Do not accidentally overwrite policies when creating new policy with -M.

2025-11-04 03:02:15 +01:00 · 2020-07-06 16:15:26 -04:00
parent adc1007d7d
commit 1faa24ad86
1 changed files with 11 additions and 3 deletions
--- a/ssh-audit.py
+++ b/ssh-audit.py
@@ -3206,10 +3206,18 @@ def make_policy(aconf: AuditConf, banner: Optional['SSH.Banner'], kex: Optional[
    if aconf.policy_file is None:
        raise RuntimeError('Internal error: cannot write policy file since filename is None!')

-    with open(aconf.policy_file, 'w') as f:
+    # Open with mode 'x' (creates the file, or fails if it already exist).
+    succeeded = True
+    try:
+        with open(aconf.policy_file, 'x') as f:
            f.write(policy_data)
+    except FileExistsError:
+        succeeded = False

-    print("Wrote policy to %s.  Customize as necessary." % aconf.policy_file)
+    if succeeded:
+        print("Wrote policy to %s.  Customize as necessary, then run a policy scan with -P option." % aconf.policy_file)
+    else:
+        print("Error: file already exists: %s" % aconf.policy_file)


 class Utils: