From da31c19d380eaea3c3e7d2e4f999cc1e32f9cdf8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=BCrgen=20Gmach?= Date: Sun, 28 Jun 2020 05:54:34 +0200 Subject: [PATCH] Re-enable mypy options (#43) * Convert type comments to annotations Notes: - variable annotations are only possible for Python 3.6 and upwards - class names as a result of a function have to be quoted cf https://www.python.org/dev/peps/pep-0563/#enabling-the-future-behavior-in-python-3-7 This is ongoing work for #32 modified: ssh-audit.py * Do not use variable annotation ... as this feature works only for Python 3.6 and above only. modified: ssh-audit.py * Re-enable strict_optional `None` is a valid return type for mypy, even when you specify a certain type. `strict_optional` makes sure that only the annotated return type is actually returned. modified: tox.ini * Re-enable `warn_unused_ignores` Quote from mypy docs: This flag will make mypy report an error whenever your code uses a `# type: ignore` comment on a line that is not actually generating an error message. modified: tox.ini * Re-enable `warn_return_any` Quote from the documenation: "This flag causes mypy to generate a warning when returning a value with type Any from a function declared with a non-Any return type." modified: tox.ini * Re-enable `warn_redundant_casts` Quote from the documentation: "This flag will make mypy report an error whenever your code uses an unnecessary cast that can safely be removed." modified: tox.ini * Remove `warn_incomplete_stub` ... as the documentation says "This flag is mainly intended to be used by people who want contribute to typeshed and would like a convenient way to find gaps and omissions." modified: tox.ini * Re-enable `disallow_subclassing_any` Quote from the documentation: "This flag reports an error whenever a class subclasses a value of type Any." modified: tox.ini * Re-enable `follow_imports` ... and set it to `normal`. For more information, see https://mypy.readthedocs.io/en/latest/running_mypy.html#follow-imports modified: tox.ini * Re-enable `ignore_missing_imports` Quote from the documentation: "This flag makes mypy ignore all missing imports. It is equivalent to adding # type: ignore comments to all unresolved imports within your codebase." modified: tox.ini * Fix arguments for Kex initialization `follows` has to be a boolean, but an int was provided. This worked, as in Python boolean is a subtype of int. modified: ssh-audit.py * Do not uncomment `check_untyped_defs` yet modified: tox.ini * Change KexDH.__ed25519_pubkey's default type It was initialized with 0 (int), and later it gets set with bytes. Now, it gets initialized with None, and thus gets the type Optional[bytes]. Optional means None or the named type. modified: ssh-audit.py * Fix whitespace modified: tox.ini * Add type annotation for main function modified: ssh-audit.py * Add type annotation for KexDH.set_params modified: ssh-audit.py * Add type annotation for Kex.set_rsa_key_size modified: ssh-audit.py * Add type annotation for Kex.rsa_key_sizes modified: ssh-audit.py * Add type annotation for Kex.set_dh_modulus_size modified: ssh-audit.py * Add type annotation to Kex.dh_modulus_sizes modified: ssh-audit.py * Add type