From 1faa24ad86bc7fe9e4dcc36c16b7b743d7c75115 Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Mon, 6 Jul 2020 16:15:26 -0400
Subject: [PATCH] Do not accidentally overwrite policies when creating new
 policy with -M.

---
 ssh-audit.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/ssh-audit.py b/ssh-audit.py
index fdd91bf..8d320eb 100755
--- a/ssh-audit.py
+++ b/ssh-audit.py
@@ -3206,10 +3206,18 @@ def make_policy(aconf: AuditConf, banner: Optional['SSH.Banner'], kex: Optional[
     if aconf.policy_file is None:
         raise RuntimeError('Internal error: cannot write policy file since filename is None!')
 
-    with open(aconf.policy_file, 'w') as f:
-        f.write(policy_data)
+    # Open with mode 'x' (creates the file, or fails if it already exist).
+    succeeded = True
+    try:
+        with open(aconf.policy_file, 'x') as f:
+            f.write(policy_data)
+    except FileExistsError:
+        succeeded = False
 
-    print("Wrote policy to %s.  Customize as necessary." % aconf.policy_file)
+    if succeeded:
+        print("Wrote policy to %s.  Customize as necessary, then run a policy scan with -P option." % aconf.policy_file)
+    else:
+        print("Error: file already exists: %s" % aconf.policy_file)
 
 
 class Utils: