MCPcopy
hub / github.com/jtesta/ssh-audit / Policy

Class Policy

src/ssh_audit/policy.py:40–675  ·  view source on GitHub ↗

Source from the content-addressed store, hash-verified

38
39# Validates policy files and performs policy testing
40class Policy:
41
42 WARNING_DEPRECATED_DIRECTIVES = "\nWARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.\n"
43
44 def __init__(self, policy_file: Optional[str] = None, policy_data: Optional[str] = None, manual_load: bool = False, json_output: bool = False) -> None:
45 self._name: Optional[str] = None
46 self._version: Optional[str] = None
47 self._banner: Optional[str] = None
48 self._compressions: Optional[List[str]] = None
49 self._host_keys: Optional[List[str]] = None
50 self._optional_host_keys: Optional[List[str]] = None
51 self._kex: Optional[List[str]] = None
52 self._ciphers: Optional[List[str]] = None
53 self._macs: Optional[List[str]] = None
54 self._hostkey_sizes: Optional[Dict[str, Dict[str, Union[int, str, bytes]]]] = None
55 self._dh_modulus_sizes: Optional[Dict[str, int]] = None
56 self._server_policy = True
57 self._allow_algorithm_subset_and_reordering = False
58 self._allow_larger_keys = False
59 self._errors: List[Any] = []
60 self._updated_builtin_policy_available = False # If True, an outdated built-in policy was loaded.
61
62 self._name_and_version: str = ''
63
64 # If invoked while JSON output is expected, send warnings to stderr instead of stdout (which would corrupt the JSON output).
65 if json_output:
66 self._warning_target = sys.stderr
67 else:
68 self._warning_target = sys.stdout
69
70 # Ensure that only one mode was specified.
71 num_modes = 0
72 if policy_file is not None:
73 num_modes += 1
74 if policy_data is not None:
75 num_modes += 1
76 if manual_load is True:
77 num_modes += 1
78
79 if num_modes != 1:
80 raise RuntimeError('Exactly one of the following can be specified only: policy_file, policy_data, or manual_load')
81
82 if manual_load:
83 return
84
85 if policy_file is not None:
86 try:
87 with open(policy_file, "r", encoding='utf-8') as f:
88 policy_data = f.read()
89 except FileNotFoundError:
90 print("Error: policy file not found: %s" % policy_file)
91 sys.exit(exitcodes.UNKNOWN_ERROR)
92 except PermissionError as e:
93 # If installed as a Snap package, print a more useful message with potential work-arounds.
94 if SNAP_PACKAGE:
95 print(SNAP_PERMISSIONS_ERROR)
96 else:
97 print("Error: insufficient permissions: %s" % str(e))

Callers 2

process_commandlineFunction · 0.90
load_builtin_policyMethod · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected