mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-12-04 16:25:15 +01:00
45 lines
2.0 KiB
Python
45 lines
2.0 KiB
Python
import os
|
|
import pytest
|
|
|
|
from ssh_audit.outputbuffer import OutputBuffer
|
|
from ssh_audit.ssh2_kex import SSH2_Kex
|
|
from ssh_audit.ssh2_kexparty import SSH2_KexParty
|
|
|
|
|
|
@pytest.fixture
|
|
def kex(ssh_audit):
|
|
kex_algs, key_algs = [], []
|
|
enc, mac, compression, languages = [], [], ['none'], []
|
|
cli = SSH2_KexParty(enc, mac, compression, languages)
|
|
enc, mac, compression, languages = [], [], ['none'], []
|
|
srv = SSH2_KexParty(enc, mac, compression, languages)
|
|
cookie = os.urandom(16)
|
|
kex = SSH2_Kex(OutputBuffer, cookie, kex_algs, key_algs, cli, srv, 0)
|
|
return kex
|
|
|
|
|
|
def test_prevent_runtime_error_regression(ssh_audit, kex):
|
|
"""Prevent a regression of https://github.com/jtesta/ssh-audit/issues/41
|
|
|
|
The following test setup does not contain any sensible data.
|
|
It was made up to reproduce a situation when there are several host
|
|
keys, and an error occurred when iterating and modifying them at the
|
|
same time.
|
|
"""
|
|
kex.set_host_key("ssh-rsa", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
|
kex.set_host_key("ssh-rsa1", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
|
kex.set_host_key("ssh-rsa2", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
|
kex.set_host_key("ssh-rsa3", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
|
kex.set_host_key("ssh-rsa4", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
|
kex.set_host_key("ssh-rsa5", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
|
kex.set_host_key("ssh-rsa6", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
|
kex.set_host_key("ssh-rsa7", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
|
kex.set_host_key("ssh-rsa8", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
|
|
|
rv = ssh_audit.build_struct('localhost', None, [], kex=kex)
|
|
|
|
assert len(rv["fingerprints"]) == (9 * 2) # Each host key generates two hash fingerprints: one using SHA256, and one using MD5.
|
|
|
|
for key in ['banner', 'compression', 'enc', 'fingerprints', 'kex', 'key', 'mac']:
|
|
assert key in rv
|