elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2025-10-31 01:21:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed new pylint warnings.

Browse Source
This commit is contained in:
Joe Testa
2021-08-25 13:28:30 -04:00
parent 682cb66f85
commit e7d320f602
9 changed files with 31 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/ssh_audit/algorithms.py
View File

@@ -1,7 +1,7 @@
""" """
The MIT License (MIT) The MIT License (MIT)
Copyright (C) 2017-2020 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017-2021 Joe Testa (jtesta@positronsecurity.com)
Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu)
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -55,7 +55,7 @@ class Algorithms:
if self.ssh1kex is None: if self.ssh1kex is None:
return None return None
item = Algorithms.Item(1, SSH1_KexDB.ALGORITHMS) item = Algorithms.Item(1, SSH1_KexDB.ALGORITHMS)
item.add('key', [u'ssh-rsa1']) item.add('key', ['ssh-rsa1'])
item.add('enc', self.ssh1kex.supported_ciphers) item.add('enc', self.ssh1kex.supported_ciphers)
item.add('aut', self.ssh1kex.supported_authentications) item.add('aut', self.ssh1kex.supported_authentications)
return item return item

8
src/ssh_audit/fingerprint.py
View File

@@ -1,7 +1,7 @@
""" """
The MIT License (MIT) The MIT License (MIT)
Copyright (C) 2017-2020 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017-2021 Joe Testa (jtesta@positronsecurity.com)
Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu)
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -33,11 +33,11 @@ class Fingerprint:
@property @property
def md5(self) -> str: def md5(self) -> str:
h = hashlib.md5(self.__fpd).hexdigest() h = hashlib.md5(self.__fpd).hexdigest()
r = u':'.join(h[i:i + 2] for i in range(0, len(h), 2)) r = ':'.join(h[i:i + 2] for i in range(0, len(h), 2))
return u'MD5:{}'.format(r) return 'MD5:{}'.format(r)
@property @property
def sha256(self) -> str: def sha256(self) -> str:
h = base64.b64encode(hashlib.sha256(self.__fpd).digest()) h = base64.b64encode(hashlib.sha256(self.__fpd).digest())
r = h.decode('ascii').rstrip('=') r = h.decode('ascii').rstrip('=')
return u'SHA256:{}'.format(r) return 'SHA256:{}'.format(r)

4
src/ssh_audit/gextest.py
View File

@@ -86,14 +86,14 @@ class GEXTest:
# Check if the server supports any of the group-exchange # Check if the server supports any of the group-exchange
# algorithms. If so, test each one. # algorithms. If so, test each one.
for gex_alg in GEX_ALGS: for gex_alg, kex_group_class in GEX_ALGS.items():
if gex_alg in kex.kex_algorithms: if gex_alg in kex.kex_algorithms:
out.d('Preparing to perform DH group exchange using ' + gex_alg + '...', write_now=True) out.d('Preparing to perform DH group exchange using ' + gex_alg + '...', write_now=True)
if GEXTest.reconnect(out, s, kex, gex_alg) is False: if GEXTest.reconnect(out, s, kex, gex_alg) is False:
break break
kex_group = GEX_ALGS[gex_alg]() kex_group = kex_group_class()
smallest_modulus = -1 smallest_modulus = -1
# First try a range of weak sizes. # First try a range of weak sizes.

