${SORTBINARY} | ${SEDBINARY} 's/ /__space__/g')
                    for FILE in ${FILES}; do
-                        SKIP=0
                        FILE=$(echo ${FILE} | ${SEDBINARY} 's/__space__/ /g')
                        # See if we need to skip this path
-                        SUBDIR=$(echo ${FILE} | ${AWKBINARY} -F/ '{print $NF}' | ${SEDBINARY} 's/__space__/ /g')
-                        for D in ${SSL_CERTIFICATE_PATHS_TO_IGNORE}; do
-                            if Equals "${D}" "${SUBDIR}"; then
-                                SKIP=1
-                            fi
-                        done
+                        SUBDIR=$(echo ${FILE} | ${AWKBINARY} -F/ 'sub(FS $NF,x)' | ${SEDBINARY} 's/__space__/ /g')
+                        # If we discover a new directory, do evaluation
+                        #Debug "File   : ${FILE}"
+                        #Debug "Lastdir: ${LASTSUBDIR}"
+                        #Debug "Curdir : ${SUBDIR}"
+                        if [ ! "${SUBDIR}" = "${LASTSUBDIR}" ]; then
+                            SKIP=0
+                            # Now check if this path is on the to-be-ignored list
+                            for D in ${SSL_CERTIFICATE_PATHS_TO_IGNORE}; do
+                                if Equals "${D}" "${SUBDIR}"; then
+                                    SKIP=1
+                                    LogText "Result: skipping directory (${SUBDIR}) as it is on ignore list"
+                                fi
+                            done
+                        fi
                        if [ ${SKIP} -eq 0 ]; then
+                            #Debug "Testing ${FILE} in path: $SUBDIR"
                            COUNT_DIR=$((COUNT_DIR + 1))
                            FileIsReadable "${FILE}"
                            if [ ${CANREAD} -eq 1 ]; then
@ -93,9 +104,8 @@
                            else
                                LogText "Result: can not read file ${FILE} (no permission)"
                            fi
-                        else
-                            LogText "Result: path ${SUBDIR} skipped according to profile"
                        fi
+                        LASTSUBDIR="${SUBDIR}"
                    done
                    COUNT_TOTAL=$((COUNT_TOTAL + COUNT_DIR))
                    LogText "Result: found ${COUNT_DIR} certificates in ${DIR}"