From 1faa24ad86bc7fe9e4dcc36c16b7b743d7c75115 Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Mon, 6 Jul 2020 16:15:26 -0400 Subject: [PATCH] Do not accidentally overwrite policies when creating new policy with -M. --- ssh-audit.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/ssh-audit.py b/ssh-audit.py index fdd91bf..8d320eb 100755 --- a/ssh-audit.py +++ b/ssh-audit.py @@ -3206,10 +3206,18 @@ def make_policy(aconf: AuditConf, banner: Optional['SSH.Banner'], kex: Optional[ if aconf.policy_file is None: raise RuntimeError('Internal error: cannot write policy file since filename is None!') - with open(aconf.policy_file, 'w') as f: - f.write(policy_data) + # Open with mode 'x' (creates the file, or fails if it already exist). + succeeded = True + try: + with open(aconf.policy_file, 'x') as f: + f.write(policy_data) + except FileExistsError: + succeeded = False - print("Wrote policy to %s. Customize as necessary." % aconf.policy_file) + if succeeded: + print("Wrote policy to %s. Customize as necessary, then run a policy scan with -P option." % aconf.policy_file) + else: + print("Error: file already exists: %s" % aconf.policy_file) class Utils: