From 69df2c459f6e43f4348ccf49fafcc737f21e43db Mon Sep 17 00:00:00 2001 From: Corey Bonnell Date: Mon, 22 Apr 2024 16:09:13 -0400 Subject: [PATCH] Clamp CLI exit codes (#76) * Clamp CLI exit codes to ensure a zero exit code is not returned when findings are reported * Bump version and add changelog entry --- CHANGELOG.md | 6 + VERSION.txt | 2 +- pkilint/bin/lint_cabf_serverauth_cert.py | 2 +- pkilint/bin/lint_cabf_smime_cert.py | 2 +- pkilint/bin/lint_crl.py | 2 +- pkilint/bin/lint_ocsp_response.py | 2 +- pkilint/bin/lint_pkix_cert.py | 2 +- .../bin/lint_pkix_signer_signee_cert_chain.py | 2 +- pkilint/util.py | 6 + tests/test_cli_smoke.py | 204 ++++++++++++++++++ 10 files changed, 223 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 97963a3..169d5cb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to this project from version 0.9.3 onwards are documented in this file. +## 0.10.1 - 2024-04-22 + +### Fixes + +- Clamp CLI exit codes (#76) + ## 0.10.0 - 2024-04-11 ### New features/enhancements diff --git a/VERSION.txt b/VERSION.txt index 78bc1ab..5712157 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -0.10.0 +0.10.1 diff --git a/pkilint/bin/lint_cabf_serverauth_cert.py b/pkilint/bin/lint_cabf_serverauth_cert.py index 4396add..7ba41b0 100644 --- a/pkilint/bin/lint_cabf_serverauth_cert.py +++ b/pkilint/bin/lint_cabf_serverauth_cert.py @@ -98,7 +98,7 @@ def main(cli_args=None) -> int: print(args.format(results, args.severity)) - return report.get_findings_count(results, args.severity) + return util.clamp_exit_code(report.get_findings_count(results, args.severity)) if __name__ == "__main__": diff --git a/pkilint/bin/lint_cabf_smime_cert.py b/pkilint/bin/lint_cabf_smime_cert.py index 3dcba98..4e7addb 100644 --- a/pkilint/bin/lint_cabf_smime_cert.py +++ b/pkilint/bin/lint_cabf_smime_cert.py @@ -150,7 +150,7 @@ def main(cli_args=None) -> int: print(args.format(results, args.severity)) - return report.get_findings_count(results, args.severity) + return util.clamp_exit_code(report.get_findings_count(results, args.severity)) if __name__ == '__main__': diff --git a/pkilint/bin/lint_crl.py b/pkilint/bin/lint_crl.py index f5d633a..09edfc1 100644 --- a/pkilint/bin/lint_crl.py +++ b/pkilint/bin/lint_crl.py @@ -89,7 +89,7 @@ def main(cli_args=None) -> int: print(args.format(results, args.severity)) - return report.get_findings_count(results, args.severity) + return util.clamp_exit_code(report.get_findings_count(results, args.severity)) if __name__ == "__main__": diff --git a/pkilint/bin/lint_ocsp_response.py b/pkilint/bin/lint_ocsp_response.py index d9ea556..066be93 100644 --- a/pkilint/bin/lint_ocsp_response.py +++ b/pkilint/bin/lint_ocsp_response.py @@ -47,7 +47,7 @@ def main(cli_args=None) -> int: print(args.format(results, args.severity)) - return report.get_findings_count(results, args.severity) + return util.clamp_exit_code(report.get_findings_count(results, args.severity)) if __name__ == "__main__": diff --git a/pkilint/bin/lint_pkix_cert.py b/pkilint/bin/lint_pkix_cert.py index 5915104..b9b54d1 100644 --- a/pkilint/bin/lint_pkix_cert.py +++ b/pkilint/bin/lint_pkix_cert.py @@ -54,7 +54,7 @@ def main(cli_args=None) -> int: print(args.format(results, args.severity)) - return report.get_findings_count(results, args.severity) + return util.clamp_exit_code(report.get_findings_count(results, args.severity)) if __name__ == "__main__": diff --git a/pkilint/bin/lint_pkix_signer_signee_cert_chain.py b/pkilint/bin/lint_pkix_signer_signee_cert_chain.py index 7ae3a50..61f36d8 100644 --- a/pkilint/bin/lint_pkix_signer_signee_cert_chain.py +++ b/pkilint/bin/lint_pkix_signer_signee_cert_chain.py @@ -120,7 +120,7 @@ def main(cli_args=None) -> int: print(args.format(results, args.severity)) - return report.get_findings_count(results, args.severity) + return util.clamp_exit_code(report.get_findings_count(results, args.severity)) if __name__ == '__main__': diff --git a/pkilint/util.py b/pkilint/util.py index 1a4d0a6..70692d5 100644 --- a/pkilint/util.py +++ b/pkilint/util.py @@ -78,3 +78,9 @@ def add_report_format_arg(parser): def add_standard_args(parser): add_severity_arg(parser) add_report_format_arg(parser) + + +# This ensures that if a large (>255) number of findings are reported, we don't accidentally exit with an +# exit code of 0. This could happen if the number of findings is a multiple of 256. +def clamp_exit_code(exit_code): + return min(exit_code, 255) diff --git a/tests/test_cli_smoke.py b/tests/test_cli_smoke.py index cd87a9a..3f1f6d2 100644 --- a/tests/test_cli_smoke.py +++ b/tests/test_cli_smoke.py @@ -288,3 +288,207 @@ def test_lint_pkix_signer_signee_cert_chain_lint(): issuer_f.close() os.unlink(issuer_f.name) + + +def test_exit_code_multiple_256_findings(): + ret = subprocess.run( + ['lint_cabf_serverauth_cert', 'lint', '-d', '-f', 'csv', '-'], + input=b"""-----BEGIN CERTIFICATE----- +MIIjSTCCIjGgAwIBAgIKd3d3d3d3d3d3dzANBgkqhkiG9w0BAQsFADBFMQswCQYD +VQQGEwJVUzETMBEGA1UEChMKQ2VydHMgUiBVczEhMB8GA1UEAxMYQ2VydHMgUiBV +cyBJc3N1aW5nIENBIEcxMB4XDTIzMDYwMjAwMDAwMFoXDTI0MDYwMTIzNTk1OVow +ADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjfM1nBO6c4jF2eL+PP +y+pQOjb+d6eYUk3CypR4j+bzV104d/LT12ukkEL3cR5YapINlZFfMnGxkxz12+AK +1tKo2m8agDlXTeWvl1hS0axCGOGZL16wvR078oxejK2nmfWlUdFhSmWpFyOeuxCG +tTaeqjOHjABvKOwqXNlRTlw0CCQ6j2GFqLGPbJ5yfqGLiDGBB+iVdS8oCQ6RtPks +HH/FNBVeWbwhHE6jrH+yTHbkxJzZwc5W86YHH0PwmsXdCT9gdyfYD1UFm4Ly9iBA +CgUEYbnXEeYmiZV40yDFbwkZ2JvhmtjN4zJpEc4/DP40wMolSZ1F0Gd+2XjJDjSV +iDkCAwEAAaOCIH4wgiB6MB8GA1UdIwQYMBaAFGpOUL+YaJ1beyB11FkBeUhmkjIG +MB0GA1UdEQEB/wQTMBGCD3d3dy5leGFtcGxlLmNvbTAOBgNVHQ8BAf8EBAMCB4Aw +HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDYGA1UdHwQvMC0wK6ApoCeG +JWh0dHA6Ly9jcmwuY2VydHNydXMuY29tL0lzc3VpbmdDQS5jcmwwEwYDVR0gBAww +CjAIBgZngQwBAgEwgh4rBggrBgEFBQcBAQSCHh0wgh4ZMBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBo +dHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwG +CCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8v +dGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUF +BzABhhBodHRwOi8vdGVzdC50ZXN0MBwGCCsGAQUFBzABhhBodHRwOi8vdGVzdC50 +ZXN0MDUGCCsGAQUFBzAChilodHRwOi8vY2FjZXJ0cy5jZXJ0c3J1cy5jb20vSXNz +dWluZ0NBLmNydDAMBgNVHRMBAf8EAjAAMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFp +AWcAdwB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAYj4va8AAAAE +AwBIMEYCIQCJ6/3b0IBPMTBz2BnztDtEljOplTKLJ+5aLpSnTMi8ngIhAKA5BuMf +FW/zjdC20nLujmm1I/8rikIDoSd0M3jErK8YAHUASLDja9qmRzQP5WoC+p0w6xxS +ActW3SyB2bu/qznYhHMAAAGI+L2vMgAABAMARjBEAiB5qzY/+SKx4S30VxZXnTiF +cOcLigTLzDc7kV4XjQaPNwIgPriQx2hOYEzeBPpy39G0lZM+FAshMq05FD9VRl6y +gxYAdQA7U3d1Pi25gE6LMFsG/kA7Z9hPw/THvQANLXJv4frUFwAAAYj4va8sAAAE +AwBGMEQCIDr0klWCDh0GpiGQw5/1QT4nT9HpWW7VUL6bHgwVSIAFAiBUYnRBYJul +5ex58TJGovCji2tOebCmfGzb1cs6FIMHJzANBgkqhkiG9w0BAQsFAAOCAQEAXff2 +RWIifpPcnlpiKzyK8Qabshh3zvk23Oox+La7bed7/lIQIP/WEr/s5H1zxe4s3CU4 +358DLBmX93B9oMp+afrHPJl/ZkEAvVhEOtM+OewoOljaoi8UmWC60imeGVT4NIZF +7I3migmd8+8ruaMwDgafRZNwmbZD9S5W0v4XhxnMsJ02Z6R209mD4sa5/PqovuWg +Gcj64YjSspyiNQuoYQm//E5l7u4dn99ZdGYQ2fgBmTfP6smDPGmRsy6d4C7KVr3z +tvwnnut23UJli+glDlKWhsRfHgMbLV2Qh6/eR0eovfk8bt18QqvHp8PzGVidY5hK +eo163oRkEIV75k1Onw== +-----END CERTIFICATE-----""", + capture_output=True + ) + + out_lines = [l for l in ret.stdout.decode().strip().splitlines() if l] + + assert len(out_lines) == 1 + 256 # header line plus the 256 findings + + assert ret.returncode == 255