16
src/ssh_audit/kexdh.py
View File

@@ -1,7 +1,7 @@
""" """
The MIT License (MIT) The MIT License (MIT)
Copyright (C) 2017-2020 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017-2021 Joe Testa (jtesta@positronsecurity.com)
Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu)
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -37,8 +37,8 @@ from ssh_audit.ssh_socket import SSH_Socket
class KexDH: # pragma: nocover class KexDH: # pragma: nocover
def __init__(self, kex_name: str, hash_alg: str, g: int, p: int) -> None: def __init__(self, kex_name: str, hash_alg: str, g: int, p: int) -> None:
self.__kex_name = kex_name self.__kex_name = kex_name # pylint: disable=unused-private-member
self.__hash_alg = hash_alg self.__hash_alg = hash_alg # pylint: disable=unused-private-member
self.__g = 0 self.__g = 0
self.__p = 0 self.__p = 0
self.__q = 0 self.__q = 0
@@ -46,10 +46,10 @@ class KexDH: # pragma: nocover
self.__e = 0 self.__e = 0
self.set_params(g, p) self.set_params(g, p)
self.__ed25519_pubkey: Optional[bytes] = None self.__ed25519_pubkey: Optional[bytes] = None # pylint: disable=unused-private-member
self.__hostkey_type: Optional[bytes] = None self.__hostkey_type: Optional[bytes] = None
self.__hostkey_e = 0 self.__hostkey_e = 0 # pylint: disable=unused-private-member
self.__hostkey_n = 0 self.__hostkey_n = 0 # pylint: disable=unused-private-member
self.__hostkey_n_len = 0 # Length of the host key modulus. self.__hostkey_n_len = 0 # Length of the host key modulus.
self.__ca_n_len = 0 # Length of the CA key modulus (if hostkey is a cert). self.__ca_n_len = 0 # Length of the CA key modulus (if hostkey is a cert).
@@ -121,11 +121,11 @@ class KexDH: # pragma: nocover
# The public key exponent. # The public key exponent.
hostkey_e, hostkey_e_len, ptr = KexDH.__get_bytes(hostkey, ptr) hostkey_e, hostkey_e_len, ptr = KexDH.__get_bytes(hostkey, ptr)
self.__hostkey_e = int(binascii.hexlify(hostkey_e), 16) self.__hostkey_e = int(binascii.hexlify(hostkey_e), 16) # pylint: disable=unused-private-member
# Here is the modulus size & actual modulus of the host key public key. # Here is the modulus size & actual modulus of the host key public key.
hostkey_n, self.__hostkey_n_len, ptr = KexDH.__get_bytes(hostkey, ptr) hostkey_n, self.__hostkey_n_len, ptr = KexDH.__get_bytes(hostkey, ptr)
self.__hostkey_n = int(binascii.hexlify(hostkey_n), 16) self.__hostkey_n = int(binascii.hexlify(hostkey_n), 16) # pylint: disable=unused-private-member
# If this is an RSA certificate, continue parsing to extract the CA # If this is an RSA certificate, continue parsing to extract the CA
# key. # key.

8
src/ssh_audit/policy.py
View File

@@ -1,7 +1,7 @@
""" """
The MIT License (MIT) The MIT License (MIT)
Copyright (C) 2020 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2020-2021 Joe Testa (jtesta@positronsecurity.com)
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal
@@ -117,7 +117,7 @@ class Policy:
if policy_file is not None: if policy_file is not None:
try: try:
with open(policy_file, "r") as f: with open(policy_file, "r", encoding='utf-8') as f:
policy_data = f.read() policy_data = f.read()
except FileNotFoundError: except FileNotFoundError:
print("Error: policy file not found: %s" % policy_file) print("Error: policy file not found: %s" % policy_file)
@@ -425,8 +425,8 @@ macs = %s
server_policy_names = [] server_policy_names = []
client_policy_names = [] client_policy_names = []
for policy_name in Policy.BUILTIN_POLICIES: for policy_name, policy in Policy.BUILTIN_POLICIES.items():
if Policy.BUILTIN_POLICIES[policy_name]['server_policy']: if policy['server_policy']:
server_policy_names.append(policy_name) server_policy_names.append(policy_name)
else: else:
client_policy_names.append(policy_name) client_policy_names.append(policy_name)

2
src/ssh_audit/ssh1_publickeymessage.py
View File

@@ -90,7 +90,7 @@ class SSH1_PublicKeyMessage:
@property @property
def supported_ciphers(self) -> List[str]: def supported_ciphers(self) -> List[str]:
ciphers = [] ciphers = []
for i in range(len(SSH1.CIPHERS)): for i in range(len(SSH1.CIPHERS)): # pylint: disable=consider-using-enumerate
if self.__supported_ciphers_mask & (1 << i) != 0: if self.__supported_ciphers_mask & (1 << i) != 0:
ciphers.append(Utils.to_text(SSH1.CIPHERS[i])) ciphers.append(Utils.to_text(SSH1.CIPHERS[i]))
return ciphers return ciphers