annotation for Kex.set_host_key modified: ssh-audit.py * Add type annotation for Kex.host_keys modified: ssh-audit.py * Add type annotation for HostKeyTest.run modified: ssh-audit.py * Add static typing to HostKeyTest.perform_test This revealed a small oversight in the guard protecting the call to perform_test. modified: ssh-audit.py * Add type annotation for GexTest.reconnect modified: ssh-audit.py * Add type annotation for GexTest.run modified: ssh-audit.py * Add type annotation for ReadBuf.reset modified: ssh-audit.py * Add type annoation for WriteBuf.reset modified: ssh-audit.py * Add type annotation to Socket.listen_and_accept modified: ssh-audit.py * Move comment for is_connected into docstring. modified: ssh-audit.py * Add type annotation for Socket.is_connected modified: ssh-audit.py * Add type annotation for Socket.close modified: ssh-audit.py * Do not commit breakpoint modified: ssh-audit.py * Add annotations for KexDH key size handling modified: ssh-audit.py * Add type annotation for KexDH.get_ca_size modified: ssh-audit.py * Add type annotation to output_info modified: ssh-audit.py * Add type annotation for KexDH.__get_bytes modified: ssh-audit.py * Add type annotation to KexGroup14.__init__ modified: ssh-audit.py * Add type annotation for KexGroup14_SHA256.__init__ modified: ssh-audit.py * Add type annotation for KexGroup16_SHA512.__init__ modified: ssh-audit.py * Add type annotation for KexGroup18_SHA512.__init__ modified: ssh-audit.py * Add type annotation for KexCurve25519_SHA256.__init__ modified: ssh-audit.py * Add type annotation for KexNISTP256.__init__ modified: ssh-audit.py * Add type annotations to several init methods modified: ssh-audit.py * Add type annotataion for KexGroupExchange.send_init_gex modified: ssh-audit.py * Add type annotation for KexGroupExchange.__init__ modified: ssh-audit.py * Add type annotation to KexCurve25519_SHA256.send_init modified: ssh-audit.py * Add type annotation for KexNISTP256.sent_init modified: ssh-audit.py * Add type annotation for KexNISTP384.send_init modified: ssh-audit.py * Add type annotation for KexNISTP521.send_init modified: ssh-audit.py * Add type annotation for KexGroupExchange.send_init modified: ssh-audit.py * Add type annotation to KexDH.get_dh_modulus_size modified: ssh-audit.py * Delete unused variables KexDH.__f and f_len __f was initialized as int, then assigned to bytes, but never used. f_len assigned an int, but not all. modified: ssh-audit.py * Delete unused variables KexDH.__h_sig and h_sig_len modified: ssh-audit.py * Add type annotation for KexDH.__hostkey_type modified: ssh-audit.py --- ssh-audit.py | 104 +++++++++++++++++++++++++-------------------------- tox.ini | 15 ++++---- 2 files changed, 58 insertions(+), 61 deletions(-) diff --git a/ssh-audit.py b/ssh-audit.py index fa7978b..79672cc 100755 --- a/ssh-audit.py +++ b/ssh-audit.py @@ -571,22 +571,22 @@ class SSH2: # pylint: disable=too-few-public-methods def unused(self) -> int: return self.__unused - def set_rsa_key_size(self, rsa_type, hostkey_size, ca_size=-1): + def set_rsa_key_size(self, rsa_type: str, hostkey_size: int, ca_size: int = -1) -> None: self.