Fix RuntimeError for the JSON export (#44)

* Fix RuntimeError for the JSON export It is never a good idea to modify an iterable while iterating over it. Copying the iterable fixes #41 modified: ssh-audit.py * Add test case for #41 new file: test/test_build_struct.py * Fix linting error modified: test/test_build_struct.py
2024-11-16 13:35:39 +01:00 · 2020-07-03 20:56:46 +02:00 · 2020-07-03 20:56:46 +02:00 · bf1fbbfa43
commit bf1fbbfa43
parent 282770e698
2 changed files with 42 additions and 1 deletions
--- a/ssh-audit.py
+++ b/ssh-audit.py
@ -3366,7 +3366,7 @@ def build_struct(banner: Optional['SSH.Banner'], kex: Optional['SSH2.Kex'] = Non
        host_keys = kex.host_keys()

        # Normalize all RSA key types to 'ssh-rsa'.  Otherwise, due to Python's order-indifference dictionary types, we would iterate key types in unpredictable orders, which interferes with the docker testing framework (i.e.: tests would fail because elements are reported out of order, even though the output is semantically the same).
-        for host_key_type in host_keys.keys():
+        for host_key_type in list(host_keys.keys())[:]:
            if host_key_type in SSH2.HostKeyTest.RSA_FAMILY:
                val = host_keys[host_key_type]
                del host_keys[host_key_type]
--- a/test/test_build_struct.py
+++ b/test/test_build_struct.py
@ -0,0 +1,41 @@
+import os
+
+import pytest
+
+
+@pytest.fixture
+def kex(ssh_audit):
+    kex_algs, key_algs = [], []
+    enc, mac, compression, languages = [], [], ['none'], []
+    cli = ssh_audit.SSH2.KexParty(enc, mac, compression, languages)
+    enc, mac, compression, languages = [], [], ['none'], []
+    srv = ssh_audit.SSH2.KexParty(enc, mac, compression, languages)
+    cookie = os.urandom(16)
+    kex = ssh_audit.SSH2.Kex(cookie, kex_algs, key_algs, cli, srv, 0)
+    return kex
+
+
+def test_prevent_runtime_error_regression(ssh_audit, kex):
+    """Prevent a regression of https://github.com/jtesta/ssh-audit/issues/41
+
+    The following test setup does not contain any sensible data.
+    It was made up to reproduce a situation when there are several host
+    keys, and an error occurred when iterating and modifying them at the
+    same time.
+    """
+    kex.set_host_key("ssh-rsa", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
+    kex.set_host_key("ssh-rsa1", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
+    kex.set_host_key("ssh-rsa2", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
+    kex.set_host_key("ssh-rsa3", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
+    kex.set_host_key("ssh-rsa4", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
+    kex.set_host_key("ssh-rsa5", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
+    kex.set_host_key("ssh-rsa6", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
+    kex.set_host_key("ssh-rsa7", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
+    kex.set_host_key("ssh-rsa8", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
+
+    rv = ssh_audit.build_struct(banner=None, kex=kex)
+
+    assert len(rv["fingerprints"]) == 9
+
+    for key in ['banner', 'compression', 'enc', 'fingerprints', 'kex', 'key', 'mac']:
+        assert key in rv