Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssh-audit: 1.7.0 -> 2.2.0 #94694

Merged
merged 1 commit into from Aug 13, 2020
Merged

ssh-audit: 1.7.0 -> 2.2.0 #94694

merged 1 commit into from Aug 13, 2020

Conversation

mweinelt
Copy link
Member

@mweinelt mweinelt commented Aug 5, 2020

Motivation for this change

Fixes: #94618

  • Migrates to the fork, the original project is dead.
  • The project structure is a bit messy, hence the cp/mv hack in postPatch.

I disabled a few tests since 10 of 99 are failing, but IMO that's not our fauflt.

=================================== FAILURES ===================================
________________________ TestResolve.test_resolve_error ________________________

self = <test_resolve.TestResolve object at 0x7ffff69f9460>, output_spy = []
virtual_socket = <conftest._VirtualSocket object at 0x7ffff655b430>

    def test_resolve_error(self, output_spy, virtual_socket):
        vsocket = virtual_socket
        vsocket.gsock.addrinfodata['localhost#22'] = socket.gaierror(8, 'hostname nor servname provided, or not known')
>       s = self.ssh.Socket('localhost', 22)
E    TypeError: __init__() missing 3 required positional arguments: 'ipvo', 'timeout', and 'timeout_set'

test/test_resolve.py:24: TypeError
----------------------------- Captured stderr call -----------------------------
Exception ignored in: <function SSH.Socket.__del__ at 0x7ffff69af4c0>
Traceback (most recent call last):
  File "/build/source/ssh-audit.py", line 2321, in __del__
    self.__cleanup()
  File "/build/source/ssh-audit.py", line 2325, in __cleanup
    self._close_socket(self.__sock)
AttributeError: 'Socket' object has no attribute '_Socket__sock'
______________ TestResolve.test_resolve_hostname_without_records _______________

self = <test_resolve.TestResolve object at 0x7ffff67fb100>, output_spy = []
virtual_socket = <conftest._VirtualSocket object at 0x7ffff68a2be0>

    def test_resolve_hostname_without_records(self, output_spy, virtual_socket):
        vsocket = virtual_socket
        vsocket.gsock.addrinfodata['localhost#22'] = []
>       s = self.ssh.Socket('localhost', 22)
E    TypeError: __init__() missing 3 required positional arguments: 'ipvo', 'timeout', and 'timeout_set'

test/test_resolve.py:36: TypeError
----------------------------- Captured stderr call -----------------------------
Exception ignored in: <function SSH.Socket.__del__ at 0x7ffff69af4c0>
Traceback (most recent call last):
  File "/build/source/ssh-audit.py", line 2321, in __del__
    self.__cleanup()
  File "/build/source/ssh-audit.py", line 2325, in __cleanup
    self._close_socket(self.__sock)
AttributeError: 'Socket' object has no attribute '_Socket__sock'
________________________ TestResolve.test_resolve_ipv4 _________________________

self = <test_resolve.TestResolve object at 0x7ffff654f760>
virtual_socket = <conftest._VirtualSocket object at 0x7ffff69eba30>

    def test_resolve_ipv4(self, virtual_socket):
        vsocket = virtual_socket
        conf = self._conf()
        conf.ipv4 = True
>       s = self.ssh.Socket('localhost', 22)
E    TypeError: __init__() missing 3 required positional arguments: 'ipvo', 'timeout', and 'timeout_set'

test/test_resolve.py:46: TypeError
----------------------------- Captured stderr call -----------------------------
Exception ignored in: <function SSH.Socket.__del__ at 0x7ffff69af4c0>
Traceback (most recent call last):
  File "/build/source/ssh-audit.py", line 2321, in __del__
    self.__cleanup()
  File "/build/source/ssh-audit.py", line 2325, in __cleanup
    self._close_socket(self.__sock)
AttributeError: 'Socket' object has no attribute '_Socket__sock'
________________________ TestResolve.test_resolve_ipv6 _________________________

self = <test_resolve.TestResolve object at 0x7ffff68be850>
virtual_socket = <conftest._VirtualSocket object at 0x7ffff68bec10>

    def test_resolve_ipv6(self, virtual_socket):
        vsocket = virtual_socket
>       s = self.ssh.Socket('localhost', 22)
E    TypeError: __init__() missing 3 required positional arguments: 'ipvo', 'timeout', and 'timeout_set'

test/test_resolve.py:53: TypeError
----------------------------- Captured stderr call -----------------------------
Exception ignored in: <function SSH.Socket.__del__ at 0x7ffff69af4c0>
Traceback (most recent call last):
  File "/build/source/ssh-audit.py", line 2321, in __del__
    self.__cleanup()
  File "/build/source/ssh-audit.py", line 2325, in __cleanup
    self._close_socket(self.__sock)
AttributeError: 'Socket' object has no attribute '_Socket__sock'
_____________________ TestResolve.test_resolve_ipv46_both ______________________

