MCPcopy
hub / github.com/jtesta/ssh-audit / evaluate_policy

Function evaluate_policy

src/ssh_audit/ssh_audit.py:666–715  ·  view source on GitHub ↗
(out: OutputBuffer, aconf: AuditConf, banner: Optional['Banner'], client_host: Optional[str], kex: Optional['SSH2_Kex'] = None)

Source from the content-addressed store, hash-verified

664
665
666def evaluate_policy(out: OutputBuffer, aconf: AuditConf, banner: Optional['Banner'], client_host: Optional[str], kex: Optional['SSH2_Kex'] = None) -> bool:
667
668 if aconf.policy is None:
669 raise RuntimeError('Internal error: cannot evaluate against null Policy!')
670
671 passed, error_struct, error_str = aconf.policy.evaluate(banner, kex)
672 if aconf.json:
673 warnings: List[str] = []
674 if aconf.policy.is_outdated_builtin_policy():
675 warnings.append("A newer version of this built-in policy is available.")
676
677 json_struct = {'host': aconf.host, 'port': aconf.port, 'policy': aconf.policy.get_name_and_version(), 'passed': passed, 'errors': error_struct, 'warnings': warnings}
678
679 out.info(json.dumps(json_struct, indent=4 if aconf.json_print_indent else None, sort_keys=True))
680 else:
681 spacing = ''
682 if aconf.client_audit:
683 out.info("Client IP: %s" % client_host)
684 spacing = " " # So the fields below line up with 'Client IP: '.
685 else:
686 host = aconf.host
687 if aconf.port != 22:
688 # Check if this is an IPv6 address, as that is printed in a different format.
689 if Utils.is_ipv6_address(aconf.host):
690 host = '[%s]:%d' % (aconf.host, aconf.port)
691 else:
692 host = '%s:%d' % (aconf.host, aconf.port)
693
694 out.info("Host: %s" % host)
695 out.info("Policy: %s%s" % (spacing, aconf.policy.get_name_and_version()))
696 out.info("Result: %s" % spacing, line_ended=False)
697
698 # Use these nice unicode characters in the result message, unless we're on Windows (the cmd.exe terminal doesn't display them properly).
699 icon_good = "✔ "
700 icon_fail = "❌ "
701 if Utils.is_windows():
702 icon_good = ""
703 icon_fail = ""
704
705 if passed:
706 out.good("%sPassed" % icon_good)
707 else:
708 out.fail("%sFailed!" % icon_fail)
709 out.warn("\nErrors:\n%s" % error_str)
710
711 # If the user selected an out-dated built-in policy then issue a warning.
712 if aconf.policy.is_outdated_builtin_policy():
713 out.warn("Note: A newer version of this built-in policy is available. Use the -L option to view all available versions.")
714
715 return passed
716
717
718def get_algorithm_recommendations(algs: Optional[Algorithms], algorithm_recommendation_suppress_list: Optional[List[str]], software: Optional[Software], for_server: bool = True) -> Dict[str, Any]:

Callers 1

auditFunction · 0.85

Calls 9

evaluateMethod · 0.80
get_name_and_versionMethod · 0.80
infoMethod · 0.80
is_ipv6_addressMethod · 0.80
is_windowsMethod · 0.80
goodMethod · 0.80
failMethod · 0.80
warnMethod · 0.80

Tested by

no test coverage detected