Added 'additional_notes' field to JSON output.

README.md

@@ -187,6 +187,7 @@ For convenience, a web front-end on top of the command-line tool is available at
  - Updated Ubuntu Server & Client policies for 20.04 and 22.04 to account for key exchange list changes due to Terrapin vulnerability patches.
  - Re-organized option host key types for OpenSSH 9.2 server policy to correspond with updated Debian 12 hardening guide.
  - Added built-in policies for OpenSSH 9.5 and 9.6.
+ - Added an "additional_notes" field to the JSON output.
 
 ### v3.0.0 (2023-09-07)
  - Results from concurrent scans against multiple hosts are no longer improperly combined; bug discovered by [Adam Russell](https://github.com/thecliguy).

src/ssh_audit/ssh_audit.py

@@ -697,7 +697,7 @@ def output(out: OutputBuffer, aconf: AuditConf, banner: Optional[Banner], header
     if aconf.json:
         out.reset()
         # Build & write the JSON struct.
-        out.info(json.dumps(build_struct(aconf.host + ":" + str(aconf.port), banner, cves, kex=kex, client_host=client_host, software=software, algorithms=algs, algorithm_recommendation_suppress_list=algorithm_recommendation_suppress_list), indent=4 if aconf.json_print_indent else None, sort_keys=True))
+        out.info(json.dumps(build_struct(aconf.host + ":" + str(aconf.port), banner, cves, kex=kex, client_host=client_host, software=software, algorithms=algs, algorithm_recommendation_suppress_list=algorithm_recommendation_suppress_list, additional_notes=additional_notes), indent=4 if aconf.json_print_indent else None, sort_keys=True))
     elif len(unknown_algorithms) > 0:  # If we encountered any unknown algorithms, ask the user to report them.
         out.warn("\n\n!!! WARNING: unknown algorithm(s) found!: %s.  Please email the full output above to the maintainer (jtesta@positronsecurity.com), or create a Github issue at <https://github.com/jtesta/ssh-audit/issues>.\n" % ','.join(unknown_algorithms))
 
@@ -1033,7 +1033,7 @@ def process_commandline(out: OutputBuffer, args: List[str], usage_cb: Callable[.
     return aconf
 
 
-def build_struct(target_host: str, banner: Optional['Banner'], cves: List[Dict[str, Union[str, float]]], kex: Optional['SSH2_Kex'] = None, pkm: Optional['SSH1_PublicKeyMessage'] = None, client_host: Optional[str] = None, software: Optional[Software] = None, algorithms: Optional[Algorithms] = None, algorithm_recommendation_suppress_list: Optional[List[str]] = None) -> Any:  # pylint: disable=too-many-arguments
+def build_struct(target_host: str, banner: Optional['Banner'], cves: List[Dict[str, Union[str, float]]], kex: Optional['SSH2_Kex'] = None, pkm: Optional['SSH1_PublicKeyMessage'] = None, client_host: Optional[str] = None, software: Optional[Software] = None, algorithms: Optional[Algorithms] = None, algorithm_recommendation_suppress_list: Optional[List[str]] = None, additional_notes: str = "") -> Any:  # pylint: disable=too-many-arguments
 
     def fetch_notes(algorithm: str, alg_type: str) -> Dict[str, List[Optional[str]]]:
         '''Returns a dictionary containing the messages in the "fail", "warn", and "info" levels for this algorithm.'''
@@ -1201,6 +1201,9 @@ def build_struct(target_host: str, banner: Optional['Banner'], cves: List[Dict[s
     # Add in the recommendations.
     res['recommendations'] = get_algorithm_recommendations(algorithms, algorithm_recommendation_suppress_list, software, for_server=True)
 
+    # Add in the additional notes.  Currently just one string, but in the future this may grow to multiple strings.  Hence, an array is needed to prevent future schema breakage.
+    res['additional_notes'] = [additional_notes]
+
     return res
 
 

test/docker/expected_results/dropbear_2019.78_test1.json

@@ -1,4 +1,7 @@
 {
+    "additional_notes": [
+        ""
+    ],
     "banner": {
         "comments": null,
         "protocol": "2.0",

test/docker/expected_results/openssh_4.0p1_test1.json

@@ -1,4 +1,7 @@
 {
+    "additional_notes": [
+        ""
+    ],
     "banner": {
         "comments": null,
         "protocol": "1.99",

test/docker/expected_results/openssh_5.6p1_test1.json

@@ -1,4 +1,7 @@
 {
+    "additional_notes": [
+        ""
+    ],
     "banner": {
         "comments": null,
         "protocol": "2.0",

test/docker/expected_results/openssh_5.6p1_test2.json

@@ -1,4 +1,7 @@
 {
+    "additional_notes": [
+        ""
+    ],
     "banner": {
         "comments": null,
         "protocol": "2.0",

test/docker/expected_results/openssh_5.6p1_test3.json

@@ -1,4 +1,7 @@
 {
+    "additional_notes": [
+        ""
+    ],
     "banner": {
         "comments": null,
         "protocol": "2.0",

test/docker/expected_results/openssh_5.6p1_test4.json

@@ -1,4 +1,7 @@
 {
+    "additional_notes": [
+        ""
+    ],
     "banner": {
         "comments": null,
         "protocol": "2.0",

test/docker/expected_results/openssh_5.6p1_test5.json

@@ -1,4 +1,7 @@
 {
+    "additional_notes": [
+        ""
+    ],
     "banner": {
         "comments": null,
         "protocol": "2.0",

test/docker/expected_results/openssh_8.0p1_test1.json

@@ -1,4 +1,7 @@
 {
+    "additional_notes": [
+        ""
+    ],
     "banner": {
         "comments": null,
         "protocol": "2.0",

test/docker/expected_results/openssh_8.0p1_test2.json

@@ -1,4 +1,7 @@
 {
+    "additional_notes": [
+        ""
+    ],
     "banner": {
         "comments": null,
         "protocol": "2.0",

test/docker/expected_results/openssh_8.0p1_test3.json

@@ -1,4 +1,7 @@
 {
+    "additional_notes": [
+        ""
+    ],
     "banner": {
         "comments": null,
         "protocol": "2.0",

test/docker/expected_results/tinyssh_20190101_test1.json

@@ -1,4 +1,7 @@
 {
+    "additional_notes": [
+        ""
+    ],
     "banner": {
         "comments": "",
         "protocol": "2.0",