python/jc
1
0
Fork 0
mirror of https://github.com/kellyjonbrazil/jc.git synced 2025-06-17 00:07:37 +02:00
Code Issues Releases Activity

add sshd_conf tests

Browse Source
This commit is contained in:
Kelly Brazil
2022-10-31 09:32:58 -07:00
parent dc4620eeb2
commit a384eb4c15
5 changed files with 67 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tests/fixtures/generic/sshd-T-2.json vendored Normal file
View File

@ -0,0 +1 @@
{"port":[22],"addressfamily":"any","listenaddress":["[::]:22","0.0.0.0:22"],"usepam":"yes","logingracetime":120,"x11displayoffset":10,"x11maxdisplays":1000,"maxauthtries":6,"maxsessions":10,"clientaliveinterval":0,"clientalivecountmax":3,"streamlocalbindmask":"0177","permitrootlogin":"yes","ignorerhosts":"yes","ignoreuserknownhosts":"no","hostbasedauthentication":"no","hostbasedusesnamefrompacketonly":"no","pubkeyauthentication":"yes","kerberosauthentication":"no","kerberosorlocalpasswd":"yes","kerberosticketcleanup":"yes","gssapiauthentication":"yes","gssapicleanupcredentials":"no","gssapikeyexchange":"no","gssapistrictacceptorcheck":"yes","gssapistorecredentialsonrekey":"no","gssapikexalgorithms":["gss-gex-sha1-","gss-group1-sha1-","gss-group14-sha1-"],"passwordauthentication":"yes","kbdinteractiveauthentication":"no","challengeresponseauthentication":"no","printmotd":"yes","printlastlog":"yes","x11forwarding":"yes","x11uselocalhost":"yes","permittty":"yes","permituserrc":"yes","strictmodes":"yes","tcpkeepalive":"yes","permitemptypasswords":"no","permituserenvironment":"no","compression":"yes","gatewayports":"no","showpatchlevel":"no","usedns":"yes","allowtcpforwarding":"yes","allowagentforwarding":"yes","disableforwarding":"no","allowstreamlocalforwarding":"yes","streamlocalbindunlink":"no","useprivilegeseparation":"sandbox","kerberosusekuserok":"yes","gssapienablek5users":"no","exposeauthenticationmethods":"never","fingerprinthash":"SHA256","pidfile":"/var/run/sshd.pid","xauthlocation":"/usr/bin/xauth","ciphers":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macs":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"banner":"none","forcecommand":"none","chrootdirectory":"none","trustedusercakeys":"none","revokedkeys":"none","authorizedprincipalsfile":"none","versionaddendum":"none","authorizedkeyscommand":"none","authorizedkeyscommanduser":"none","authorizedprincipalscommand":"none","authorizedprincipalscommanduser":"none","hostkeyagent":"none","kexalgorithms":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"hostbasedacceptedkeytypes":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"hostkeyalgorithms":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"pubkeyacceptedkeytypes":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"loglevel":"INFO","syslogfacility":"AUTHPRIV","authorizedkeysfile":[".ssh/authorized_keys"],"hostkey":["/etc/ssh/ssh_host_rsa_key","/etc/ssh/ssh_host_ecdsa_key","/etc/ssh/ssh_host_ed25519_key"],"acceptenv":["LANG","LC_CTYPE","LC_NUMERIC","LC_TIME","LC_COLLATE","LC_MONETARY","LC_MESSAGES","LC_PAPER","LC_NAME","LC_ADDRESS","LC_TELEPHONE","LC_MEASUREMENT","LC_IDENTIFICATION","LC_ALL","LANGUAGE","XMODIFIERS"],"authenticationmethods":"any","subsystem":"sftp","maxstartups":10,"permittunnel":"no","ipqos":["lowdelay","throughput"],"rekeylimit":0,"permitopen":["any"],"subsystem_command":"/usr/libexec/openssh/sftp-server","maxstartups_rate":30,"maxstartups_full":100,"rekeylimit_time":0}

0
tests/fixtures/generic/sshd-T-centos7.out → tests/fixtures/generic/sshd-T-2.out vendored
View File