__rsa_key_sizes[rsa_type] = (hostkey_size, ca_size) - def rsa_key_sizes(self): + def rsa_key_sizes(self) -> Dict[str, Tuple[int, int]]: return self.__rsa_key_sizes - def set_dh_modulus_size(self, gex_alg, modulus_size): + def set_dh_modulus_size(self, gex_alg: str, modulus_size: int) -> None: self.__dh_modulus_sizes[gex_alg] = (modulus_size, -1) - def dh_modulus_sizes(self): + def dh_modulus_sizes(self) -> Dict[str, Tuple[int, int]]: return self.__dh_modulus_sizes - def set_host_key(self, key_type, hostkey): + def set_host_key(self, key_type: str, hostkey: bytes) -> None: self.__host_keys[key_type] = hostkey - def host_keys(self): + def host_keys(self) -> Dict[str, bytes]: return self.__host_keys def write(self, wbuf: 'WriteBuf') -> None: @@ -649,7 +649,7 @@ class SSH2: # pylint: disable=too-few-public-methods } @staticmethod - def run(s, server_kex): + def run(s: 'SSH.Socket', server_kex: 'SSH2.Kex') -> None: KEX_TO_DHGROUP = { 'diffie-hellman-group1-sha1': KexGroup1, 'diffie-hellman-group14-sha1': KexGroup14_SHA1, @@ -676,11 +676,11 @@ class SSH2: # pylint: disable=too-few-public-methods kex_group = KEX_TO_DHGROUP[kex_str]() break - if kex_str is not None: + if kex_str is not None and kex_group is not None: SSH2.HostKeyTest.perform_test(s, server_kex, kex_str, kex_group, SSH2.HostKeyTest.HOST_KEY_TYPES) @staticmethod - def perform_test(s, server_kex, kex_str, kex_group, host_key_types): + def perform_test(s: 'SSH.Socket', server_kex: 'SSH2.Kex', kex_str: str, kex_group: 'KexDH', host_key_types: Dict[str, Dict[str, bool]]) -> None: hostkey_modulus_size = 0 ca_modulus_size = 0 @@ -714,7 +714,7 @@ class SSH2: # pylint: disable=too-few-public-methods # selected kex and host key type. Send the server's own # list of ciphers and MACs back to it (this doesn't # matter, really). - client_kex = SSH2.Kex(os.urandom(16), [kex_str], [host_key_type], server_kex.client, server_kex.server, 0, 0) + client_kex = SSH2.Kex(os.urandom(16), [kex_str], [host_key_type], server_kex.client, server_kex.server, False, 0) s.write_byte(SSH.Protocol.MSG_KEXINIT) client_kex.write(s) @@ -768,7 +768,7 @@ class SSH2: # pylint: disable=too-few-public-methods # Creates a new connection to the server. Returns True on success, or False. @staticmethod - def reconnect(s, gex_alg): + def reconnect(s: 'SSH.Socket', gex_alg: str) -> bool: if s.is_connected(): return True @@ -787,7 +787,7 @@ class SSH2: # pylint: disable=too-few-public-methods # Send our KEX using the specified group-exchange and most of the # server's own values. - client_kex = SSH2.Kex(os.urandom(16), [gex_alg], kex.key_algorithms, kex.client, kex.server, 0, 0) + client_kex = SSH2.Kex(os.urandom(16), [gex_alg], kex.key_algorithms, kex.client, kex.server, False, 0) s.write_byte(SSH.Protocol.MSG_KEXINIT) client_kex.write(s) s.send_packet() @@ -795,7 +795,7 @@ class SSH2: # pylint: disable=too-few-public-methods # Runs the DH moduli test against the specified target. @staticmethod - def run(s, kex): + def run(s: 'SSH.Socket', kex: 'SSH2.Kex') -> None: GEX_ALGS = { 'diffie-hellman-group-exchange-sha1': KexGroupExchange_SHA1, 'diffie-hellman-group-exchange-sha256': KexGroupExchange_SHA256, @@ -1115,7 +1115,7 @@ class ReadBuf: def read_line(self) -> str: return self._buf.readline().rstrip().decode('utf-8', 