mirror of
https://github.com/appleboy/drone-scp.git
synced 2026-06-04 10:15:05 +08:00
chore: Support UseInsecureCipher (#115)
This commit is contained in:
Bo-Yi Wu
@@ -4,7 +4,7 @@ go 1.14
|
||||
|
||||
require (
|
||||
github.com/appleboy/com v0.0.6
|
||||
github.com/appleboy/easyssh-proxy v1.3.5
|
||||
github.com/appleboy/easyssh-proxy v1.3.7
|
||||
github.com/fatih/color v1.9.0
|
||||
github.com/joho/godotenv v1.3.0
|
||||
github.com/stretchr/testify v1.5.1
|
||||
|
||||
@@ -3,8 +3,8 @@ github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681 h1:JS2rl38kZmHgWa0
|
||||
github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681/go.mod h1:WfDateMPQ/55dPbZRp5Zxrux5WiEaHsjk9puUhz0KgY=
|
||||
github.com/appleboy/com v0.0.6 h1:l8cZ0aQJU/SWyL79ciYAJeqV835PRdlZ6efiPhus5Ic=
|
||||
github.com/appleboy/com v0.0.6/go.mod h1:jnufjIC3opMlReyPPPye+8JqNvUzLm25o7h6SOy8nv0=
|
||||
github.com/appleboy/easyssh-proxy v1.3.5 h1:EGTCbqAVRcGKHQMFSxz30lQmb+0nXL+jUiCrg/FjHQM=
|
||||
github.com/appleboy/easyssh-proxy v1.3.5/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
|
||||
github.com/appleboy/easyssh-proxy v1.3.7 h1:4XsChI8PuAd6jwTIKvTCH97vWmknvMJGxYi0PLiULG8=
|
||||
github.com/appleboy/easyssh-proxy v1.3.7/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
|
||||
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
|
||||
|
||||
@@ -22,12 +22,10 @@ func main() {
|
||||
_ = godotenv.Load(filename)
|
||||
}
|
||||
|
||||
defaultCiphers := []string{"aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc"}
|
||||
|
||||
app := cli.NewApp()
|
||||
app.Name = "Drone SCP"
|
||||
app.Usage = "Copy files and artifacts via SSH."
|
||||
app.Copyright = "Copyright (c) 2019 Bo-Yi Wu"
|
||||
app.Copyright = "Copyright (c) 2020 Bo-Yi Wu"
|
||||
app.Version = Version
|
||||
app.Authors = []*cli.Author{
|
||||
{
|
||||
@@ -64,7 +62,11 @@ func main() {
|
||||
Name: "ciphers",
|
||||
Usage: "The allowed cipher algorithms. If unspecified then a sensible",
|
||||
EnvVars: []string{"PLUGIN_CIPHERS", "SSH_CIPHERS", "CIPHERS", "INPUT_CIPHERS"},
|
||||
Value: cli.NewStringSlice(defaultCiphers...),
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "useInsecureCipher",
|
||||
Usage: "include more ciphers with use_insecure_cipher",
|
||||
EnvVars: []string{"PLUGIN_USE_INSECURE_CIPHER", "SSH_USE_INSECURE_CIPHER", "USE_INSECURE_CIPHER", "INPUT_USE_INSECURE_CIPHER"},
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "fingerprint",
|
||||
@@ -201,7 +203,11 @@ func main() {
|
||||
Name: "proxy.ciphers",
|
||||
Usage: "The allowed cipher algorithms. If unspecified then a sensible",
|
||||
EnvVars: []string{"PLUGIN_PROXY_CIPHERS", "PROXY_SSH_CIPHERS", "PROXY_CIPHERS", "INPUT_PROXY_CIPHERS"},
|
||||
Value: cli.NewStringSlice(defaultCiphers...),
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "proxy.useInsecureCipher",
|
||||
Usage: "include more ciphers with use_insecure_cipher",
|
||||
EnvVars: []string{"PLUGIN_PROXY_USE_INSECURE_CIPHER", "SSH_PROXY_USE_INSECURE_CIPHER", "PROXY_USE_INSECURE_CIPHER", "INPUT_PROXY_USE_INSECURE_CIPHER"},
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "proxy.fingerprint",
|
||||
@@ -302,36 +308,38 @@ func run(c *cli.Context) error {
|
||||
Link: c.String("build.link"),
|
||||
},
|
||||
Config: Config{
|
||||
Host: c.StringSlice("host"),
|
||||
Port: c.String("port"),
|
||||
Username: c.String("username"),
|
||||
Password: c.String("password"),
|
||||
Passphrase: c.String("ssh-passphrase"),
|
||||
Fingerprint: c.String("fingerprint"),
|
||||
Timeout: c.Duration("timeout"),
|
||||
CommandTimeout: c.Duration("command.timeout"),
|
||||
Key: c.String("ssh-key"),
|
||||
KeyPath: c.String("key-path"),
|
||||
Target: c.StringSlice("target"),
|
||||
Source: c.StringSlice("source"),
|
||||
Remove: c.Bool("rm"),
|
||||
Debug: c.Bool("debug"),
|
||||
StripComponents: c.Int("strip.components"),
|
||||
TarExec: c.String("tar.exec"),
|
||||
TarTmpPath: c.String("tar.tmp-path"),
|
||||
Overwrite: c.Bool("overwrite"),
|
||||
Ciphers: c.StringSlice("ciphers"),
|
||||
Host: c.StringSlice("host"),
|
||||
Port: c.String("port"),
|
||||
Username: c.String("username"),
|
||||
Password: c.String("password"),
|
||||
Passphrase: c.String("ssh-passphrase"),
|
||||
Fingerprint: c.String("fingerprint"),
|
||||
Timeout: c.Duration("timeout"),
|
||||
CommandTimeout: c.Duration("command.timeout"),
|
||||
Key: c.String("ssh-key"),
|
||||
KeyPath: c.String("key-path"),
|
||||
Target: c.StringSlice("target"),
|
||||
Source: c.StringSlice("source"),
|
||||
Remove: c.Bool("rm"),
|
||||
Debug: c.Bool("debug"),
|
||||
StripComponents: c.Int("strip.components"),
|
||||
TarExec: c.String("tar.exec"),
|
||||
TarTmpPath: c.String("tar.tmp-path"),
|
||||
Overwrite: c.Bool("overwrite"),
|
||||
Ciphers: c.StringSlice("ciphers"),
|
||||
UseInsecureCipher: c.Bool("useInsecureCipher"),
|
||||
Proxy: easyssh.DefaultConfig{
|
||||
Key: c.String("proxy.ssh-key"),
|
||||
Passphrase: c.String("proxy.ssh-passphrase"),
|
||||
Fingerprint: c.String("proxy.fingerprint"),
|
||||
KeyPath: c.String("proxy.key-path"),
|
||||
User: c.String("proxy.username"),
|
||||
Password: c.String("proxy.password"),
|
||||
Server: c.String("proxy.host"),
|
||||
Port: c.String("proxy.port"),
|
||||
Timeout: c.Duration("proxy.timeout"),
|
||||
Ciphers: c.StringSlice("proxy.ciphers"),
|
||||
Key: c.String("proxy.ssh-key"),
|
||||
Passphrase: c.String("proxy.ssh-passphrase"),
|
||||
Fingerprint: c.String("proxy.fingerprint"),
|
||||
KeyPath: c.String("proxy.key-path"),
|
||||
User: c.String("proxy.username"),
|
||||
Password: c.String("proxy.password"),
|
||||
Server: c.String("proxy.host"),
|
||||
Port: c.String("proxy.port"),
|
||||
Timeout: c.Duration("proxy.timeout"),
|
||||
Ciphers: c.StringSlice("proxy.ciphers"),
|
||||
UseInsecureCipher: c.Bool("proxy.useInsecureCipher"),
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
@@ -45,26 +45,27 @@ type (
|
||||
|
||||
// Config for the plugin.
|
||||
Config struct {
|
||||
Host []string
|
||||
Port string
|
||||
Username string
|
||||
Password string
|
||||
Key string
|
||||
Passphrase string
|
||||
Fingerprint string
|
||||
KeyPath string
|
||||
Timeout time.Duration
|
||||
CommandTimeout time.Duration
|
||||
Target []string
|
||||
Source []string
|
||||
Remove bool
|
||||
StripComponents int
|
||||
TarExec string
|
||||
TarTmpPath string
|
||||
Proxy easyssh.DefaultConfig
|
||||
Debug bool
|
||||
Overwrite bool
|
||||
Ciphers []string
|
||||
Host []string
|
||||
Port string
|
||||
Username string
|
||||
Password string
|
||||
Key string
|
||||
Passphrase string
|
||||
Fingerprint string
|
||||
KeyPath string
|
||||
Timeout time.Duration
|
||||
CommandTimeout time.Duration
|
||||
Target []string
|
||||
Source []string
|
||||
Remove bool
|
||||
StripComponents int
|
||||
TarExec string
|
||||
TarTmpPath string
|
||||
Proxy easyssh.DefaultConfig
|
||||
Debug bool
|
||||
Overwrite bool
|
||||
Ciphers []string
|
||||
UseInsecureCipher bool
|
||||
}
|
||||
|
||||
// Plugin values.
|
||||
@@ -167,27 +168,29 @@ func (p *Plugin) removeDestFile(ssh *easyssh.MakeConfig) error {
|
||||
func (p *Plugin) removeAllDestFile() error {
|
||||
for _, host := range p.Config.Host {
|
||||
ssh := &easyssh.MakeConfig{
|
||||
Server: host,
|
||||
User: p.Config.Username,
|
||||
Password: p.Config.Password,
|
||||
Port: p.Config.Port,
|
||||
Key: p.Config.Key,
|
||||
KeyPath: p.Config.KeyPath,
|
||||
Passphrase: p.Config.Passphrase,
|
||||
Timeout: p.Config.Timeout,
|
||||
Ciphers: p.Config.Ciphers,
|
||||
Fingerprint: p.Config.Fingerprint,
|
||||
Server: host,
|
||||
User: p.Config.Username,
|
||||
Password: p.Config.Password,
|
||||
Port: p.Config.Port,
|
||||
Key: p.Config.Key,
|
||||
KeyPath: p.Config.KeyPath,
|
||||
Passphrase: p.Config.Passphrase,
|
||||
Timeout: p.Config.Timeout,
|
||||
Ciphers: p.Config.Ciphers,
|
||||
Fingerprint: p.Config.Fingerprint,
|
||||
UseInsecureCipher: p.Config.UseInsecureCipher,
|
||||
Proxy: easyssh.DefaultConfig{
|
||||
Server: p.Config.Proxy.Server,
|
||||
User: p.Config.Proxy.User,
|
||||
Password: p.Config.Proxy.Password,
|
||||
Port: p.Config.Proxy.Port,
|
||||
Key: p.Config.Proxy.Key,
|
||||
KeyPath: p.Config.Proxy.KeyPath,
|
||||
Passphrase: p.Config.Proxy.Passphrase,
|
||||
Timeout: p.Config.Proxy.Timeout,
|
||||
Ciphers: p.Config.Proxy.Ciphers,
|
||||
Fingerprint: p.Config.Proxy.Fingerprint,
|
||||
Server: p.Config.Proxy.Server,
|
||||
User: p.Config.Proxy.User,
|
||||
Password: p.Config.Proxy.Password,
|
||||
Port: p.Config.Proxy.Port,
|
||||
Key: p.Config.Proxy.Key,
|
||||
KeyPath: p.Config.Proxy.KeyPath,
|
||||
Passphrase: p.Config.Proxy.Passphrase,
|
||||
Timeout: p.Config.Proxy.Timeout,
|
||||
Ciphers: p.Config.Proxy.Ciphers,
|
||||
Fingerprint: p.Config.Proxy.Fingerprint,
|
||||
UseInsecureCipher: p.Config.Proxy.UseInsecureCipher,
|
||||
},
|
||||
}
|
||||
|
||||
@@ -281,27 +284,29 @@ func (p *Plugin) Exec() error {
|
||||
go func(host string) {
|
||||
// Create MakeConfig instance with remote username, server address and path to private key.