14
src/ssh_audit/ssh_audit.py
View File

@@ -563,7 +563,7 @@ def make_policy(aconf: AuditConf, banner: Optional['Banner'], kex: Optional['SSH
# Open with mode 'x' (creates the file, or fails if it already exist). # Open with mode 'x' (creates the file, or fails if it already exist).
succeeded = True succeeded = True
try: try:
with open(aconf.policy_file, 'x') as f: with open(aconf.policy_file, 'x', encoding='utf-8') as f:
f.write(policy_data) f.write(policy_data)
except FileExistsError: except FileExistsError:
succeeded = False succeeded = False
@@ -681,7 +681,7 @@ def process_commandline(out: OutputBuffer, args: List[str], usage_cb: Callable[.
# If a file containing a list of targets was given, read it. # If a file containing a list of targets was given, read it.
if aconf.target_file is not None: if aconf.target_file is not None:
with open(aconf.target_file, 'r') as f: with open(aconf.target_file, 'r', encoding='utf-8') as f:
aconf.target_list = f.readlines() aconf.target_list = f.readlines()
# Strip out whitespace from each line in target file, and skip empty lines. # Strip out whitespace from each line in target file, and skip empty lines.
@@ -869,10 +869,10 @@ def audit(out: OutputBuffer, aconf: AuditConf, sshv: Optional[int] = None, print
if len(payload) > 0: if len(payload) > 0:
payload_txt = payload.decode('utf-8') payload_txt = payload.decode('utf-8')
else: else:
payload_txt = u'empty' payload_txt = 'empty'
except UnicodeDecodeError: except UnicodeDecodeError:
payload_txt = u'"{}"'.format(repr(payload).lstrip('b')[1:-1]) payload_txt = '"{}"'.format(repr(payload).lstrip('b')[1:-1])
if payload_txt == u'Protocol major versions differ.': if payload_txt == 'Protocol major versions differ.':
if sshv == 2 and aconf.ssh1: if sshv == 2 and aconf.ssh1:
ret = audit(out, aconf, 1) ret = audit(out, aconf, 1)
out.write() out.write()
@@ -972,8 +972,8 @@ def algorithm_lookup(out: OutputBuffer, alg_names: str) -> int:
similar_algorithms = [ similar_algorithms = [
alg_unknown + " --> (" + alg_type + ") " + alg_name alg_unknown + " --> (" + alg_type + ") " + alg_name
for alg_unknown in algorithms_not_found for alg_unknown in algorithms_not_found
for alg_type in adb for alg_type, alg_names in adb.items()
for alg_name in adb[alg_type] for alg_name in alg_names
# Perform a case-insensitive comparison using 'casefold' # Perform a case-insensitive comparison using 'casefold'
# and match substrings using the 'in' operator. # and match substrings using the 'in' operator.
if alg_unknown.casefold() in alg_name.casefold() if alg_unknown.casefold() in alg_name.casefold()

4
src/ssh_audit/ssh_socket.py
View File

@@ -338,6 +338,6 @@ class SSH_Socket(ReadBuf, WriteBuf):
def __cleanup(self) -> None: def __cleanup(self) -> None:
self._close_socket(self.__sock) self._close_socket(self.__sock)
for fd in self.__sock_map: for sock in self.__sock_map.values():
self._close_socket(self.__sock_map[fd]) self._close_socket(sock)
self.__sock = None self.__sock = None

2
src/ssh_audit/writebuf.py
View File

@@ -54,7 +54,7 @@ class WriteBuf:
return self.write(v) return self.write(v)
def write_list(self, v: List[str]) -> 'WriteBuf': def write_list(self, v: List[str]) -> 'WriteBuf':
return self.write_string(u','.join(v)) return self.write_string(','.join(v))
@classmethod @classmethod
def _bitlength(cls, n: int) -> int: def _bitlength(cls, n: int) -> int: