mirror of
https://github.com/appleboy/drone-ssh.git
synced 2025-10-29 00:51:15 +08:00
chore: support UseInsecureCipher (#158)
This commit is contained in:
Bo-Yi Wu
GitHub
parent
1288a4b20d
commit
7344ac6529
2
go.mod
2
go.mod
@ -3,7 +3,7 @@ module github.com/appleboy/drone-ssh
|
|||||||
go 1.14
|
go 1.14
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/appleboy/easyssh-proxy v1.3.5
|
github.com/appleboy/easyssh-proxy v1.3.6
|
||||||
github.com/joho/godotenv v1.3.0
|
github.com/joho/godotenv v1.3.0
|
||||||
github.com/stretchr/testify v1.3.0
|
github.com/stretchr/testify v1.3.0
|
||||||
github.com/urfave/cli v1.22.4
|
github.com/urfave/cli v1.22.4
|
||||||
|
|||||||
2
go.sum
2
go.sum
@ -5,6 +5,8 @@ github.com/appleboy/easyssh-proxy v1.3.4 h1:yNgzsJ9qaDNGzQILDXEK4boioJMmUUaTUsxY
|
|||||||
github.com/appleboy/easyssh-proxy v1.3.4/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
|
github.com/appleboy/easyssh-proxy v1.3.4/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
|
||||||
github.com/appleboy/easyssh-proxy v1.3.5 h1:EGTCbqAVRcGKHQMFSxz30lQmb+0nXL+jUiCrg/FjHQM=
|
github.com/appleboy/easyssh-proxy v1.3.5 h1:EGTCbqAVRcGKHQMFSxz30lQmb+0nXL+jUiCrg/FjHQM=
|
||||||
github.com/appleboy/easyssh-proxy v1.3.5/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
|
github.com/appleboy/easyssh-proxy v1.3.5/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
|
||||||
|
github.com/appleboy/easyssh-proxy v1.3.6 h1:YELdI5z/NK/hSspkkcohSa9uJQxA4/e2H+f5jDD6pGA=
|
||||||
|
github.com/appleboy/easyssh-proxy v1.3.6/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
|
||||||
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
|
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
|
||||||
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
|
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
|
||||||
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
|
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
|
||||||
|
|||||||
15
main.go
15
main.go
@ -19,7 +19,6 @@ func main() {
|
|||||||
if filename, found := os.LookupEnv("PLUGIN_ENV_FILE"); found {
|
if filename, found := os.LookupEnv("PLUGIN_ENV_FILE"); found {
|
||||||
_ = godotenv.Load(filename)
|
_ = godotenv.Load(filename)
|
||||||
}
|
}
|
||||||
defaultCiphers := cli.StringSlice{"aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc"}
|
|
||||||
app := cli.NewApp()
|
app := cli.NewApp()
|
||||||
app.Name = "Drone SSH"
|
app.Name = "Drone SSH"
|
||||||
app.Usage = "Executing remote ssh commands"
|
app.Usage = "Executing remote ssh commands"
|
||||||
@ -63,7 +62,11 @@ func main() {
|
|||||||
Name: "ciphers",
|
Name: "ciphers",
|
||||||
Usage: "The allowed cipher algorithms. If unspecified then a sensible",
|
Usage: "The allowed cipher algorithms. If unspecified then a sensible",
|
||||||
EnvVar: "PLUGIN_CIPHERS,SSH_CIPHERS,CIPHERS,INPUT_CIPHERS",
|
EnvVar: "PLUGIN_CIPHERS,SSH_CIPHERS,CIPHERS,INPUT_CIPHERS",
|
||||||
Value: &defaultCiphers,
|
},
|
||||||
|
cli.BoolFlag{
|
||||||
|
Name: "useInsecureCipher",
|
||||||
|
Usage: "include more ciphers with use_insecure_cipher",
|
||||||
|
EnvVar: "PLUGIN_USE_INSECURE_CIPHER,SSH_USE_INSECURE_CIPHER,USE_INSECURE_CIPHER,INPUT_USE_INSECURE_CIPHER",
|
||||||
},
|
},
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "fingerprint",
|
Name: "fingerprint",
|
||||||
@ -160,7 +163,11 @@ func main() {
|
|||||||
Name: "proxy.ciphers",
|
Name: "proxy.ciphers",
|
||||||
Usage: "The allowed cipher algorithms. If unspecified then a sensible",
|
Usage: "The allowed cipher algorithms. If unspecified then a sensible",
|
||||||
EnvVar: "PLUGIN_PROXY_CIPHERS,SSH_PROXY_CIPHERS,PROXY_CIPHERS,INPUT_PROXY_CIPHERS",
|
EnvVar: "PLUGIN_PROXY_CIPHERS,SSH_PROXY_CIPHERS,PROXY_CIPHERS,INPUT_PROXY_CIPHERS",
|
||||||
Value: &defaultCiphers,
|
},
|
||||||
|
cli.BoolFlag{
|
||||||
|
