65 Commits

Author SHA1 Message Date
Jürgen Gmach
29d874b450
Fix tox and finally make Travis green (#29)
* Ignore all flake8 warnings - one by one

Without ignoring, there are by far more than 1000 linting issues.

Fixing these warnings means possibly changing almost every line of
code, as single warnings can effect more than one line.

Doing this in one pull request is generally no good idea, and especially
not now, as the test suite is currently broken.

Instead of just deactivating flake8, or ignoring its exit code, the
warnings are ignored one by one.

This means, when one wants to work on the linting issues, one can just
remove one ignored warning, and fix the problems - which is not too much
work at once, and leads to an managable diff.

modified:   tox.ini

* Unpin dependencies for mypy run

... as they could not be installed due to compilation errors.

modified:   tox.ini

* Fix syntax error for mypy

When new code was added via
af663da838
the type hint was moved further down and so caused a syntax error, as
type hints have to follow the function declaration directly.

Now, the the type linter finally works and shows 187 errors.

modified:   ssh-audit.py

* Update .gitignore for mypy

modified:   .gitignore

* Let tox not fail on mypy errors

Currently, there are almost 200 typing related errors.

Instead of letting the tox run fail, the errors are still shown, but
the exit code gets ignored for now.

This way one can fix them one by one - if wanted.

modified:   tox.ini

* Let tox not fail on pylint errors

Currently, there are more than 100 linting related errors.

Most of them will be fixed when flake8 gets fixed.

Instead of letting the tox run fail, the errors are still shown, but the
exit code gets ignored for now.

This way, one can fix them one by one.

modified:   tox.ini

* Let vulture only fail on 100% confidence

Vulture is a tool to find dead code. Unlike Flake8, which also finds
unused imports and variables, Vulture does some guess work and finally
outputs a list of possible dead code with a confidence marker.

Already the first result ...
"ssh-audit.py:48: unused import 'Dict' (90% confidence)"
... is a false-positive.

As Flake8 also does a good job in detecting unused code, it makes not
much sense to let tox fail when vulture fails.

Instead of deactivating vulture, it was configured in a way to only
report results with 100% confidence.

modified:   tox.ini

* Make timeout_set optional

When timeout_set was introduced in
1ec13c653e
the tests were not updated, which instantiated the Socket class.

While the commit message read "A timeout can now be specified", the
code enforced a `timeout_set`.

`timeout_set` now is `False` by default.

modified:   ssh-audit.py

* Set default values for Socket's `ipvo` and `timeout`

Commit
f44663bfc4
introduced two new arguments to the Socket class, but did not update
the tests, which still relied on the socket class to only require two arguments.

While for `ipvo`the default of `None` is obvious, as in `__init__` it is
checked for it, for `timeout` it was not that obvious.

Luckily, in the README a default of 5 (seconds) is mentioned.

modified:   ssh-audit.py

* Un-comment exception handling

While working on commit
fd3a1f7d41
possibly it was forgotten to undo the commenting of the exception
handling for the case, when the Socket class was instantiated with a
missing `host` argument.

This broke the `test_invalid_host` test.

modified:   ssh-audit.py

* Skip `test_ssh2_server_simple` temporarily

After fixing all the other tests and make tox run again, there is one
failing test left, which unfortunately is not super easy to fix without
further research (at least not for me).

I marked `test_ssh2_server_simple` to be skipped in test runs
(temporarily), so at least, when working on new features, there is
working test suite, now.

modified:   test/test_ssh2.py

* Do not pin pytest and coverage version

... but do use pytest < 6, as this version will have a breaking change
with junit/Jenkins integration

Also see https://github.com/jtesta/ssh-audit/issues/34

* Drop unsupported Python versions

... except Python 2.7, as this will need also changes to the source
code, and this pull request is already big enough.

Also, support for Python 3.8 was added.

The Travis configuration was simplified a lot, by leveraging the tox
configuration.

Also, the mac builds have been dropped, as they all took almost an hour
each, they failed and I have no experience on how to fix them.

The `appveyor` build only has been updated to reflect the updated Python
versions, as I have no access to the status page and no experience with
this build environment.

Also, removed call to `coveralls`, which seems to be a leftover from
the old repository.

modified:   .appveyor.yml
modified:   .travis.yml
modified:   packages/setup.py
deleted:    test/tools/ci-linux.sh
modified:   tox.ini
2020-06-08 16:38:22 -04:00
Joe Testa
c9a2f2955c Marked host key type 'ssh-rsa' as weak due to practical SHA-1 collisions. 2020-02-08 23:56:54 -05:00
Joe Testa
0263769243 Added JSON output tests to docker testing suite. 2019-11-08 18:40:32 -05:00
Joe Testa
e62b548677 Updated info on curve25519-sha256 kex. 2019-10-21 11:50:23 -04:00
Joe Testa
fd3a1f7d41 Added client audit functionality. (#3) 2019-09-27 18:14:36 -04:00
Joe Testa
7221413567 Added TinySSH test. 2019-08-27 22:28:24 -04:00
Joe Testa
120f898539 Added Dropbear test. 2019-08-26 14:45:31 -04:00
Joe Testa
4ebccb8068 Added OpenSSH v4.0 test. 2019-08-22 16:48:23 -04:00
Joe Testa
4f138d7f82 Added docker testing framework. 2019-08-22 16:04:46 -04:00
Andris Raugulis
d8eb46d766 Correct IPv6 parsing in command-line. Fixes #26. 2017-05-05 14:12:45 +03:00
Andris Raugulis
96d442ec62 Test Timeframe repr(). 2017-04-11 13:32:38 +03:00
Andris Raugulis
1d1f842bed Refactor output level/colors, fix python:S1845. 2017-04-10 19:20:31 +03:00
Andris Raugulis
72a6b9eeaf Refactor and test SSH.Algorithm. 2017-04-10 13:20:32 +03:00
Andris Raugulis
6c8173d409 Fix to_ntext test. 2017-04-06 05:27:40 +03:00
Andris Raugulis
bb122ffe13 Replace assertions with exceptions. 2017-04-05 16:02:40 +03:00
Andris Raugulis
464bb154f3 Use git commit as dev version suffix. Add badge. 2017-04-05 04:25:01 +03:00
Andris Raugulis
9fe69841eb Integrate SonarQube analysis. 2017-04-05 03:22:13 +03:00
Andris Raugulis
f330608278 Test with pypy and pypy3 environments. 2017-04-01 10:21:50 +03:00
Andris Raugulis
041805f608 Test with AppVeyor environment. 2017-03-30 16:31:12 +03:00
Andris Raugulis
2f7c64d896 Report python version in CI. 2017-03-28 10:25:55 +03:00
Andris Raugulis
e91bbb5e30 Better testing environment. 2017-03-28 07:49:52 +03:00
Andris Raugulis
8b7659c4d3 Remove unnecessary files, now that everything is in tox. Add codecov badge. 2017-03-25 08:02:49 +02:00
Andris Raugulis
65ef250aae Upgrade to Mypy 0.501 and fix issues. Add requirements.txt. 2017-03-23 23:17:35 +02:00
Andris Raugulis
94a74e9cfd Reviewed libssh-0.7.4 changes. 2017-02-13 13:33:50 +02:00
Andris Raugulis
54b0960502 Upgrade to Mypy 0.470. Add colorama stub. Fix identation. 2017-01-23 19:34:06 +02:00
bs
ff500ba84b Add OpenSSH CVE list (#25) 2017-01-23 17:45:25 +02:00
Andris Raugulis
9a409e835e Refactor outer functions within classes.
Use mypy strict optional checks and fix them.
Use better comparison for compatiblity output.
Add initial socket tests.
2016-11-03 19:10:49 +02:00
Andris Raugulis
6fde896d77 Add resolve tests. 2016-11-02 19:29:21 +02:00
Andris Raugulis
5bb0ae0ceb Rework is/to ASCII and implement printable ASCII is/to functions.
Add Utils tests.
2016-11-02 18:23:55 +02:00
Andris Raugulis
11b6155c64 Use Python defined error numbers. 2016-11-02 13:18:03 +02:00
Andris Raugulis
44c1d4827c Specify error when couldn't get banner. Test for timeout and retry cases. 2016-11-02 13:00:24 +02:00
Andris Raugulis
66b9e079a8 Implement new options (-4/--ipv4, -6/--ipv6, -p/--port <port>).
By default both IPv4 and IPv6 is supported and order of precedence depends on OS.
By using -46, IPv4 is prefered, but by using -64, IPv6 is preferd.
For now the old way how to specify port (host:port) has been kept intact.
2016-10-26 18:33:00 +03:00
Andrew Murray
8018209dd1 Fixed typos 2016-10-26 12:17:31 +03:00
Andris Raugulis
4684ff0113 Add linter fixes for tests. 2016-10-25 17:19:08 +03:00
Andris Raugulis
84dfdcaf5e Invalid CRC32 checksum test. 2016-10-25 16:59:43 +03:00
Andris Raugulis
318aab79bc Add simple server tests for SSH1 and SSH2. 2016-10-25 16:57:30 +03:00
Andris Raugulis
4bbb1f4d11 Use safer UTF-8 decoding (with replace) and add related tests. 2016-10-25 13:53:51 +03:00
Andris Raugulis
66bd6c3ef0 Test colors only if they are supported. 2016-10-25 11:57:13 +03:00
Andris Raugulis
a5f1cd9197 Tune prospector and pylint settings. 2016-10-20 20:00:29 +03:00
Andris Raugulis
42be99a2c7 Test for non-ASCII banner. 2016-10-19 20:53:47 +03:00
Andris Raugulis
ca6cfb81a2 Import mypy configuration script and run scripts (for Python 2.7 and 3.5).
Import pytest coverage script.
2016-10-19 20:51:57 +03:00
Andris Raugulis
8ca6ec591d Handle the case when received data is in wrong encoding (not utf-8). 2016-10-18 09:45:03 +03:00
Andris Raugulis
6b76e68d0d Fix wrongly introduced Python 3 incompatibility. Fixes #14 and #15.
Add static type checks via mypy (optional static type checker),
Add relevant tests, which could trigger the issue.
2016-10-17 20:31:13 +03:00
Andris Raugulis
f065118959 Create virtual socket fixture (socket mocking). 2016-10-17 20:27:35 +03:00
Andris Raugulis
63a9c479a7 Test kex payload generation. 2016-10-14 16:17:38 +03:00
Andris Raugulis
4959029c33 Use output spy for tests. 2016-10-13 18:01:11 +03:00
Andris Raugulis
2abbe8f229 Test SSH1 pkm payload generation. 2016-10-13 17:56:39 +03:00
Andris Raugulis
58a943bed9 Share output spying for tests. 2016-10-13 17:55:59 +03:00
Andris Raugulis
69436b2c77 Test command line parsing. 2016-10-10 12:42:40 +03:00
Andris Raugulis
07c272f197 Fix warnings in test. 2016-10-07 19:55:49 +03:00