diff --git a/tests/fixtures/generic/sshd-T-2.json b/tests/fixtures/generic/sshd-T-2.json new file mode 100644 index 00000000..b87deae0 --- /dev/null +++ b/tests/fixtures/generic/sshd-T-2.json @@ -0,0 +1 @@ +{"port":[22],"addressfamily":"any","listenaddress":["[::]:22","0.0.0.0:22"],"usepam":"yes","logingracetime":120,"x11displayoffset":10,"x11maxdisplays":1000,"maxauthtries":6,"maxsessions":10,"clientaliveinterval":0,"clientalivecountmax":3,"streamlocalbindmask":"0177","permitrootlogin":"yes","ignorerhosts":"yes","ignoreuserknownhosts":"no","hostbasedauthentication":"no","hostbasedusesnamefrompacketonly":"no","pubkeyauthentication":"yes","kerberosauthentication":"no","kerberosorlocalpasswd":"yes","kerberosticketcleanup":"yes","gssapiauthentication":"yes","gssapicleanupcredentials":"no","gssapikeyexchange":"no","gssapistrictacceptorcheck":"yes","gssapistorecredentialsonrekey":"no","gssapikexalgorithms":["gss-gex-sha1-","gss-group1-sha1-","gss-group14-sha1-"],"passwordauthentication":"yes","kbdinteractiveauthentication":"no","challengeresponseauthentication":"no","printmotd":"yes","printlastlog":"yes","x11forwarding":"yes","x11uselocalhost":"yes","permittty":"yes","permituserrc":"yes","strictmodes":"yes","tcpkeepalive":"yes","permitemptypasswords":"no","permituserenvironment":"no","compression":"yes","gatewayports":"no","showpatchlevel":"no","usedns":"yes","allowtcpforwarding":"yes","allowagentforwarding":"yes","disableforwarding":"no","allowstreamlocalforwarding":"yes","streamlocalbindunlink":"no","useprivilegeseparation":"sandbox","kerberosusekuserok":"yes","gssapienablek5users":"no","exposeauthenticationmethods":"never","fingerprinthash":"SHA256","pidfile":"/var/run/sshd.pid","xauthlocation":"/usr/bin/xauth","ciphers":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macs":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"banner":"none","forcecommand":"none","chrootdirectory":"none","trustedusercakeys":"none","revokedkeys":"none","authorizedprincipalsfile":"none","versionaddendum":"none","authorizedkeyscommand":"none","authorizedkeyscommanduser":"none","authorizedprincipalscommand":"none","authorizedprincipalscommanduser":"none","hostkeyagent":"none","kexalgorithms":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"hostbasedacceptedkeytypes":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"hostkeyalgorithms":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"pubkeyacceptedkeytypes":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"loglevel":"INFO","syslogfacility":"AUTHPRIV","authorizedkeysfile":[".ssh/authorized_keys"],"hostkey":["/etc/ssh/ssh_host_rsa_key","/etc/ssh/ssh_host_ecdsa_key","/etc/ssh/ssh_host_ed25519_key"],"acceptenv":["LANG","LC_CTYPE","LC_NUMERIC","LC_TIME","LC_COLLATE","LC_MONETARY","LC_MESSAGES","LC_PAPER","LC_NAME","LC_ADDRESS","LC_TELEPHONE","LC_MEASUREMENT","LC_IDENTIFICATION","LC_ALL","LANGUAGE","XMODIFIERS"],"authenticationmethods":"any","subsystem":"sftp","maxstartups":10,"permittunnel":"no","ipqos":["lowdelay","throughput"],"rekeylimit":0,"permitopen":["any"],"subsystem_command":"/usr/libexec/openssh/sftp-server","maxstartups_rate":30,"maxstartups_full":100,"rekeylimit_time":0} diff --git a/tests/fixtures/generic/sshd-T-centos7.out b/tests/fixtures/generic/sshd-T-2.out similarity index 100% rename from tests/fixtures/generic/sshd-T-centos7.out rename to tests/fixtures/generic/sshd-T-2.out diff --git a/tests/fixtures/generic/sshd-T.json b/tests/fixtures/generic/sshd-T.json new file mode 100644 index 00000000..ddde0e63 --- /dev/null +++ b/tests/fixtures/generic/sshd-T.json @@ -0,0 +1 @@ +{"acceptenv":["LANG","LC_*","test1","test2"],"addressfamily":"any","allowagentforwarding":"yes","allowstreamlocalforwarding":"yes","allowtcpforwarding":"yes","authenticationmethods":"any","authorizedkeyscommand":"none","authorizedkeyscommanduser":"none","authorizedkeysfile":[".ssh/authorized_keys",".ssh/authorized_keys2"],"authorizedprincipalscommand":"none","authorizedprincipalscommanduser":"none","authorizedprincipalsfile":"none","banner":"none","casignaturealgorithms":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"chrootdirectory":"none","ciphers":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com"],"ciphers_strategy":"+","clientalivecountmax":3,"clientaliveinterval":0,"compression":"yes","disableforwarding":"no","exposeauthinfo":"no","fingerprinthash":"SHA256","forcecommand":"none","gatewayports":"no","gssapiauthentication":"no","gssapicleanupcredentials":"yes","gssapikexalgorithms":["gss-group14-sha256-","gss-group16-sha512-","gss-nistp256-sha256-","gss-curve25519-sha256-","gss-group14-sha1-","gss-gex-sha1-"],"gssapikeyexchange":"no","gssapistorecredentialsonrekey":"no","gssapistrictacceptorcheck":"yes","hostbasedacceptedalgorithms":["ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"hostbasedauthentication":"no","hostbasedusesnamefrompacketonly":"no","hostkeyagent":"none","hostkeyalgorithms":["ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"hostkey":["/etc/ssh/ssh_host_ecdsa_key","/etc/ssh/ssh_host_ed25519_key","/etc/ssh/ssh_host_rsa_key"],"ignorerhosts":"yes","ignoreuserknownhosts":"no","ipqos":["lowdelay","throughput"],"kbdinteractiveauthentication":"no","kerberosauthentication":"no","kerberosorlocalpasswd":"yes","kerberosticketcleanup":"yes","kexalgorithms":["sntrup761x25519-sha512@openssh.com","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256"],"listenaddress":["0.0.0.0:22","[::]:22"],"logingracetime":120,"loglevel":"INFO","macs":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"macs_strategy":"^","maxauthtries":6,"maxsessions":10,"maxstartups":10,"modulifile":"/etc/ssh/moduli","passwordauthentication":"yes","permitemptypasswords":"no","permitlisten":["any"],"permitopen":["any"],"permitrootlogin":"without-password","permittty":"yes","permittunnel":"no","permituserenvironment":"no","permituserrc":"yes","persourcemaxstartups":"none","persourcenetblocksize":"32:128","pidfile":"/run/sshd.pid","port":[22],"printlastlog":"yes","printmotd":"no","pubkeyacceptedalgorithms":["ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"pubkeyauthentication":"yes","pubkeyauthoptions":"none","rekeylimit":0,"revokedkeys":"none","securitykeyprovider":"internal","streamlocalbindmask":"0177","streamlocalbindunlink":"no","strictmodes":"yes","subsystem":"sftp","syslogfacility":"AUTH","tcpkeepalive":"yes","trustedusercakeys":"none","usedns":"no","usepam":"yes","versionaddendum":"none","x11displayoffset":10,"x11forwarding":"yes","x11uselocalhost":"yes","xauthlocation":"/usr/bin/xauth","maxstartups_rate":30,"maxstartups_full":100,"rekeylimit_time":0,"subsystem_command":"/usr/lib/openssh/sftp-server"} diff --git a/tests/fixtures/generic/sshd_config.json b/tests/fixtures/generic/sshd_config.json new file mode 100644 index 00000000..21c1e832 --- /dev/null +++ b/tests/fixtures/generic/sshd_config.json @@ -0,0 +1 @@ +{"port":[22],"addressfamily":"any","listenaddress":["0.0.0.0","::"],"hostkey":["/etc/ssh/ssh_host_rsa_key","/etc/ssh/ssh_host_ecdsa_key","/etc/ssh/ssh_host_ed25519_key"],"syslogfacility":"AUTHPRIV","authorizedkeysfile":[".ssh/authorized_keys"],"passwordauthentication":"yes","challengeresponseauthentication":"no","gssapiauthentication":"yes","gssapicleanupcredentials":"no","usepam":"yes","x11forwarding":"yes","acceptenv":["LANG","LC_CTYPE","LC_NUMERIC","LC_TIME","LC_COLLATE","LC_MONETARY","LC_MESSAGES","LC_PAPER","LC_NAME","LC_ADDRESS","LC_TELEPHONE","LC_MEASUREMENT","LC_IDENTIFICATION","LC_ALL","LANGUAGE","XMODIFIERS"],"subsystem":"sftp","subsystem_command":"/usr/libexec/openssh/sftp-server"} diff --git a/tests/test_sshd_conf.py b/tests/test_sshd_conf.py new file mode 100644 index 00000000..c1769b8a --- /dev/null +++ b/tests/test_sshd_conf.py @@ -0,0 +1,64 @@ +import os +import unittest +import json +from typing import Dict +import jc.parsers.sshd_conf + +THIS_DIR = os.path.dirname(os.path.abspath(__file__)) + + +class MyTests(unittest.TestCase): + f_in: Dict = {} + f_json: Dict = {} + + @classmethod + def setUpClass(cls): + fixtures = { + 'sshd_t': ( + 'fixtures/generic/sshd-T.out', + 'fixtures/generic/sshd-T.json'), + 'sshd_t_2': ( + 'fixtures/generic/sshd-T-2.out', + 'fixtures/generic/sshd-T-2.json'), + 'sshd_config': ( + 'fixtures/generic/sshd_config', + 'fixtures/generic/sshd_config.json') + } + + for file, filepaths in fixtures.items(): + with open(os.path.join(THIS_DIR, filepaths[0]), 'r', encoding='utf-8') as a, \ + open(os.path.join(THIS_DIR, filepaths[1]), 'r', encoding='utf-8') as b: + cls.f_in[file] = a.read() + cls.f_json[file] = json.loads(b.read()) + + + def test_sshd_conf_nodata(self): + """ + Test 'sshd_conf' with no data + """ + self.assertEqual(jc.parsers.sshd_conf.parse('', quiet=True), {}) + + def test_sshd_T(self): + """ + Test 'sshd -T' + """ + self.assertEqual(jc.parsers.sshd_conf.parse(self.f_in['sshd_t'], quiet=True), + self.f_json['sshd_t']) + + def test_sshd_T_2(self): + """ + Test 'sshd -T' with another sample + """ + self.assertEqual(jc.parsers.sshd_conf.parse(self.f_in['sshd_t_2'], quiet=True), + self.f_json['sshd_t_2']) + + def test_sshd_config(self): + """ + Test 'cat sshd_config' + """ + self.assertEqual(jc.parsers.sshd_conf.parse(self.f_in['sshd_config'], quiet=True), + self.f_json['sshd_config']) + + +if __name__ == '__main__': + unittest.main()