'replace') - def reset(self): + def reset(self) -> None: self._buf = io.BytesIO() self._len = 0 @@ -1195,7 +1195,7 @@ class WriteBuf: self._wbuf.seek(0) return payload - def reset(self): + def reset(self) -> None: self._wbuf = io.BytesIO() @@ -1941,7 +1941,7 @@ class SSH: # pylint: disable=too-few-public-methods # Listens on a server socket and accepts one connection (used for # auditing client connections). - def listen_and_accept(self): + def listen_and_accept(self) -> None: try: # Socket to listen on all IPv4 addresses. @@ -2147,11 +2147,11 @@ class SSH: # pylint: disable=too-few-public-methods data = struct.pack('>Ib', plen, padding) + payload + pad_bytes return self.send(data) - # Returns True if this Socket is connected, otherwise False. - def is_connected(self): + def is_connected(self) -> bool: + """Returns true if this Socket is connected, False otherwise.""" return self.__sock is not None - def close(self): + def close(self) -> None: self.__cleanup() self.reset() self.__state = 0 @@ -2187,16 +2187,14 @@ class KexDH: # pragma: nocover self.__e = 0 self.set_params(g, p) - self.__ed25519_pubkey = 0 - self.__hostkey_type = None + self.__ed25519_pubkey = None # type: Optional[bytes] + self.__hostkey_type = None # type: Optional[bytes] self.__hostkey_e = 0 self.__hostkey_n = 0 self.__hostkey_n_len = 0 # Length of the host key modulus. self.__ca_n_len = 0 # Length of the CA key modulus (if hostkey is a cert). - self.__f = 0 - self.__h_sig = 0 - def set_params(self, g, p): + def set_params(self, g: int, p: int) -> None: self.__g = g self.__p = p self.__q = (self.__p - 1) // 2 @@ -2230,7 +2228,7 @@ class KexDH: # pragma: nocover # will remain at length 0. return None - hostkey_len = f_len = h_sig_len = 0 # pylint: disable=unused-variable + hostkey_len = 0 # pylint: disable=unused-variable hostkey_type_len = hostkey_e_len = 0 # pylint: disable=unused-variable key_id_len = principles_len = 0 # pylint: disable=unused-variable critical_options_len = extensions_len = 0 # pylint: disable=unused-variable @@ -2250,8 +2248,8 @@ class KexDH: # pragma: nocover if not parse_host_key_size: return hostkey - self.__f, f_len, ptr = KexDH.__get_bytes(payload, ptr) - self.__h_sig, h_sig_len, ptr = KexDH.__get_bytes(payload, ptr) + _, _, ptr = KexDH.__get_bytes(payload, ptr) + _, _, ptr = KexDH.__get_bytes(payload, ptr) # Now pick apart the host key blob. # Get the host key type (i.e.: 'ssh-rsa', 'ssh-ed25519', etc). @@ -2327,7 +2325,7 @@ class KexDH: # pragma: nocover return hostkey @staticmethod - def __get_bytes(buf, ptr): + def __get_bytes(buf: bytes, ptr: int) -> Tuple[bytes, int, int]: num_bytes = struct.unpack('>I', buf[ptr:ptr + 4])[0] ptr += 4 return buf[ptr:ptr + num_bytes], num_bytes, ptr + num_bytes @@ -2335,7 +2333,7 @@ class KexDH: # pragma: nocover # Converts a modulus length in bytes to its size in bits, after some # possible adjustments. @staticmethod - def __adjust_key_size(size): + def __adjust_key_size(size: int) -> int: size = size * 8 # Actual keys are observed to be about 8 bits bigger than expected # (i.e.: 1024-bit keys have a 1032-bit modulus). Check if this is @@ -2346,15 +2344,15 @@ class KexDH: # pragma: nocover return size # Returns the size of the hostkey, in bits. - def get_hostkey_size(self): + def get_hostkey_size(self) -> int: return KexDH.__adjust_key_size(self.__hostkey_n_len) # Returns the size of the CA key, in bits. - def get_ca_size(self): + def get_ca_size(self) -> int: return KexDH.__adjust_key_size(self.__ca_n_len) # Returns the size of the DH modulus, in bits. - def get_dh_modulus_size(self): + def get_dh_modulus_size(self) -> int: # -2 to account for the '0b' prefix in the string. return len(bin(self.__p)) - 2 @@ -2374,36 +2372,36 @@ class KexGroup14(KexDH): # pragma: nocover class KexGroup14_SHA1(KexGroup14): - def __init__(self): + def __init__(self) -> None: super(KexGroup14_SHA1, self).__init__('sha1') class KexGroup14_SHA256(KexGroup14): - def __init__(self): + def __init__(self) -> None: super(KexGroup14_SHA256, self).__init__('sha256') class KexGroup16_SHA512(KexDH): - def __init__(self): + def __init__(self) -> None: # rfc3526: 4096-bit modp group p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c934063199ffffffffffffffff', 16) super(KexGroup16_SHA512, self).__init__('KexGroup16_SHA512', 'sha512', 2, p) class KexGroup18_SHA512(KexDH): - def __init__(self): + def __init__(self) -> None: # rfc3526: 8192-bit modp group p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c93402849236c3fab4d27c7026c1d4dcb2602646dec9751e763dba37bdf8ff9406ad9e530ee5db382f413001aeb06a53ed9027d831179727b0865a8918da3edbebcf9b14ed44ce6cbaced4bb1bdb7f1447e6cc254b332051512bd7af426fb8f401378cd2bf5983ca01c64b92ecf032ea15d1721d03f482d7ce6e74fef6d55e702f46980c82b5a84031900b1c9e59e7c97fbec7e8f323a97a7e36cc88be0f1d45b7ff585ac54bd407b22b4154aacc8f6d7ebf48e1d814cc5ed20f8037e0a79715eef29be32806a1d58bb7c5da76f550aa3d8a1fbff0eb19ccb1a313d55cda56c9ec2ef29632387fe8d76e3c0468043e8f663f4860ee12bf2d5b0b7474d6e694f91e6dbe115974a3926f12fee5e438777cb6a932df8cd8bec4d073b931ba3bc832b68d9dd300741fa7bf8afc47ed2576f6936ba424663aab639c5ae4f5683423b4742bf1c978238f16cbe39d652de3fdb8befc848ad922222e04a4037c0713eb57a81a23f0c73473fc646cea306b4bcbc8862f8385ddfa9d4b7fa2c087e879683303ed5bdd3a062b3cf5b3a278a66d2a13f83f44f82ddf310ee074ab6a364597e899a0255dc164f31cc50846851df9ab48195ded7ea1b1d510bd7ee74d73faf36bc31ecfa268359046f4eb879f924009438b481c6cd7889a002ed5ee382bc9190da6fc026e479558e4475677e9aa9e3050e2765694dfc81f56e880b96e7160c980dd98edd3dfffffffffffffffff', 16) super(KexGroup18_SHA512, self).__init__('KexGroup18_SHA512', 'sha512', 2, p) class KexCurve25519_SHA256(KexDH): - def __init__(self): + def __init__(self) -> None: super(KexCurve25519_SHA256, self).__init__('KexCurve25519_SHA256', 'sha256', 0, 0) # To start an ED25519 kex, we simply send a random 256-bit number as the # public key. - def send_init(self, s, init_msg=SSH.Protocol.MSG_KEXDH_INIT): + def send_init(self, s: 'SSH.Socket', init_msg: int = SSH.Protocol.MSG_KEXDH_INIT) -> None: self.__ed25519_pubkey = os.urandom(32) s.write_byte(init_msg) s.write_string(self.__ed25519_pubkey) @@ -2411,7 +2409,7 @@ class KexCurve25519_SHA256(KexDH): class KexNISTP256(KexDH): - def __init__(self): + def __init__(self) -> None: super(KexNISTP256, self).