Invert grep of a lot of values no consistent output

Question

I'm currently working on setting up automatized pentest reporting. The scripts I set up perform TLS and other security checks to see if the application is secure in these aspects yes or no. Currently use the testssl.sh application (which can be found here: https://testssl.sh/) to perform these checks. I then output the findings to a csv file and created a script that greps the file in question and based on what is found, he will mention something is wrong or is correct. Seeing as I have performed a check and all values were correct, I apply invert greps to say that whenever the value cannot be found in the file, then he needs to perform a certain action.

At first I thought the script I was working on was working, however, when testing another site, the output generated is not correct. Things that are missing should be mentioned, however, when I invert grep only one term without placing OR statements in between the large amounts of things that need to be checked it seems to work.

I have tried all sorts of grep types to get a constant output, but no luck so far. So far, I have tried the following:

if grep -v -e "NULLciphersnoencryptionnotoffered" -e "AnonymousNULLCiphersnoauthenticationnotoffered" -e "ExportcipherswoADHNULLnotoffered" -e "LOW64BitDESencryptionwoexportnotoffered|" -e "Weak128BitciphersSEEDIDEARC24notoffered" -e "TripleDESCiphersMediumnotoffered" -e "HighencryptionAESCamellianoAEADoffered" -e "StrongencryptionAEADciphersoffered" ./resultaten/tls-cipher-suites-ng.csv; then
        echo 'This is wrong' >> ../CH-40-Scans.tex
else
    echo 'This is correct.' >> ../CH-40-Scans.tex
fi

What I see is that the above does not show This is wrong, but This is correct, while the following does trigger:

if ! grep -q -i "ipv6enabled" ./resultaten/tls-vulnerabilities-new-def.csv; then
    echo '\item This is wrong.' >> ../CH-40-Scans.tex
fi

I already replaced the -e with the | variant, but I am not having luck so far on finding a consistent working method (also tried things as egrep). Is there another way to get this working? I don't mind using things such as Java or PHP or whatever to get this working, so if those are needed to create something consistent that would be fine.

I would gladly hear anything I could try to get a trustworthy working fix.

Answer 1

I don't know what it is you're trying to do but try these:

if awk '/NULLciphersnoencryptionnotoffered/ || \
       /AnonymousNULLCiphersnoauthenticationnotoffered/ || \
       /StrongencryptionAEADciphersoffered/ { f=1; exit }
       END { exit !f }' ./resultaten/tls-cipher-suites-ng.csv; then
    echo 'Present'
else
    echo 'Absent'
fi

if awk -v RS='^$' '/NULLciphersnoencryptionnotoffered/ && \
       /AnonymousNULLCiphersnoauthenticationnotoffered/ && \
       /StrongencryptionAEADciphersoffered/ { f=1 }
       END { exit !f }' ./resultaten/tls-cipher-suites-ng.csv; then
    echo 'Present'
else
    echo 'Absent'
fi

The first one will exit success if any of the "strings" are present, the second one will exit success if all of them are present. That second one requires GNU awk for multi-char RS.

Answer 2

This works, and may serve as an example (note I have commented out the redirection to /dev/null)

$> cat script
#!/bin/bash

e1="$1"
e2="$2"

if grep -v -e "$e1" -e "$e2" infile #>/dev/null
then
    echo "found at least one line without the string(s)"
else
    echo "found NO lines without all the string(s)!"
fi

$> cat infile
nabucco
aida
il trovatore

$> script a b
found NO lines without all the string(s)!

$> script z b
aida
trovatore
found at least one line without the string(s)