1
tests/fixtures/generic/sshd-T.json vendored Normal file
View File

@ -0,0 +1 @@
{"acceptenv":["LANG","LC_*","test1","test2"],"addressfamily":"any","allowagentforwarding":"yes","allowstreamlocalforwarding":"yes","allowtcpforwarding":"yes","authenticationmethods":"any","authorizedkeyscommand":"none","authorizedkeyscommanduser":"none","authorizedkeysfile":[".ssh/authorized_keys",".ssh/authorized_keys2"],"authorizedprincipalscommand":"none","authorizedprincipalscommanduser":"none","authorizedprincipalsfile":"none","banner":"none","casignaturealgorithms":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"chrootdirectory":"none","ciphers":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com"],"ciphers_strategy":"+","clientalivecountmax":3,"clientaliveinterval":0,"compression":"yes","disableforwarding":"no","exposeauthinfo":"no","fingerprinthash":"SHA256","forcecommand":"none","gatewayports":"no","gssapiauthentication":"no","gssapicleanupcredentials":"yes","gssapikexalgorithms":["gss-group14-sha256-","gss-group16-sha512-","gss-nistp256-sha256-","gss-curve25519-sha256-","gss-group14-sha1-","gss-gex-sha1-"],"gssapikeyexchange":"no","gssapistorecredentialsonrekey":"no","gssapistrictacceptorcheck":"yes","hostbasedacceptedalgorithms":["ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"hostbasedauthentication":"no","hostbasedusesnamefrompacketonly":"no","hostkeyagent":"none","hostkeyalgorithms":["ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"hostkey":["/etc/ssh/ssh_host_ecdsa_key","/etc/ssh/ssh_host_ed25519_key","/etc/ssh/ssh_host_rsa_key"],"ignorerhosts":"yes","ignoreuserknownhosts":"no","ipqos":["lowdelay","throughput"],"kbdinteractiveauthentication":"no","kerberosauthentication":"no","kerberosorlocalpasswd":"yes","kerberosticketcleanup":"yes","kexalgorithms":["sntrup761x25519-sha512@openssh.com","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256"],"listenaddress":["0.0.0.0:22","[::]:22"],"logingracetime":120,"loglevel":"INFO","macs":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"macs_strategy":"^","maxauthtries":6,"maxsessions":10,"maxstartups":10,"modulifile":"/etc/ssh/moduli","passwordauthentication":"yes","permitemptypasswords":"no","permitlisten":["any"],"permitopen":["any"],"permitrootlogin":"without-password","permittty":"yes","permittunnel":"no","permituserenvironment":"no","permituserrc":"yes","persourcemaxstartups":"none","persourcenetblocksize":"32:128","pidfile":"/run/sshd.pid","port":[22],"printlastlog":"yes","printmotd":"no","pubkeyacceptedalgorithms":["ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"pubkeyauthentication":"yes","pubkeyauthoptions":"none","rekeylimit":0,"revokedkeys":"none","securitykeyprovider":"internal","streamlocalbindmask":"0177","streamlocalbindunlink":"no","strictmodes":"yes","subsystem":"sftp","syslogfacility":"AUTH","tcpkeepalive":"yes","trustedusercakeys":"none","usedns":"no","usepam":"yes","versionaddendum":"none","x11displayoffset":10,"x11forwarding":"yes","x11uselocalhost":"yes","xauthlocation":"/usr/bin/xauth","maxstartups_rate":30,"maxstartups_full":100,"rekeylimit_time":0,"subsystem_command":"/usr/lib/openssh/sftp-server"}

1
tests/fixtures/generic/sshd_config.json vendored Normal file
View File

@ -0,0 +1 @@
{"port":[22],"addressfamily":"any","listenaddress":["0.0.0.0","::"],"hostkey":["/etc/ssh/ssh_host_rsa_key","/etc/ssh/ssh_host_ecdsa_key","/etc/ssh/ssh_host_ed25519_key"],"syslogfacility":"AUTHPRIV","authorizedkeysfile":[".ssh/authorized_keys"],"passwordauthentication":"yes","challengeresponseauthentication":"no","gssapiauthentication":"yes","gssapicleanupcredentials":"no","usepam":"yes","x11forwarding":"yes","acceptenv":["LANG","LC_CTYPE","LC_NUMERIC","LC_TIME","LC_COLLATE","LC_MONETARY","LC_MESSAGES","LC_PAPER","LC_NAME","LC_ADDRESS","LC_TELEPHONE","LC_MEASUREMENT","LC_IDENTIFICATION","LC_ALL","LANGUAGE","XMODIFIERS"],"subsystem":"sftp","subsystem_command":"/usr/libexec/openssh/sftp-server"}

64
tests/test_sshd_conf.py Normal file
View File

@ -0,0 +1,64 @@
import os
import unittest
import json
from typing import Dict
import jc.parsers.sshd_conf
THIS_DIR = os.path.dirname(os.path.abspath(__file__))
class MyTests(unittest.TestCase):
f_in: Dict = {}
f_json: Dict = {}
@classmethod
def setUpClass(cls):
fixtures = {
'sshd_t': (
'fixtures/generic/sshd-T.out',
'fixtures/generic/sshd-T.json'),
'sshd_t_2': (
'fixtures/generic/sshd-T-2.out',
'fixtures/generic/sshd-T-2.json'),
'sshd_config': (
'fixtures/generic/sshd_config',
'fixtures/generic/sshd_config.json')
}
for file, filepaths in fixtures.items():
with open(os.path.join(THIS_DIR, filepaths[0]), 'r', encoding='utf-8') as a, \
open(os.path.join(THIS_DIR, filepaths[1]), 'r', encoding='utf-8') as b:
cls.f_in[file] = a.read()
cls.f_json[file] = json.loads(b.read())
def test_sshd_conf_nodata(self):
"""
Test 'sshd_conf' with no data
"""
self.assertEqual(jc.parsers.sshd_conf.parse('', quiet=True), {})
def test_sshd_T(self):
"""
Test 'sshd -T'
"""
self.assertEqual(jc.parsers.sshd_conf.parse(self.f_in['sshd_t'], quiet=True),
self.f_json['sshd_t'])
def test_sshd_T_2(self):
"""
Test 'sshd -T' with another sample
"""
self.assertEqual(jc.parsers.sshd_conf.parse(self.f_in['sshd_t_2'], quiet=True),
self.f_json['sshd_t_2'])
def test_sshd_config(self):
"""
Test 'cat sshd_config'
"""
self.assertEqual(jc.parsers.sshd_conf.parse(self.f_in['sshd_config'], quiet=True),
self.f_json['sshd_config'])
if __name__ == '__main__':
unittest.main()