Name: "proxy.useInsecureCipher",
|
||||||
|
Usage: "include more ciphers with use_insecure_cipher",
|
||||||
|
EnvVar: "PLUGIN_PROXY_USE_INSECURE_CIPHER,SSH_PROXY_USE_INSECURE_CIPHER,PROXY_USE_INSECURE_CIPHER,INPUT_PROXY_USE_INSECURE_CIPHER",
|
||||||
},
|
},
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "proxy.fingerprint",
|
Name: "proxy.fingerprint",
|
||||||
@ -240,6 +247,7 @@ func run(c *cli.Context) error {
|
|||||||
Debug: c.Bool("debug"),
|
Debug: c.Bool("debug"),
|
||||||
Sync: c.Bool("sync"),
|
Sync: c.Bool("sync"),
|
||||||
Ciphers: c.StringSlice("ciphers"),
|
Ciphers: c.StringSlice("ciphers"),
|
||||||
|
UseInsecureCipher: c.Bool("useInsecureCipher"),
|
||||||
Proxy: easyssh.DefaultConfig{
|
Proxy: easyssh.DefaultConfig{
|
||||||
Key: c.String("proxy.ssh-key"),
|
Key: c.String("proxy.ssh-key"),
|
||||||
KeyPath: c.String("proxy.key-path"),
|
KeyPath: c.String("proxy.key-path"),
|
||||||
@ -251,6 +259,7 @@ func run(c *cli.Context) error {
|
|||||||
Port: c.String("proxy.port"),
|
Port: c.String("proxy.port"),
|
||||||
Timeout: c.Duration("proxy.timeout"),
|
Timeout: c.Duration("proxy.timeout"),
|
||||||
Ciphers: c.StringSlice("proxy.ciphers"),
|
Ciphers: c.StringSlice("proxy.ciphers"),
|
||||||
|
UseInsecureCipher: c.Bool("proxy.useInsecureCipher"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Writer: os.Stdout,
|
Writer: os.Stdout,
|
||||||
|
|||||||
@ -40,6 +40,7 @@ type (
|
|||||||
Debug bool
|
Debug bool
|
||||||
Sync bool
|
Sync bool
|
||||||
Ciphers []string
|
Ciphers []string
|
||||||
|
UseInsecureCipher bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// Plugin structure
|
// Plugin structure
|
||||||
@ -66,6 +67,7 @@ func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
|
|||||||
Timeout: p.Config.Timeout,
|
Timeout: p.Config.Timeout,
|
||||||
Ciphers: p.Config.Ciphers,
|
Ciphers: p.Config.Ciphers,
|
||||||
Fingerprint: p.Config.Fingerprint,
|
Fingerprint: p.Config.Fingerprint,
|
||||||
|
UseInsecureCipher: p.Config.UseInsecureCipher,
|
||||||
Proxy: easyssh.DefaultConfig{
|
Proxy: easyssh.DefaultConfig{
|
||||||
Server: p.Config.Proxy.Server,
|
Server: p.Config.Proxy.Server,
|
||||||
User: p.Config.Proxy.User,
|
User: p.Config.Proxy.User,
|
||||||
@ -77,6 +79,7 @@ func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
|
|||||||
Timeout: p.Config.Proxy.Timeout,
|
Timeout: p.Config.Proxy.Timeout,
|
||||||
Ciphers: p.Config.Proxy.Ciphers,
|
Ciphers: p.Config.Proxy.Ciphers,
|
||||||
Fingerprint: p.Config.Proxy.Fingerprint,
|
Fingerprint: p.Config.Proxy.Fingerprint,
|
||||||
|
UseInsecureCipher: p.Config.Proxy.UseInsecureCipher,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -669,3 +669,38 @@ func TestPlugin_scriptCommands(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestUseInsecureCipher(t *testing.T) {
|
||||||
|
var (
|
||||||
|
buffer bytes.Buffer
|
||||||
|
expected = `
|
||||||
|
======CMD======
|
||||||
|
mkdir a/b/c
|
||||||
|
mkdir d/e/f
|
||||||
|
======END======
|
||||||
|
err: mkdir: can't create directory 'a/b/c': No such file or directory
|
||||||
|
err: mkdir: can't create directory 'd/e/f': No such file or directory
|
||||||
|
`
|
||||||
|
)
|
||||||
|
|
||||||
|
plugin := Plugin{
|
||||||
|
Config: Config{
|
||||||
|
Host: []string{"localhost"},
|
||||||
|
Username: "drone-scp",
|
||||||
|
Port: 22,
|
||||||
|
KeyPath: "./tests/.ssh/id_rsa",
|
||||||
|
Script: []string{
|
||||||
|
"mkdir a/b/c",
|
||||||
|
"mkdir d/e/f",
|
||||||
|
},
|
||||||
|
CommandTimeout: 10 * time.Second,
|
||||||
|
UseInsecureCipher: true,
|
||||||
|
},
|
||||||
|
Writer: &buffer,
|
||||||
|
}
|
||||||
|
|
||||||
|
err := plugin.Exec()
|
||||||
|
assert.NotNil(t, err)
|
||||||
|
|
||||||
|
assert.Equal(t, unindent(expected), unindent(buffer.String()))
|
||||||
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user