self = <test_resolve.TestResolve object at 0x7ffff63ed910>
virtual_socket = <conftest._VirtualSocket object at 0x7ffff63ed580>

    def test_resolve_ipv46_both(self, virtual_socket):
        vsocket = virtual_socket
>       s = self.ssh.Socket('localhost', 22)
E    TypeError: __init__() missing 3 required positional arguments: 'ipvo', 'timeout', and 'timeout_set'

test/test_resolve.py:62: TypeError
----------------------------- Captured stderr call -----------------------------
Exception ignored in: <function SSH.Socket.__del__ at 0x7ffff69af4c0>
Traceback (most recent call last):
  File "/build/source/ssh-audit.py", line 2321, in __del__
    self.__cleanup()
  File "/build/source/ssh-audit.py", line 2325, in __cleanup
    self._close_socket(self.__sock)
AttributeError: 'Socket' object has no attribute '_Socket__sock'
_____________________ TestResolve.test_resolve_ipv46_order _____________________

self = <test_resolve.TestResolve object at 0x7ffff68acca0>
virtual_socket = <conftest._VirtualSocket object at 0x7ffff68acd30>

    def test_resolve_ipv46_order(self, virtual_socket):
        vsocket = virtual_socket
>       s = self.ssh.Socket('localhost', 22)
E    TypeError: __init__() missing 3 required positional arguments: 'ipvo', 'timeout', and 'timeout_set'

test/test_resolve.py:71: TypeError
----------------------------- Captured stderr call -----------------------------
Exception ignored in: <function SSH.Socket.__del__ at 0x7ffff69af4c0>
Traceback (most recent call last):
  File "/build/source/ssh-audit.py", line 2321, in __del__
    self.__cleanup()
  File "/build/source/ssh-audit.py", line 2325, in __cleanup
    self._close_socket(self.__sock)
AttributeError: 'Socket' object has no attribute '_Socket__sock'
_________________________ TestSocket.test_invalid_host _________________________

self = <test_socket.TestSocket object at 0x7ffff69f94c0>
virtual_socket = <conftest._VirtualSocket object at 0x7ffff68acbb0>

    def test_invalid_host(self, virtual_socket):
        with pytest.raises(ValueError):
>               s = self.ssh.Socket(None, 22)
E     TypeError: __init__() missing 3 required positional arguments: 'ipvo', 'timeout', and 'timeout_set'

test/test_socket.py:15: TypeError
----------------------------- Captured stderr call -----------------------------
Exception ignored in: <function SSH.Socket.__del__ at 0x7ffff69af4c0>
Traceback (most recent call last):
  File "/build/source/ssh-audit.py", line 2321, in __del__
    self.__cleanup()
  File "/build/source/ssh-audit.py", line 2325, in __cleanup
    self._close_socket(self.__sock)
AttributeError: 'Socket' object has no attribute '_Socket__sock'
_________________________ TestSocket.test_invalid_port _________________________

self = <test_socket.TestSocket object at 0x7ffff64487f0>
virtual_socket = <conftest._VirtualSocket object at 0x7ffff64480a0>

    def test_invalid_port(self, virtual_socket):
        with pytest.raises(ValueError):
>               s = self.ssh.Socket('localhost', 'abc')
E     TypeError: __init__() missing 3 required positional arguments: 'ipvo', 'timeout', and 'timeout_set'

test/test_socket.py:19: TypeError
----------------------------- Captured stderr call -----------------------------
Exception ignored in: <function SSH.Socket.__del__ at 0x7ffff69af4c0>
Traceback (most recent call last):
  File "/build/source/ssh-audit.py", line 2321, in __del__
    self.__cleanup()
  File "/build/source/ssh-audit.py", line 2325, in __cleanup
    self._close_socket(self.__sock)
AttributeError: 'Socket' object has no attribute '_Socket__sock'
_____________________ TestSocket.test_not_connected_socket _____________________

self = <test_socket.TestSocket object at 0x7ffff69f4370>
virtual_socket = <conftest._VirtualSocket object at 0x7ffff69f4eb0>

    def test_not_connected_socket(self, virtual_socket):
>       sock = self.ssh.Socket('localhost', 22)
E    TypeError: __init__() missing 3 required positional arguments: 'ipvo', 'timeout', and 'timeout_set'

test/test_socket.py:28: TypeError
----------------------------- Captured stderr call -----------------------------
Exception ignored in: <function SSH.Socket.__del__ at 0x7ffff69af4c0>
Traceback (most recent call last):
  File "/build/source/ssh-audit.py", line 2321, in __del__
    self.__cleanup()
  File "/build/source/ssh-audit.py", line 2325, in __cleanup
    self._close_socket(self.__sock)
AttributeError: 'Socket' object has no attribute '_Socket__sock'
_______________________ TestSSH2.test_ssh2_server_simple _______________________