|
||||
ssh := &easyssh.MakeConfig{
|
||||
Server: host,
|
||||
User: p.Config.Username,
|
||||
Password: p.Config.Password,
|
||||
Port: p.Config.Port,
|
||||
Key: p.Config.Key,
|
||||
KeyPath: p.Config.KeyPath,
|
||||
Passphrase: p.Config.Passphrase,
|
||||
Timeout: p.Config.Timeout,
|
||||
Ciphers: p.Config.Ciphers,
|
||||
Fingerprint: p.Config.Fingerprint,
|
||||
Server: host,
|
||||
User: p.Config.Username,
|
||||
Password: p.Config.Password,
|
||||
Port: p.Config.Port,
|
||||
Key: p.Config.Key,
|
||||
KeyPath: p.Config.KeyPath,
|
||||
Passphrase: p.Config.Passphrase,
|
||||
Timeout: p.Config.Timeout,
|
||||
Ciphers: p.Config.Ciphers,
|
||||
Fingerprint: p.Config.Fingerprint,
|
||||
UseInsecureCipher: p.Config.UseInsecureCipher,
|
||||
Proxy: easyssh.DefaultConfig{
|
||||
Server: p.Config.Proxy.Server,
|
||||
User: p.Config.Proxy.User,
|
||||
Password: p.Config.Proxy.Password,
|
||||
Port: p.Config.Proxy.Port,
|
||||
Key: p.Config.Proxy.Key,
|
||||
KeyPath: p.Config.Proxy.KeyPath,
|
||||
Passphrase: p.Config.Proxy.Passphrase,
|
||||
Timeout: p.Config.Proxy.Timeout,
|
||||
Ciphers: p.Config.Proxy.Ciphers,
|
||||
Fingerprint: p.Config.Proxy.Fingerprint,
|
||||
Server: p.Config.Proxy.Server,
|
||||
User: p.Config.Proxy.User,
|
||||
Password: p.Config.Proxy.Password,
|
||||
Port: p.Config.Proxy.Port,
|
||||
Key: p.Config.Proxy.Key,
|
||||
KeyPath: p.Config.Proxy.KeyPath,
|
||||
Passphrase: p.Config.Proxy.Passphrase,
|
||||
Timeout: p.Config.Proxy.Timeout,
|
||||
Ciphers: p.Config.Proxy.Ciphers,
|
||||
Fingerprint: p.Config.Proxy.Fingerprint,
|
||||
UseInsecureCipher: p.Config.Proxy.UseInsecureCipher,
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@@ -371,6 +371,40 @@ func TestStripComponentsFlag(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestUseInsecureCipherFlag(t *testing.T) {
|
||||
u, err := user.Lookup("drone-scp")
|
||||
if err != nil {
|
||||
t.Fatalf("Lookup: %v", err)
|
||||
}
|
||||
|
||||
plugin := Plugin{
|
||||
Config: Config{
|
||||
Host: []string{"localhost"},
|
||||
Username: "drone-scp",
|
||||
Port: "22",
|
||||
KeyPath: "tests/.ssh/id_rsa",
|
||||
Source: []string{"tests/global/*"},
|
||||
StripComponents: 2,
|
||||
Target: []string{filepath.Join(u.HomeDir, "123")},
|
||||
CommandTimeout: 60 * time.Second,
|
||||
TarExec: "tar",
|
||||
UseInsecureCipher: true,
|
||||
},
|
||||
}
|
||||
|
||||
err = plugin.Exec()
|
||||
assert.Nil(t, err)
|
||||
|
||||
// check file exist
|
||||
if _, err := os.Stat(filepath.Join(u.HomeDir, "123/c.txt")); os.IsNotExist(err) {
|
||||
t.Fatalf("SCP-error: %v", err)
|
||||
}
|
||||
|
||||
if _, err := os.Stat(filepath.Join(u.HomeDir, "123/d.txt")); os.IsNotExist(err) {
|
||||
t.Fatalf("SCP-error: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestIgnoreList(t *testing.T) {
|
||||
if os.Getenv("SSH_AUTH_SOCK") != "" {
|
||||
if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {
|
||||
|
||||
Reference in New Issue
Block a user