From 4457897da55926b96a7f42b2522093808a1b88e4 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 24 May 2020 14:17:43 +0800 Subject: [PATCH] chore: Support UseInsecureCipher (#115) --- go.mod | 2 +- go.sum | 4 +- main.go | 76 ++++++++++++++++-------------- plugin.go | 125 +++++++++++++++++++++++++------------------------ plugin_test.go | 34 ++++++++++++++ 5 files changed, 144 insertions(+), 97 deletions(-) diff --git a/go.mod b/go.mod index 6df1f36..1b98b69 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.14 require ( github.com/appleboy/com v0.0.6 - github.com/appleboy/easyssh-proxy v1.3.5 + github.com/appleboy/easyssh-proxy v1.3.7 github.com/fatih/color v1.9.0 github.com/joho/godotenv v1.3.0 github.com/stretchr/testify v1.5.1 diff --git a/go.sum b/go.sum index f66f641..c3ddeca 100644 --- a/go.sum +++ b/go.sum @@ -3,8 +3,8 @@ github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681 h1:JS2rl38kZmHgWa0 github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681/go.mod h1:WfDateMPQ/55dPbZRp5Zxrux5WiEaHsjk9puUhz0KgY= github.com/appleboy/com v0.0.6 h1:l8cZ0aQJU/SWyL79ciYAJeqV835PRdlZ6efiPhus5Ic= github.com/appleboy/com v0.0.6/go.mod h1:jnufjIC3opMlReyPPPye+8JqNvUzLm25o7h6SOy8nv0= -github.com/appleboy/easyssh-proxy v1.3.5 h1:EGTCbqAVRcGKHQMFSxz30lQmb+0nXL+jUiCrg/FjHQM= -github.com/appleboy/easyssh-proxy v1.3.5/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY= +github.com/appleboy/easyssh-proxy v1.3.7 h1:4XsChI8PuAd6jwTIKvTCH97vWmknvMJGxYi0PLiULG8= +github.com/appleboy/easyssh-proxy v1.3.7/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= diff --git a/main.go b/main.go index 0514eaa..a28b676 100644 --- a/main.go +++ b/main.go @@ -22,12 +22,10 @@ func main() { _ = godotenv.Load(filename) } - defaultCiphers := []string{"aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc"} - app := cli.NewApp() app.Name = "Drone SCP" app.Usage = "Copy files and artifacts via SSH." - app.Copyright = "Copyright (c) 2019 Bo-Yi Wu" + app.Copyright = "Copyright (c) 2020 Bo-Yi Wu" app.Version = Version app.Authors = []*cli.Author{ { @@ -64,7 +62,11 @@ func main() { Name: "ciphers", Usage: "The allowed cipher algorithms. If unspecified then a sensible", EnvVars: []string{"PLUGIN_CIPHERS", "SSH_CIPHERS", "CIPHERS", "INPUT_CIPHERS"}, - Value: cli.NewStringSlice(defaultCiphers...), + }, + &cli.BoolFlag{ + Name: "useInsecureCipher", + Usage: "include more ciphers with use_insecure_cipher", + EnvVars: []string{"PLUGIN_USE_INSECURE_CIPHER", "SSH_USE_INSECURE_CIPHER", "USE_INSECURE_CIPHER", "INPUT_USE_INSECURE_CIPHER"}, }, &cli.StringFlag{ Name: "fingerprint", @@ -201,7 +203,11 @@ func main() { Name: "proxy.ciphers", Usage: "The allowed cipher algorithms. If unspecified then a sensible", EnvVars: []string{"PLUGIN_PROXY_CIPHERS", "PROXY_SSH_CIPHERS", "PROXY_CIPHERS", "INPUT_PROXY_CIPHERS"}, - Value: cli.NewStringSlice(defaultCiphers...), + }, + &cli.BoolFlag{ + Name: "proxy.useInsecureCipher", + Usage: "include more ciphers with use_insecure_cipher", + EnvVars: []string{"PLUGIN_PROXY_USE_INSECURE_CIPHER", "SSH_PROXY_USE_INSECURE_CIPHER", "PROXY_USE_INSECURE_CIPHER", "INPUT_PROXY_USE_INSECURE_CIPHER"}, }, &cli.StringFlag{ Name: "proxy.fingerprint", @@ -302,36 +308,38 @@ func run(c *cli.Context) error { Link: c.String("build.link"), }, Config: Config{ - Host: c.StringSlice("host"), - Port: c.String("port"), - Username: c.String("username"), - Password: c.String("password"), - Passphrase: c.String("ssh-passphrase"), - Fingerprint: c.String("fingerprint"), - Timeout: c.Duration("timeout"), - CommandTimeout: c.Duration("command.timeout"), - Key: c.String("ssh-key"), - KeyPath: c.String("key-path"), - Target: c.StringSlice("target"), - Source: c.StringSlice("source"), - Remove: c.Bool("rm"), - Debug: c.Bool("debug"), - StripComponents: c.Int("strip.components"), - TarExec: c.String("tar.exec"), - TarTmpPath: c.String("tar.tmp-path"), - Overwrite: c.Bool("overwrite"), - Ciphers: c.StringSlice("ciphers"), + Host: c.StringSlice("host"), + Port: c.String("port"), + Username: c.String("username"), + Password: c.String("password"), + Passphrase: c.String("ssh-passphrase"), + Fingerprint: c.String("fingerprint"), + Timeout: c.Duration("timeout"), + CommandTimeout: c.Duration("command.timeout"), + Key: c.String("ssh-key"), + KeyPath: c.String("key-path"), + Target: c.StringSlice("target"), + Source: c.StringSlice("source"), + Remove: c.Bool("rm"), + Debug: c.Bool("debug"), + StripComponents: c.Int("strip.components"), + TarExec: c.String("tar.exec"), + TarTmpPath: c.String("tar.tmp-path"), + Overwrite: c.Bool("overwrite"), + Ciphers: c.StringSlice("ciphers"), + UseInsecureCipher: c.Bool("useInsecureCipher"), Proxy: easyssh.DefaultConfig{ - Key: c.String("proxy.ssh-key"), - Passphrase: c.String("proxy.ssh-passphrase"), - Fingerprint: c.String("proxy.fingerprint"), - KeyPath: c.String("proxy.key-path"), - User: c.String("proxy.username"), - Password: c.String("proxy.password"), - Server: c.String("proxy.host"), - Port: c.String("proxy.port"), - Timeout: c.Duration("proxy.timeout"), - Ciphers: c.StringSlice("proxy.ciphers"), + Key: c.String("proxy.ssh-key"), + Passphrase: c.String("proxy.ssh-passphrase"), + Fingerprint: c.String("proxy.fingerprint"), + KeyPath: c.String("proxy.key-path"), + User: c.String("proxy.username"), + Password: c.String("proxy.password"), + Server: c.String("proxy.host"), + Port: c.String("proxy.port"), + Timeout: c.Duration("proxy.timeout"), + Ciphers: c.StringSlice("proxy.ciphers"), + UseInsecureCipher: c.Bool("proxy.useInsecureCipher"), }, }, } diff --git a/plugin.go b/plugin.go index 451f9b4..6fe287f 100644 --- a/plugin.go +++ b/plugin.go @@ -45,26 +45,27 @@ type ( // Config for the plugin. Config struct { - Host []string - Port string - Username string - Password string - Key string - Passphrase string - Fingerprint string - KeyPath string - Timeout time.Duration - CommandTimeout time.Duration - Target []string - Source []string - Remove bool - StripComponents int - TarExec string - TarTmpPath string - Proxy easyssh.DefaultConfig - Debug bool - Overwrite bool - Ciphers []string + Host []string + Port string + Username string + Password string + Key string + Passphrase string + Fingerprint string + KeyPath string + Timeout time.Duration + CommandTimeout time.Duration + Target []string + Source []string + Remove bool + StripComponents int + TarExec string + TarTmpPath string + Proxy easyssh.DefaultConfig + Debug bool + Overwrite bool + Ciphers []string + UseInsecureCipher bool } // Plugin values. @@ -167,27 +168,29 @@ func (p *Plugin) removeDestFile(ssh *easyssh.MakeConfig) error { func (p *Plugin) removeAllDestFile() error { for _, host := range p.Config.Host { ssh := &easyssh.MakeConfig{ - Server: host, - User: p.Config.Username, - Password: p.Config.Password, - Port: p.Config.Port, - Key: p.Config.Key, - KeyPath: p.Config.KeyPath, - Passphrase: p.Config.Passphrase, - Timeout: p.Config.Timeout, - Ciphers: p.Config.Ciphers, - Fingerprint: p.Config.Fingerprint, + Server: host, + User: p.Config.Username, + Password: p.Config.Password, + Port: p.Config.Port, + Key: p.Config.Key, + KeyPath: p.Config.KeyPath, + Passphrase: p.Config.Passphrase, + Timeout: p.Config.Timeout, + Ciphers: p.Config.Ciphers, + Fingerprint: p.Config.Fingerprint, + UseInsecureCipher: p.Config.UseInsecureCipher, Proxy: easyssh.DefaultConfig{ - Server: p.Config.Proxy.Server, - User: p.Config.Proxy.User, - Password: p.Config.Proxy.Password, - Port: p.Config.Proxy.Port, - Key: p.Config.Proxy.Key, - KeyPath: p.Config.Proxy.KeyPath, - Passphrase: p.Config.Proxy.Passphrase, - Timeout: p.Config.Proxy.Timeout, - Ciphers: p.Config.Proxy.Ciphers, - Fingerprint: p.Config.Proxy.Fingerprint, + Server: p.Config.Proxy.Server, + User: p.Config.Proxy.User, + Password: p.Config.Proxy.Password, + Port: p.Config.Proxy.Port, + Key: p.Config.Proxy.Key, + KeyPath: p.Config.Proxy.KeyPath, + Passphrase: p.Config.Proxy.Passphrase, + Timeout: p.Config.Proxy.Timeout, + Ciphers: p.Config.Proxy.Ciphers, + Fingerprint: p.Config.Proxy.Fingerprint, + UseInsecureCipher: p.Config.Proxy.UseInsecureCipher, }, } @@ -281,27 +284,29 @@ func (p *Plugin) Exec() error { go func(host string) { // Create MakeConfig instance with remote username, server address and path to private key. ssh := &easyssh.MakeConfig{ - Server: host, - User: p.Config.Username, - Password: p.Config.Password, - Port: p.Config.Port, - Key: p.Config.Key, - KeyPath: p.Config.KeyPath, - Passphrase: p.Config.Passphrase, - Timeout: p.Config.Timeout, - Ciphers: p.Config.Ciphers, - Fingerprint: p.Config.Fingerprint, + Server: host, + User: p.Config.Username, + Password: p.Config.Password, + Port: p.Config.Port, + Key: p.Config.Key, + KeyPath: p.Config.KeyPath, + Passphrase: p.Config.Passphrase, + Timeout: p.Config.Timeout, + Ciphers: p.Config.Ciphers, + Fingerprint: p.Config.Fingerprint, + UseInsecureCipher: p.Config.UseInsecureCipher, Proxy: easyssh.DefaultConfig{ - Server: p.Config.Proxy.Server, - User: p.Config.Proxy.User, - Password: p.Config.Proxy.Password, - Port: p.Config.Proxy.Port, - Key: p.Config.Proxy.Key, - KeyPath: p.Config.Proxy.KeyPath, - Passphrase: p.Config.Proxy.Passphrase, - Timeout: p.Config.Proxy.Timeout, - Ciphers: p.Config.Proxy.Ciphers, - Fingerprint: p.Config.Proxy.Fingerprint, + Server: p.Config.Proxy.Server, + User: p.Config.Proxy.User, + Password: p.Config.Proxy.Password, + Port: p.Config.Proxy.Port, + Key: p.Config.Proxy.Key, + KeyPath: p.Config.Proxy.KeyPath, + Passphrase: p.Config.Proxy.Passphrase, + Timeout: p.Config.Proxy.Timeout, + Ciphers: p.Config.Proxy.Ciphers, + Fingerprint: p.Config.Proxy.Fingerprint, + UseInsecureCipher: p.Config.Proxy.UseInsecureCipher, }, } diff --git a/plugin_test.go b/plugin_test.go index b02aab6..70992e5 100644 --- a/plugin_test.go +++ b/plugin_test.go @@ -371,6 +371,40 @@ func TestStripComponentsFlag(t *testing.T) { } } +func TestUseInsecureCipherFlag(t *testing.T) { + u, err := user.Lookup("drone-scp") + if err != nil { + t.Fatalf("Lookup: %v", err) + } + + plugin := Plugin{ + Config: Config{ + Host: []string{"localhost"}, + Username: "drone-scp", + Port: "22", + KeyPath: "tests/.ssh/id_rsa", + Source: []string{"tests/global/*"}, + StripComponents: 2, + Target: []string{filepath.Join(u.HomeDir, "123")}, + CommandTimeout: 60 * time.Second, + TarExec: "tar", + UseInsecureCipher: true, + }, + } + + err = plugin.Exec() + assert.Nil(t, err) + + // check file exist + if _, err := os.Stat(filepath.Join(u.HomeDir, "123/c.txt")); os.IsNotExist(err) { + t.Fatalf("SCP-error: %v", err) + } + + if _, err := os.Stat(filepath.Join(u.HomeDir, "123/d.txt")); os.IsNotExist(err) { + t.Fatalf("SCP-error: %v", err) + } +} + func TestIgnoreList(t *testing.T) { if os.Getenv("SSH_AUTH_SOCK") != "" { if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {