elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2025-06-22 02:33:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Built-in policies now include a change log.

Browse Source
This commit is contained in:
Joe Testa
2024-03-14 17:58:16 -04:00
parent f0874af4cd
commit 15078aaea9
6 changed files with 65 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
test/test_policy.py
View File

@ -42,18 +42,23 @@ class TestPolicy:
'''Ensure that the BUILTIN_POLICIES struct is consistent.'''
for policy_name in BUILTIN_POLICIES:
# Ensure that all required fields are present.
required_fields = ['version', 'changelog', 'banner', 'compressions', 'host_keys', 'optional_host_keys', 'kex', 'ciphers', 'macs', 'hostkey_sizes', 'dh_modulus_sizes', 'server_policy']
for field in required_fields:
assert field in BUILTIN_POLICIES[policy_name]
# Ensure that the policy name ends with " (version X)", where X is the 'version' field.
version_str = " (version %s)" % BUILTIN_POLICIES[policy_name]['version']
assert policy_name.endswith(version_str)
# Ensure that all required fields are present.
required_fields = ['version', 'banner', 'compressions', 'host_keys', 'optional_host_keys', 'kex', 'ciphers', 'macs', 'hostkey_sizes', 'dh_modulus_sizes', 'server_policy']
for field in required_fields:
assert field in BUILTIN_POLICIES[policy_name]
# Ensure no extra fields are present.
assert len(required_fields) == len(BUILTIN_POLICIES[policy_name])
# Ensure that the changelog field is a string and non-empty.
assert type(BUILTIN_POLICIES[policy_name]['changelog']) is str
assert len(BUILTIN_POLICIES[policy_name]['changelog']) > 0
# Ensure that at least one host key is defined.
assert type(BUILTIN_POLICIES[policy_name]['host_keys']) is list
assert len(BUILTIN_POLICIES[policy_name]['host_keys']) > 0
@ -126,7 +131,7 @@ class TestPolicy:
assert Policy.load_builtin_policy(policy_name) is not None
# Ensure that both server and client policy names are returned.
server_policy_names, client_policy_names = Policy.list_builtin_policies()
server_policy_names, client_policy_names = Policy.list_builtin_policies(False)
assert len(server_policy_names) > 0
assert len(client_policy_names) > 0