__init__('KexNISTP256', 'sha256', 0, 0) # Because the server checks that the value sent here is valid (i.e.: it lies @@ -2419,39 +2417,39 @@ class KexNISTP256(KexDH): # or import an elliptic curve library in order to randomly generate a # valid elliptic point each time. Hence, we will simply send a static # value, which is enough for us to extract the server's host key. - def send_init(self, s, init_msg=SSH.Protocol.MSG_KEXDH_INIT): + def send_init(self, s: 'SSH.Socket', init_msg: int = SSH.Protocol.MSG_KEXDH_INIT) -> None: s.write_byte(init_msg) s.write_string(b'\x04\x0b\x60\x44\x9f\x8a\x11\x9e\xc7\x81\x0c\xa9\x98\xfc\xb7\x90\xaa\x6b\x26\x8c\x12\x4a\xc0\x09\xbb\xdf\xc4\x2c\x4c\x2c\x99\xb6\xe1\x71\xa0\xd4\xb3\x62\x47\x74\xb3\x39\x0c\xf2\x88\x4a\x84\x6b\x3b\x15\x77\xa5\x77\xd2\xa9\xc9\x94\xf9\xd5\x66\x19\xcd\x02\x34\xd1') s.send_packet() class KexNISTP384(KexDH): - def __init__(self): + def __init__(self) -> None: super(KexNISTP384, self).__init__('KexNISTP384', 'sha256', 0, 0) # See comment for KexNISTP256.send_init(). - def send_init(self, s, init_msg=SSH.Protocol.MSG_KEXDH_INIT): + def send_init(self, s: 'SSH.Socket', init_msg: int = SSH.Protocol.MSG_KEXDH_INIT) -> None: s.write_byte(init_msg) s.write_string(b'\x04\xe2\x9b\x84\xce\xa1\x39\x50\xfe\x1e\xa3\x18\x70\x1c\xe2\x7a\xe4\xb5\x6f\xdf\x93\x9f\xd4\xf4\x08\xcc\x9b\x02\x10\xa4\xca\x77\x9c\x2e\x51\x44\x1d\x50\x7a\x65\x4e\x7e\x2f\x10\x2d\x2d\x4a\x32\xc9\x8e\x18\x75\x90\x6c\x19\x10\xda\xcc\xa8\xe9\xf4\xc4\x3a\x53\x80\x35\xf4\x97\x9c\x04\x16\xf9\x5a\xdc\xcc\x05\x94\x29\xfa\xc4\xd6\x87\x4e\x13\x21\xdb\x3d\x12\xac\xbd\x20\x3b\x60\xff\xe6\x58\x42') s.send_packet() class KexNISTP521(KexDH): - def __init__(self): + def __init__(self) -> None: super(KexNISTP521, self).__init__('KexNISTP521', 'sha256', 0, 0) # See comment for KexNISTP256.send_init(). - def send_init(self, s, init_msg=SSH.Protocol.MSG_KEXDH_INIT): + def send_init(self, s: 'SSH.Socket', init_msg: int = SSH.Protocol.MSG_KEXDH_INIT) -> None: s.write_byte(init_msg) s.write_string(b'\x04\x01\x02\x90\x29\xe9\x8f\xa8\x04\xaf\x1c\x00\xf9\xc6\x29\xc0\x39\x74\x8e\xea\x47\x7e\x7c\xf7\x15\x6e\x43\x3b\x59\x13\x53\x43\xb0\xae\x0b\xe7\xe6\x7c\x55\x73\x52\xa5\x2a\xc1\x42\xde\xfc\xf4\x1f\x8b\x5a\x8d\xfa\xcd\x0a\x65\x77\xa8\xce\x68\xd2\xc6\x26\xb5\x3f\xee\x4b\x01\x7b\xd2\x96\x23\x69\x53\xc7\x01\xe1\x0d\x39\xe9\x87\x49\x3b\xc8\xec\xda\x0c\xf9\xca\xad\x89\x42\x36\x6f\x93\x78\x78\x31\x55\x51\x09\x51\xc0\x96\xd7\xea\x61\xbf\xc2\x44\x08\x80\x43\xed\xc6\xbb\xfb\x94\xbd\xf8\xdf\x2b\xd8\x0b\x2e\x29\x1b\x8c\xc4\x8a\x04\x2d\x3a') s.send_packet() class KexGroupExchange(KexDH): - def __init__(self, classname, hash_alg): + def __init__(self, classname: str, hash_alg: str) -> None: super(KexGroupExchange, self).__init__(classname, hash_alg, 0, 0) - def send_init(self, s, init_msg=SSH.Protocol.MSG_KEXDH_GEX_REQUEST): + def send_init(self, s: 'SSH.Socket', init_msg: int = SSH.Protocol.MSG_KEXDH_GEX_REQUEST) -> None: self.send_init_gex(s) # The group exchange starts with sending a message to the server with @@ -2459,7 +2457,7 @@ class KexGroupExchange(KexDH): # The server responds with a generator and prime modulus that matches that, # then the handshake continues on like a normal DH handshake (except the # SSH message types differ). - def send_init_gex(self, s, minbits=1024, prefbits=2048, maxbits=8192): + def send_init_gex(self, s: 'SSH.Socket', minbits: int = 1024, prefbits: int = 2048, maxbits: int = 8192) -> None: # Send the initial group exchange request. Tell the server what range # of modulus sizes we will accept, along with our preference. @@ -2499,16 +2497,16 @@ class KexGroupExchange(KexDH): class KexGroupExchange_SHA1(KexGroupExchange): - def __init__(self): + def __init__(self) -> None: super(KexGroupExchange_SHA1, self).