mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-07-02 12:14:45 +02:00
246a41d46f
* Apply Flake8 also on `setup.py` modified: tox.ini * Fix W605 - invalid escape syntax modified: packages/setup.py modified: tox.ini * Update comment about Flake8: W504 W503 and W504 are mutual exclusive - so we have to keep one of them. modified: tox.ini * Fix F841 - variable assigned but never used modified: ssh-audit.py modified: tox.ini * Fix E741 - ambiguous variable name 'l' modified: ssh-audit.py modified: tox.ini * Fix E712 - comparison to False should be 'if cond is False' ... and not 'if conf == False'. modified: ssh-audit.py modified: tox.ini * Fix E711 - comparison to None should be 'if cond is not None' ... and not 'if cond != None'. modified: ssh-audit.py modified: tox.ini * Fix E305 - expected 2 blank lines ... after class or function definition, found 1. modified: ssh-audit.py modified: tox.ini * Fix E303 - too many blank lines modified: ssh-audit.py modified: tox.ini * Fix E303 - too many blank lines modified: ssh-audit.py modified: tox.ini * Fix E301 - expected 1 blank line, found 0 No code change necessary, probably fixed by another commit. modified: tox.ini * Fix E265 - block comment should start with '# ' There is lots of commented out code, which usually should be just deleted. I will keep it for now, as I am not yet very familiar with the code base. modified: ssh-audit.py modified: tox.ini * Fix E261 - at least two spaces before inline comment modified: ssh-audit.py modified: tox.ini * Fix E251 - unexpected spaces around keyword / parameter equals modified: packages/setup.py modified: tox.ini * Fix E231 - missing whitespace after ',' No code change necessary, probably fixed by previous commit. modified: tox.ini * Fix E226 - missing whitespace around arithmetic operator modified: ssh-audit.py modified: tox.ini * Fix W293 - blank line contains whitespace modified: ssh-audit.py modified: tox.ini * Fix E221 - multiple spaces before operator modified: ssh-audit.py modified: tox.ini * Update comment about Flake 8 E241 Lots of data is formatted as tables, so this warning is disabled for a good reason. modified: tox.ini * Fix E401 - multiple imports on one line modified: ssh-audit.py modified: tox.ini * Do not ignore Flake8 warning F401 ... as there were no errors in source code anyway. modified: tox.ini * Fix F821 - undefined name modified: ssh-audit.py modified: tox.ini * Reformat ignore section for Flake8 modified: tox.ini * Flake8 test suite modified: test/conftest.py modified: test/test_auditconf.py modified: test/test_banner.py modified: test/test_buffer.py modified: test/test_errors.py modified: test/test_output.py modified: test/test_resolve.py modified: test/test_socket.py modified: test/test_software.py modified: test/test_ssh1.py modified: test/test_ssh2.py modified: test/test_ssh_algorithm.py modified: test/test_utils.py modified: test/test_version_compare.py modified: tox.ini
158 lines
7.5 KiB
Python
158 lines
7.5 KiB
Python
#!/usr/bin/env python
|
|
# -*- coding: utf-8 -*-
|
|
import os
|
|
import struct
|
|
import pytest
|
|
|
|
|
|
# pylint: disable=line-too-long,attribute-defined-outside-init
|
|
class TestSSH2(object):
|
|
@pytest.fixture(autouse=True)
|
|
def init(self, ssh_audit):
|
|
self.ssh = ssh_audit.SSH
|
|
self.ssh2 = ssh_audit.SSH2
|
|
