From 32eab3ead9c988e4574776987b09cd0df27176ed Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Wed, 22 Apr 2020 17:14:05 +0200
Subject: [PATCH] Fix problem with --disable-rating

by introducing framework for tests to be skipped, see also #1502.
As a first example for the development branch should serve
--disable-rating / --no-rating. The latter is for now undocumented.
Also the big case statement in parse_cmd_line()  may use a general
--disable-* or --no-* clause where all --disable-* / --no-* are
being parsed/

A new function set_skip_tests() is being introduced which
sets do_<variables> according to the new array SKIP_TESTS .
Any new test do be skipped needs to be added to that array.

The changes in the --devel part come from the tries to fix
the syntax highlight in vim -- which in the end difn't work
---
 testssl.sh | 41 ++++++++++++++++++++++++++++++-----------
 1 file changed, 30 insertions(+), 11 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index f6f5656..5990768 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -140,6 +140,7 @@ declare CMDLINE
 CMDLINE_PARSED=""                                 # This makes sure we don't let early fatal() write into files when files aren't created yet
 declare -r -a CMDLINE_ARRAY=("$@")                # When performing mass testing, the child processes need to be sent the
 declare -a MASS_TESTING_CMDLINE                   # command line in the form of an array (see #702 and https://mywiki.wooledge.org/BashFAQ/050).
+declare -a SKIP_TESTS=()                          # This array hold the checks to be skipped
 
 
 ########### Defining (and presetting) variables which can be changed
@@ -20842,7 +20843,6 @@ set_scanning_defaults() {
      else
           VULN_COUNT=12
      fi
-     do_rating=true
 }
 
 # returns number of $do variables set = number of run_funcs() to perform
@@ -20869,10 +20869,26 @@ debug_globals() {
                do_sweet32 do_client_simulation do_cipher_match do_tls_sockets do_mass_testing do_display_only do_rating; do
           printf "%-22s = %s\n" $gbl "${!gbl}"
      done
+     # ${!var} is an indirect expansion, see https://www.gnu.org/software/bash/manual/html_node/Shell-Parameter-Expansion.html
+     # Example: https://stackoverflow.com/questions/8515411/what-is-indirect-expansion-what-does-var-mean#8515492
      printf "%-22s : %s\n" URI: "$URI"
 }
 
 
+# This is determining the tests which should be skipped by --no-* or --disable-* a a cmdline arg.
+# It achieves that by setting the do_<variables> according to the global array $SKIP_TESTS
+#
+set_skip_tests() {
+     for t in ${SKIP_TESTS[@]} ; do
+          t="do_${t}"
+          # declare won't do it here --> local scope
+          eval "$t"=false
+          debugme printf '%s\n' "set $t: ${!t}"
+     done
+}
+
+
+
 # arg1: either switch+value (=) or switch
 # arg2: value (if no = provided)
 parse_opt_equal_sign() {
@@ -20944,7 +20960,7 @@ parse_cmd_line() {
                ;;
      esac
 
-     # set all globals to false
+     # set all do_* globals to false
      initialize_globals
 
      while [[ $# -gt 0 ]]; do
@@ -21130,8 +21146,10 @@ parse_cmd_line() {
                -g|--grease)
                     do_grease=true
                     ;;
-               --disable-rating)
-                    do_rating=false
+               --disable-rating|--no-rating)
+                    SKIP_TESTS+=("rating")
+                    # TODO: a generic thing would be --disable-* / --no-* ,
+                    # catch $1 and add it to the array ( #1502 )
                     ;;
                -9|--full)
                     set_scanning_defaults
@@ -21143,18 +21161,18 @@ parse_cmd_line() {
                     ADDTL_CA_FILES="$(parse_opt_equal_sign "$1" "$2")"
                     [[ $? -eq 0 ]] && shift
                     ;;
-               --devel) ### this development feature will soon disappear
+               --devel) echo -e "\nthis is a development feature and may disappear at any time"
                     # arg1: SSL/TLS protocol (SSLv2=22)
                     # arg2: list of cipher suites / hostname/ip
                     # arg3: hostname/ip
-                    HEX_CIPHER="$TLS12_CIPHER"
-                    # DEBUG=3  ./testssl.sh --devel 04 "13,02, 13,01" google.com                               --> TLS 1.3
-                    # DEBUG=3  ./testssl.sh --devel 03 "cc, 13, c0, 13" google.de                              --> TLS 1.2, old CHACHA/POLY
-                    # DEBUG=3  ./testssl.sh --devel 03 "cc,a8, cc,a9, cc,aa, cc,ab, cc,ac" blog.cloudflare.com -->          new CHACHA/POLY
-                    # DEBUG=3  ./testssl.sh --devel 01 yandex.ru                     --> TLS 1.0
+                    # DEBUG=3  ./testssl.sh --devel 04 "13,02, 13,01" google.com                                --> TLS 1.3
+                    # DEBUG=3  ./testssl.sh --devel 03 "cc, 13, c0, 13" google.de                               --> TLS 1.2, old CHACHA/POLY
+                    # DEBUG=3  ./testssl.sh --devel 03 "cc,a8, cc,a9, cc,aa, cc,ab, cc,ac" blog.cloudflare.com  -->          new CHACHA/POLY
+                    # DEBUG=3  ./testssl.sh --devel 01 yandex.ru                                                --> TLS 1.0
                     # DEBUG=3  ./testssl.sh --devel 00 <host which supports SSLv3>
                     # DEBUG=3  ./testssl.sh --devel 22 <host which still supports SSLv2>
-                    TLS_LOW_BYTE="$2";
+                    HEX_CIPHER="$TLS12_CIPHER"
+                    TLS_LOW_BYTE="$2"
                     if [[ $# -eq 4 ]]; then  # protocol AND ciphers specified
                          HEX_CIPHER="$3"
                          shift
@@ -21454,6 +21472,7 @@ parse_cmd_line() {
 
      count_do_variables
      [[ $? -eq 0 ]] && set_scanning_defaults
+     set_skip_tests
      [[ "$DEBUG" -ge 5 ]] && debug_globals
 
      # Unless explicit disabled, check if rating can be enabled