__init__('KexGroupExchange_SHA1', 'sha1') class KexGroupExchange_SHA256(KexGroupExchange): - def __init__(self): + def __init__(self) -> None: super(KexGroupExchange_SHA256, self).__init__('KexGroupExchange_SHA256', 'sha256') -def output_algorithms(title: str, alg_db: Dict[str, Dict[str, List[List[Optional[str]]]]], alg_type: str, algorithms: List[str], unknown_algs: List[str], maxlen: int = 0, alg_sizes: Optional[Dict[str, Iterable[int]]] = None) -> None: +def output_algorithms(title: str, alg_db: Dict[str, Dict[str, List[List[Optional[str]]]]], alg_type: str, algorithms: List[str], unknown_algs: List[str], maxlen: int = 0, alg_sizes: Optional[Dict[str, Tuple[int, int]]] = None) -> None: with OutputBuffer() as obuf: for algorithm in algorithms: output_algorithm(alg_db, alg_type, algorithm, unknown_algs, maxlen, alg_sizes) @@ -2518,7 +2516,7 @@ def output_algorithms(title: str, alg_db: Dict[str, Dict[str, List[List[Optional out.sep() -def output_algorithm(alg_db: Dict[str, Dict[str, List[List[Optional[str]]]]], alg_type: str, alg_name: str, unknown_algs: List[str], alg_max_len: int = 0, alg_sizes: Optional[Dict[str, Iterable[int]]] = None) -> None: +def output_algorithm(alg_db: Dict[str, Dict[str, List[List[Optional[str]]]]], alg_type: str, alg_name: str, unknown_algs: List[str], alg_max_len: int = 0, alg_sizes: Optional[Dict[str, Tuple[int, int]]] = None) -> None: prefix = '(' + alg_type + ') ' if alg_max_len == 0: alg_max_len = len(alg_name) @@ -2767,7 +2765,7 @@ def output_recommendations(algs: SSH.Algorithms, software: Optional[SSH.Software # Output additional information & notes. -def output_info(software, client_audit, any_problems): +def output_info(software: Optional['SSH.Software'], client_audit: bool, any_problems: bool) -> None: with OutputBuffer() as obuf: # Tell user that PuTTY cannot be hardened at the protocol-level. if client_audit and (software is not None) and (software.product == SSH.Product.PuTTY): @@ -3094,7 +3092,7 @@ utils = Utils() out = Output() -def main(): +def main() -> None: # printed text is still None conf = AuditConf.from_cmdline(sys.argv[1:], usage) audit(conf) diff --git a/tox.ini b/tox.ini index 311416d..d6c73b7 100644 --- a/tox.ini +++ b/tox.ini @@ -88,17 +88,16 @@ commands = [mypy] -; ignore_missing_imports = False -; follow_imports = error +ignore_missing_imports = False +follow_imports = normal ; disallow_untyped_calls = True ; disallow_untyped_defs = True ; check_untyped_defs = True -; disallow_subclassing_any = True -; warn_incomplete_stub = True -; warn_redundant_casts = True -; warn_return_any = True -; warn_unused_ignores = True -; strict_optional = True +disallow_subclassing_any = True +warn_redundant_casts = True +warn_return_any = True +warn_unused_ignores = True +strict_optional = True [pylint] reports = no