Skip to content

fix(rating): explicit enable rating if required vuln-checks are enabled #2669

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 23, 2025
Merged

fix(rating): explicit enable rating if required vuln-checks are enabled #2669

merged 1 commit into from
Feb 23, 2025

Conversation

magnuslarsen
Copy link
Contributor

Describe your changes

Please refer to an issue here or describe the change thoroughly in your PR.

What is your pull request about?

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Typo fix
  • Documentation update
  • Update of other files

If it's a code change please check the boxes which are applicable

  • For the main program: My edits contain no tabs and the indentation is five spaces
  • I've read CONTRIBUTING.md and Coding_Convention.md
  • I have tested this fix against >=2 hosts and I couldn't spot a problem
  • I have tested this new feature against >=2 hosts which show this feature and >=2 host which does not (in order to avoid side effects) . I couldn't spot a problem
  • For the new feature I have made corresponding changes to the documentation and / or to help()
  • If it's a bigger change: I added myself to CREDITS.md (alphabetical order) and the change to CHANGELOG.md

Fixes #2665 - by explicitly enabling rating if all required vulnerability checks are enabled

do_rating is false by default, but is set to true with set_scanning_defaults() which is run when no parameters are passed (or when --full (maybe a few other options as well) is passed)

When do_rating=true (i.e. when set_scanning_defaults() is called) the set_rating_state() function is never ran.
(see https://github.com/testssl/testssl.sh/blob/3.2/testssl.sh#L24260-L24266)

So... set_rating_state() is only run when do_rating=false; which means we have to set do_rating=true inside the function if all required vuln-checks are enabled.
I did leave the do_rating=false return in there, as it provides valuable readability. Let me know if you want that out there; I can easily inverse the logic :-)

So this fix will leave cases where no arguments are passed (or --full, ...) with no changes; but correctly fix cases where one would pass all required parameters (as in the referenced issue)

@magnuslarsen magnuslarsen mentioned this pull request Feb 23, 2025
Closed
@drwetter drwetter merged commit ff41cbb into testssl:3.2 Feb 23, 2025
2 checks passed
@drwetter
Copy link
Collaborator

Thanks a bunch @magnuslarsen

@chiouss chiouss mentioned this pull request Jul 6, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG / possible BUG] - Rating is not provided when single checks is given as parameters
2 participants
@magnuslarsen @drwetter