self.rbuf = ssh_audit.ReadBuf
|
|
self.wbuf = ssh_audit.WriteBuf
|
|
self.audit = ssh_audit.audit
|
|
self.AuditConf = ssh_audit.AuditConf
|
|
|
|
def _conf(self):
|
|
conf = self.AuditConf('localhost', 22)
|
|
conf.colors = False
|
|
conf.batch = True
|
|
conf.verbose = True
|
|
conf.ssh1 = False
|
|
conf.ssh2 = True
|
|
return conf
|
|
|
|
@classmethod
|
|
def _create_ssh2_packet(cls, payload):
|
|
padding = -(len(payload) + 5) % 8
|
|
if padding < 4:
|
|
padding += 8
|
|
plen = len(payload) + padding + 1
|
|
pad_bytes = b'\x00' * padding
|
|
data = struct.pack('>Ib', plen, padding) + payload + pad_bytes
|
|
return data
|
|
|
|
def _kex_payload(self):
|
|
w = self.wbuf()
|
|
w.write(b'\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff')
|
|
w.write_list([u'curve25519-sha256@libssh.org', u'ecdh-sha2-nistp256', u'ecdh-sha2-nistp384', u'ecdh-sha2-nistp521', u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group14-sha1'])
|
|
w.write_list([u'ssh-rsa', u'rsa-sha2-512', u'rsa-sha2-256', u'ssh-ed25519'])
|
|
w.write_list([u'chacha20-poly1305@openssh.com', u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'aes128-cbc', u'aes192-cbc', u'aes256-cbc'])
|
|
w.write_list([u'chacha20-poly1305@openssh.com', u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'aes128-cbc', u'aes192-cbc', u'aes256-cbc'])
|
|
w.write_list([u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1'])
|
|
w.write_list([u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1'])
|
|
w.write_list([u'none', u'zlib@openssh.com'])
|
|
w.write_list([u'none', u'zlib@openssh.com'])
|
|
w.write_list([u''])
|
|
w.write_list([u''])
|
|
w.write_byte(False)
|
|
w.write_int(0)
|
|
return w.write_flush()
|
|
|
|
def test_kex_read(self):
|
|
kex = self.ssh2.Kex.parse(self._kex_payload())
|
|
assert kex is not None
|
|
assert kex.cookie == b'\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff'
|
|
assert kex.kex_algorithms == [u'curve25519-sha256@libssh.org', u'ecdh-sha2-nistp256', u'ecdh-sha2-nistp384', u'ecdh-sha2-nistp521', u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group14-sha1']
|
|
assert kex.key_algorithms == [u'ssh-rsa', u'rsa-sha2-512', u'rsa-sha2-256', u'ssh-ed25519']
|
|
assert kex.client is not None
|
|
assert kex.server is not None
|
|
assert kex.client.encryption == [u'chacha20-poly1305@openssh.com', u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'aes128-cbc', u'aes192-cbc', u'aes256-cbc']
|
|
assert kex.server.encryption == [u'chacha20-poly1305@openssh.com', u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'aes128-cbc', u'aes192-cbc', u'aes256-cbc']
|
|
assert kex.client.mac == [u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1']
|
|
assert kex.server.mac == [u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1']
|
|
assert kex.client.compression == [u'none', u'zlib@openssh.com']
|
|
assert kex.server.compression == [u'none', u'zlib@openssh.com']
|
|
assert kex.client.languages == [u'']
|
|
assert kex.server.languages == [u'']
|
|
assert kex.follows is False
|
|
assert kex.unused == 0
|
|
|
|
def _get_empty_kex(self, cookie=None):
|
|
kex_algs, key_algs = [], []
|
|
enc, mac, compression, languages = [], [], ['none'], []
|
|
cli = self.ssh2.KexParty(enc, mac, compression, languages)
|
|
enc, mac, compression, languages = [], [], ['none'], []
|
|