self = <test_ssh2.TestSSH2 object at 0x7ffff6448ee0>, output_spy = []
virtual_socket = <conftest._VirtualSocket object at 0x7ffff63ed880>

    def test_ssh2_server_simple(self, output_spy, virtual_socket):
        vsocket = virtual_socket
        w = self.wbuf()
        w.write_byte(self.ssh.Protocol.MSG_KEXINIT)
        w.write(self._kex_payload())
        vsocket.rdata.append(b'SSH-2.0-OpenSSH_7.3 ssh-audit-test\r\n')
        vsocket.rdata.append(self._create_ssh2_packet(w.write_flush()))
        output_spy.begin()
>       self.audit(self._conf())

test/test_ssh2.py:140:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
ssh-audit.py:3334: in audit
    SSH2.HostKeyTest.run(s, kex)
ssh-audit.py:710: in run
    SSH2.HostKeyTest.__test(s, server_kex, kex_str, kex_group, SSH2.HostKeyTest.HOST_KEY_TYPES)
ssh-audit.py:740: in __test
    SSH2.Kex.parse(payload)
ssh-audit.py:647: in parse
    kex_algs = buf.read_list()
ssh-audit.py:1142: in read_list
    list_size = self.read_int()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <ssh-audit.ReadBuf object at 0x7ffff689a5e0>

    def read_int(self):
        # type: () -> int
>       v = struct.unpack('>I', self.read(4))[0]  # type: int
E    struct.error: unpack requires a buffer of 4 bytes

ssh-audit.py:1137: error
=========================== short test summary info ============================
FAILED test/test_resolve.py::TestResolve::test_resolve_error - TypeError: __i...
FAILED test/test_resolve.py::TestResolve::test_resolve_hostname_without_records
FAILED test/test_resolve.py::TestResolve::test_resolve_ipv4 - TypeError: __in...
FAILED test/test_resolve.py::TestResolve::test_resolve_ipv6 - TypeError: __in...
FAILED test/test_resolve.py::TestResolve::test_resolve_ipv46_both - TypeError...
FAILED test/test_resolve.py::TestResolve::test_resolve_ipv46_order - TypeErro...
FAILED test/test_socket.py::TestSocket::test_invalid_host - TypeError: __init...
FAILED test/test_socket.py::TestSocket::test_invalid_port - TypeError: __init...
FAILED test/test_socket.py::TestSocket::test_not_connected_socket - TypeError...
FAILED test/test_ssh2.py::TestSSH2::test_ssh2_server_simple - struct.error: u...
======================== 10 failed, 99 passed in 1.48s =========================
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@mweinelt mweinelt requested review from 4z3 and Izorkin August 5, 2020 01:18
@Izorkin
Copy link
Contributor

Izorkin commented Aug 5, 2020

Check audit ssh-server worked. Audit client configuration - not worked:

ssh-audit --port 8022 --client-audit --timeout=300
# general
(gen) banner: SSH-2.0-OpenSSH_8.0
(gen) software: OpenSSH 8.0

[exception] error reading packet (empty)

@Izorkin
Copy link
Contributor

Izorkin commented Aug 5, 2020

Created issue - jtesta/ssh-audit#56

@jugmac00
Copy link

jugmac00 commented Aug 5, 2020

A quick note on ssh-audit:

  • for reasons the development happens in the dev branch
  • in the dev branch, lots of new features are implemented
  • all tests are fixed
  • typing is fixed
  • code is linted
  • ...

The project setup may be tackled after the upcoming 2.3.0 release. As far as I understood the project was created by security specialists, and not by Python developers.

Afaik, Joe said he will release the new version (2.3.0) with all these fixed incorporated theses days (jtesta/ssh-audit#52 (comment)).

@Izorkin
Copy link
Contributor

Izorkin commented Aug 11, 2020

ssh-audit worked.
I test did not correctly.
To check, need run the command ssh 127.0.0.1 -p 2222, not this command ssh-audit 127.0.0.1 --port 2222

4z3
4z3 approved these changes Aug 13, 2020
View reviewed changes
Copy link
Contributor

@4z3 4z3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Successfully tested with stable branch (3a78bb2).

@mweinelt mweinelt merged commit 7e2d70f into NixOS:master Aug 13, 2020
@mweinelt mweinelt deleted the ssh-audit branch August 13, 2020 12:46
@Izorkin
Copy link
Contributor

Izorkin commented Aug 13, 2020

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@4z3 4z3 4z3 approved these changes

@Izorkin Izorkin Izorkin approved these changes

Assignees
No one assigned
Labels
10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 10.rebuild-linux: 1-10 10.rebuild-linux: 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update package ssh-audit
4 participants
@mweinelt @Izorkin @jugmac00 @4z3