From 399a08775e189ad4fe654763fc9817946174d29c Mon Sep 17 00:00:00 2001 From: Kota Kanbe Date: Thu, 31 May 2018 12:39:46 +0900 Subject: [PATCH] feat(scan): add -ssh-config option #417 (#660) --- commands/configtest.go | 9 +++++++++ commands/scan.go | 9 +++++++++ config/config.go | 4 +++- scan/executil.go | 38 +++++++++++++++++++++----------------- 4 files changed, 42 insertions(+), 18 deletions(-) diff --git a/commands/configtest.go b/commands/configtest.go index e3024b0f..c75bd34c 100644 --- a/commands/configtest.go +++ b/commands/configtest.go @@ -37,6 +37,7 @@ type ConfigtestCmd struct { askKeyPassword bool containersOnly bool sshNative bool + sshConfig bool httpProxy string timeoutSec int @@ -122,6 +123,12 @@ func (p *ConfigtestCmd) SetFlags(f *flag.FlagSet) { false, "Use Native Go implementation of SSH. Default: Use the external command") + f.BoolVar( + &p.sshConfig, + "ssh-config", + false, + "Use SSH options specified in ssh_config preferentially") + f.BoolVar( &p.containersOnly, "containers-only", @@ -161,6 +168,8 @@ func (p *ConfigtestCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interfa return subcommands.ExitUsageError } c.Conf.SSHNative = p.sshNative + c.Conf.SSHConfig = p.sshConfig + c.Conf.HTTPProxy = p.httpProxy c.Conf.ContainersOnly = p.containersOnly diff --git a/commands/scan.go b/commands/scan.go index bcf890c1..413f7fb3 100644 --- a/commands/scan.go +++ b/commands/scan.go @@ -48,6 +48,7 @@ type ScanCmd struct { deep bool skipBroken bool sshNative bool + sshConfig bool pipe bool vvv bool timeoutSec int @@ -72,6 +73,7 @@ func (*ScanCmd) Usage() string { [-log-dir=/path/to/log] [-cachedb-path=/path/to/cache.db] [-ssh-native-insecure] + [-ssh-config] [-containers-only] [-skip-broken] [-http-proxy=http://192.168.0.1:8080] @@ -114,6 +116,12 @@ func (p *ScanCmd) SetFlags(f *flag.FlagSet) { false, "Use Native Go implementation of SSH. Default: Use the external command") + f.BoolVar( + &p.sshConfig, + "ssh-config", + false, + "Use SSH options specified in ssh_config preferentially") + f.BoolVar( &p.containersOnly, "containers-only", @@ -254,6 +262,7 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) c.Conf.ResultsDir = p.resultsDir c.Conf.CacheDBPath = p.cacheDBPath c.Conf.SSHNative = p.sshNative + c.Conf.SSHConfig = p.sshConfig c.Conf.HTTPProxy = p.httpProxy c.Conf.ContainersOnly = p.containersOnly c.Conf.SkipBroken = p.skipBroken diff --git a/config/config.go b/config/config.go index a87d3606..c70dec75 100644 --- a/config/config.go +++ b/config/config.go @@ -107,7 +107,9 @@ type Config struct { IgnoreUnscoredCves bool IgnoreUnfixed bool - SSHNative bool + SSHNative bool + SSHConfig bool + ContainersOnly bool Fast bool Offline bool diff --git a/scan/executil.go b/scan/executil.go index e90913b9..1a83e21c 100644 --- a/scan/executil.go +++ b/scan/executil.go @@ -271,25 +271,29 @@ func sshExecExternal(c conf.ServerInfo, cmd string, sudo bool) (result execResul return sshExecNative(c, cmd, sudo) } - home, err := homedir.Dir() - if err != nil { - msg := fmt.Sprintf("Failed to get HOME directory: %s", err) - result.Stderr = msg - result.ExitStatus = 997 - return - } - controlPath := filepath.Join(home, ".vuls", `controlmaster-%r-`+c.ServerName+`.%p`) + defaultSSHArgs := []string{"-tt"} - defaultSSHArgs := []string{ - "-tt", - "-o", "StrictHostKeyChecking=yes", - "-o", "LogLevel=quiet", - "-o", "ConnectionAttempts=3", - "-o", "ConnectTimeout=10", - "-o", "ControlMaster=auto", - "-o", fmt.Sprintf("ControlPath=%s", controlPath), - "-o", "Controlpersist=10m", + if !conf.Conf.SSHConfig { + home, err := homedir.Dir() + if err != nil { + msg := fmt.Sprintf("Failed to get HOME directory: %s", err) + result.Stderr = msg + result.ExitStatus = 997 + return + } + controlPath := filepath.Join(home, ".vuls", `controlmaster-%r-`+c.ServerName+`.%p`) + + defaultSSHArgs = append(defaultSSHArgs, + "-o", "StrictHostKeyChecking=yes", + "-o", "LogLevel=quiet", + "-o", "ConnectionAttempts=3", + "-o", "ConnectTimeout=10", + "-o", "ControlMaster=auto", + "-o", fmt.Sprintf("ControlPath=%s", controlPath), + "-o", "Controlpersist=10m", + ) } + if conf.Conf.Vvv { defaultSSHArgs = append(defaultSSHArgs, "-vvv") }