srv = self.ssh2.KexParty(enc, mac, compression, languages)
|
|
if cookie is None:
|
|
cookie = os.urandom(16)
|
|
kex = self.ssh2.Kex(cookie, kex_algs, key_algs, cli, srv, 0)
|
|
return kex
|
|
|
|
def _get_kex_variat1(self):
|
|
cookie = b'\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff'
|
|
kex = self._get_empty_kex(cookie)
|
|
kex.kex_algorithms.append('curve25519-sha256@libssh.org')
|
|
kex.kex_algorithms.append('ecdh-sha2-nistp256')
|
|
kex.kex_algorithms.append('ecdh-sha2-nistp384')
|
|
kex.kex_algorithms.append('ecdh-sha2-nistp521')
|
|
kex.kex_algorithms.append('diffie-hellman-group-exchange-sha256')
|
|
kex.kex_algorithms.append('diffie-hellman-group14-sha1')
|
|
kex.key_algorithms.append('ssh-rsa')
|
|
kex.key_algorithms.append('rsa-sha2-512')
|
|
kex.key_algorithms.append('rsa-sha2-256')
|
|
kex.key_algorithms.append('ssh-ed25519')
|
|
kex.server.encryption.append('chacha20-poly1305@openssh.com')
|
|
kex.server.encryption.append('aes128-ctr')
|
|
kex.server.encryption.append('aes192-ctr')
|
|
kex.server.encryption.append('aes256-ctr')
|
|
kex.server.encryption.append('aes128-gcm@openssh.com')
|
|
kex.server.encryption.append('aes256-gcm@openssh.com')
|
|
kex.server.encryption.append('aes128-cbc')
|
|
kex.server.encryption.append('aes192-cbc')
|
|
kex.server.encryption.append('aes256-cbc')
|
|
kex.server.mac.append('umac-64-etm@openssh.com')
|
|
kex.server.mac.append('umac-128-etm@openssh.com')
|
|
kex.server.mac.append('hmac-sha2-256-etm@openssh.com')
|
|
kex.server.mac.append('hmac-sha2-512-etm@openssh.com')
|
|
kex.server.mac.append('hmac-sha1-etm@openssh.com')
|
|
kex.server.mac.append('umac-64@openssh.com')
|
|
kex.server.mac.append('umac-128@openssh.com')
|
|
kex.server.mac.append('hmac-sha2-256')
|
|
kex.server.mac.append('hmac-sha2-512')
|
|
kex.server.mac.append('hmac-sha1')
|
|
kex.server.compression.append('zlib@openssh.com')
|
|
for a in kex.server.encryption:
|
|
kex.client.encryption.append(a)
|
|
for a in kex.server.mac:
|
|
kex.client.mac.append(a)
|
|
for a in kex.server.compression:
|
|
if a == 'none':
|
|
continue
|
|
kex.client.compression.append(a)
|
|
return kex
|
|
|
|
def test_key_payload(self):
|
|
kex1 = self._get_kex_variat1()
|
|
kex2 = self.ssh2.Kex.parse(self._kex_payload())
|
|
assert kex1.payload == kex2.payload
|
|
|
|
@pytest.mark.skip(reason="Temporarily skip this test to have a working test suite!")
|
|
def test_ssh2_server_simple(self, output_spy, virtual_socket):
|
|
vsocket = virtual_socket
|
|
w = self.wbuf()
|
|
w.write_byte(self.ssh.Protocol.MSG_KEXINIT)
|
|
w.write(self._kex_payload())
|
|
vsocket.rdata.append(b'SSH-2.0-OpenSSH_7.3 ssh-audit-test\r\n')
|
|
vsocket.rdata.append(self._create_ssh2_packet(w.write_flush()))
|
|
output_spy.begin()
|
|
self.audit(self._conf())
|
|
lines = output_spy.flush()
|
|
assert len(lines) == 72
|
|
|
|
def test_ssh2_server_invalid_first_packet(self, output_spy, virtual_socket):
|
|
vsocket = virtual_socket
|
|
w = self.wbuf()
|
|
w.write_byte(self.ssh.Protocol.MSG_KEXINIT + 1)
|
|
vsocket.rdata.append(b'SSH-2.0-OpenSSH_7.3 ssh-audit-test\r\n')
|
|
vsocket.rdata.append(self._create_ssh2_packet(w.write_flush()))
|
|
output_spy.begin()
|
|
with pytest.raises(SystemExit):
|
|
self.audit(self._conf())
|
|
lines = output_spy.flush()
|
|
assert len(lines) == 3
|
|
assert 'unknown message' in lines[-1]
|