From 6d84cfdc3181aae165ed0a6f25639af0b90ec01b Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Tue, 11 Aug 2020 19:45:59 -0400 Subject: [PATCH] Updated program return values for various connection error instances and unknown errors. --- ssh-audit.py | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/ssh-audit.py b/ssh-audit.py index 6d617f6..70ed274 100755 --- a/ssh-audit.py +++ b/ssh-audit.py @@ -63,11 +63,13 @@ except ImportError: # pragma: nocover def usage(err: Optional[str] = None) -> None: + retval = PROGRAM_RETVAL_GOOD uout = Output() p = os.path.basename(sys.argv[0]) uout.head('# {} {}, https://github.com/jtesta/ssh-audit\n'.format(p, VERSION)) if err is not None and len(err) > 0: uout.fail('\n' + err) + retval = PROGRAM_RETVAL_UNKNOWN_ERROR uout.info('usage: {0} [options] \n'.format(p)) uout.info(' -h, --help print this help') uout.info(' -1, --ssh1 force ssh version 1 only') @@ -88,7 +90,7 @@ def usage(err: Optional[str] = None) -> None: uout.info(' -T, --targets= a file containing a list of target hosts (one\n per line, format HOST[:PORT])') uout.info(' -v, --verbose verbose output') uout.sep() - sys.exit(1) + sys.exit(retval) # Validates policy files and performs policy testing @@ -631,17 +633,17 @@ class AuditConf: aconf.policy = Policy(policy_file=aconf.policy_file) except Exception as e: print("Error while loading policy file: %s: %s" % (str(e), traceback.format_exc())) - sys.exit(-1) + sys.exit(PROGRAM_RETVAL_UNKNOWN_ERROR) # If the user wants to do a client audit, but provided a server policy, terminate. if aconf.client_audit and aconf.policy.is_server_policy(): print("Error: client audit selected, but server policy provided.") - sys.exit(-1) + sys.exit(PROGRAM_RETVAL_UNKNOWN_ERROR) # If the user wants to do a server audit, but provided a client policy, terminate. if aconf.client_audit is False and aconf.policy.is_server_policy() is False: print("Error: server audit selected, but client policy provided.") - sys.exit(-1) + sys.exit(PROGRAM_RETVAL_UNKNOWN_ERROR) return aconf @@ -2386,7 +2388,7 @@ class SSH: # pylint: disable=too-few-public-methods yield af, addr except socket.error as e: out.fail('[exception] {}'.format(e)) - sys.exit(1) + sys.exit(PROGRAM_RETVAL_CONNECTION_ERROR) # Listens on a server socket and accepts one connection (used for # auditing client connections). @@ -2416,7 +2418,7 @@ class SSH: # pylint: disable=too-few-public-methods # If we failed to listen on any interfaces, terminate. if len(self.__sock_map.keys()) == 0: print("Error: failed to listen on any IPv4 and IPv6 interfaces!") - sys.exit(-1) + sys.exit(PROGRAM_RETVAL_CONNECTION_ERROR) # Wait for an incoming connection. If a timeout was explicitly # set by the user, terminate when it elapses. @@ -2434,7 +2436,7 @@ class SSH: # pylint: disable=too-few-public-methods if self.__timeout_set and time_elapsed >= self.__timeout: print("Timeout elapsed. Terminating...") - sys.exit(-1) + sys.exit(PROGRAM_RETVAL_CONNECTION_ERROR) # Accept the connection. c, addr = self.__sock_map[fds[0][0]].accept() @@ -2462,7 +2464,7 @@ class SSH: # pylint: disable=too-few-public-methods errt = (self.__host, self.__port, err) errm = 'cannot connect to {} port {}: {}'.format(*errt) out.fail('[exception] {}'.format(errm)) - sys.exit(1) + sys.exit(PROGRAM_RETVAL_CONNECTION_ERROR) def get_banner(self, sshv: int = 2) -> Tuple[Optional['SSH.Banner'], List[str], Optional[str]]: if self.__sock is None: @@ -2553,7 +2555,7 @@ class SSH: # pylint: disable=too-few-public-methods check_size = 4 + 1 + payload_length + padding_length if check_size % self.__block_size != 0: out.fail('[exception] invalid ssh packet (block size)') - sys.exit(1) + sys.exit(PROGRAM_RETVAL_CONNECTION_ERROR) self.ensure_read(payload_length) if sshv == 1: payload = self.read(payload_length - 4) @@ -2568,7 +2570,7 @@ class SSH: # pylint: disable=too-few-public-methods rcrc = SSH1.crc32(padding + payload) if crc != rcrc: out.fail('[exception] packet checksum CRC32 mismatch.') - sys.exit(1) + sys.exit(PROGRAM_RETVAL_CONNECTION_ERROR) else: self.ensure_read(padding_length) padding = self.read(padding_length)