elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2025-09-05 05:58:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Smoothed out some rough edges from PR #307.

Browse Source
This commit is contained in:
Joe Testa
2025-08-17 16:34:32 -04:00
parent 1c0d3d5df1
commit 970d747dcb
5 changed files with 723 additions and 515 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
test/test_hardeningguides.py
View File

@@ -1,41 +1,81 @@
import pytest
from ssh_audit.ssh_audit import process_commandline
from ssh_audit.hardeningguides import Hardening_Guides
# pylint: disable=attribute-defined-outside-init
class TestHardeningGuides:
@pytest.fixture(autouse=True)
def init(self, ssh_audit):
self.OutputBuffer = ssh_audit.OutputBuffer()
self.process_commandline = process_commandline
@staticmethod
def _test_conf(conf, **kwargs):
options = {
'get_hardening_guides': '',
}
for k, v in kwargs.items():
options[k] = v
assert conf.get_hardening_guides == options['get_hardening_guides']
def test_printconfig_conf_process_commandline(self):
# pylint: disable=too-many-statements
c = lambda x: self.process_commandline(self.OutputBuffer, x.split()) # noqa
with pytest.raises(SystemExit):
conf = c('')
with pytest.raises(SystemExit):
conf = c('--get-hardening-guides')
self._test_conf(conf)
with pytest.raises(SystemExit):
conf = c('--list-hardening-guides')
self._test_conf(conf)
def test_hardening_guides_consistency(self):
'''Ensure that the HARDENING_GUIDES struct is consistent.'''
for vendor in ["Amazon", "Debian", "Rocky", "Mint", "Ubuntu", "NoOS", " "]:
vendor = vendor
for os_ver in ["2404", "2204", "2004", "1804", "2023", "22", "21", "20", "9", "Bookworm", "Bullseye", "NoVersion", ""]:
os_ver = os_ver
for cs_type in ["Client", "Server", "Mistake", ""]:
cs_type = cs_type
with pytest.raises(SystemExit):
conf = c(f'--get-hardening-guides {vendor} {os_ver} {cs_type}')
self._test_conf(conf)
# Required keys in each guide dict.
required_guide_fields = ["server_guide", "version", "version_date", "change_log", "notes", "commands"]
# Required keys in the commands dict.
required_command_fields = ["heading", "comment", "command"]
for name, guides in Hardening_Guides.HARDENING_GUIDES.items():
# Ensure the key (guide name) is a string.
assert type(name) is str
# Ensure the value (guides) is a list.
assert type(guides) is list
for guide in guides:
# Ensure each guide is a dict.
assert type(guide) is dict
# Ensure each required key is in this guide.
for required_guide_field in required_guide_fields:
assert required_guide_field in guide
# Check the guide values are the correct type.
assert type(guide["server_guide"]) is bool
assert type(guide["version"]) is int
assert type(guide["version_date"]) is str
assert type(guide["change_log"]) is str
assert type(guide["notes"]) is str
assert type(guide["commands"]) is list
# The version must be creater than zero.
assert guide["version"] > 0
# Ensure the format is "YYYY-MM-DD".
version_date = guide["version_date"]
date_fields = version_date.split("-")
assert len(date_fields) == 3
# Check that the year is 4 digits and greater than 0.
year = date_fields[0]
assert len(year) == 4
assert int(year) > 0
# Check that the month is 2 digits and between 1 and 12.
month = date_fields[1]
assert len(month) == 2
assert 1 <= int(month) <= 12
# Check that the day is 2 digits and between 1 and 31.
day = date_fields[2]
assert len(day) == 2
assert 1 <= int(day) <= 31
# Check that the change log is filled in.
assert len(guide["change_log"]) > 0
commands = guide["commands"]
for command in commands:
# Ensure each required key is in this command list.
for required_command_field in required_command_fields:
assert required_command_field in command
# Check that these fields are not empty.
assert len(command["heading"]) > 0
assert len(command["command"]) > 0