cicd/drone-ssh
1
0
Fork 0
mirror of https://github.com/appleboy/drone-ssh.git synced 2025-05-09 18:23:21 +08:00
Code Issues Packages Projects Releases 1 Wiki Activity

chore: support UseInsecureCipher (#158)

Browse Source
This commit is contained in:
Bo-Yi Wu 2020-05-24 10:43:11 +08:00 committed by GitHub
parent 1288a4b20d
commit 7344ac6529
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 116 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -3,7 +3,7 @@ module github.com/appleboy/drone-ssh
go 1.14 go 1.14
require ( require (
github.com/appleboy/easyssh-proxy v1.3.5 github.com/appleboy/easyssh-proxy v1.3.6
github.com/joho/godotenv v1.3.0 github.com/joho/godotenv v1.3.0
github.com/stretchr/testify v1.3.0 github.com/stretchr/testify v1.3.0
github.com/urfave/cli v1.22.4 github.com/urfave/cli v1.22.4

2
go.sum
View File

@ -5,6 +5,8 @@ github.com/appleboy/easyssh-proxy v1.3.4 h1:yNgzsJ9qaDNGzQILDXEK4boioJMmUUaTUsxY
github.com/appleboy/easyssh-proxy v1.3.4/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY= github.com/appleboy/easyssh-proxy v1.3.4/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
github.com/appleboy/easyssh-proxy v1.3.5 h1:EGTCbqAVRcGKHQMFSxz30lQmb+0nXL+jUiCrg/FjHQM= github.com/appleboy/easyssh-proxy v1.3.5 h1:EGTCbqAVRcGKHQMFSxz30lQmb+0nXL+jUiCrg/FjHQM=
github.com/appleboy/easyssh-proxy v1.3.5/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY= github.com/appleboy/easyssh-proxy v1.3.5/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
github.com/appleboy/easyssh-proxy v1.3.6 h1:YELdI5z/NK/hSspkkcohSa9uJQxA4/e2H+f5jDD6pGA=
github.com/appleboy/easyssh-proxy v1.3.6/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=

67
main.go
View File

@ -19,7 +19,6 @@ func main() {
if filename, found := os.LookupEnv("PLUGIN_ENV_FILE"); found { if filename, found := os.LookupEnv("PLUGIN_ENV_FILE"); found {
_ = godotenv.Load(filename) _ = godotenv.Load(filename)
} }
defaultCiphers := cli.StringSlice{"aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc"}
app := cli.NewApp() app := cli.NewApp()
app.Name = "Drone SSH" app.Name = "Drone SSH"
app.Usage = "Executing remote ssh commands" app.Usage = "Executing remote ssh commands"
@ -63,7 +62,11 @@ func main() {
Name: "ciphers", Name: "ciphers",
Usage: "The allowed cipher algorithms. If unspecified then a sensible", Usage: "The allowed cipher algorithms. If unspecified then a sensible",
EnvVar: "PLUGIN_CIPHERS,SSH_CIPHERS,CIPHERS,INPUT_CIPHERS", EnvVar: "PLUGIN_CIPHERS,SSH_CIPHERS,CIPHERS,INPUT_CIPHERS",
Value: &defaultCiphers, },
cli.BoolFlag{
Name: "useInsecureCipher",
Usage: "include more ciphers with use_insecure_cipher",
EnvVar: "PLUGIN_USE_INSECURE_CIPHER,SSH_USE_INSECURE_CIPHER,USE_INSECURE_CIPHER,INPUT_USE_INSECURE_CIPHER",
}, },
cli.StringFlag{ cli.StringFlag{
Name: "fingerprint", Name: "fingerprint",
@ -160,7 +163,11 @@ func main() {
Name: "proxy.ciphers", Name: "proxy.ciphers",
Usage: "The allowed cipher algorithms. If unspecified then a sensible", Usage: "The allowed cipher algorithms. If unspecified then a sensible",
EnvVar: "PLUGIN_PROXY_CIPHERS,SSH_PROXY_CIPHERS,PROXY_CIPHERS,INPUT_PROXY_CIPHERS", EnvVar: "PLUGIN_PROXY_CIPHERS,SSH_PROXY_CIPHERS,PROXY_CIPHERS,INPUT_PROXY_CIPHERS",
Value: &defaultCiphers, },
cli.BoolFlag{
Name: "proxy.useInsecureCipher",
Usage: "include more ciphers with use_insecure_cipher",
EnvVar: "PLUGIN_PROXY_USE_INSECURE_CIPHER,SSH_PROXY_USE_INSECURE_CIPHER,PROXY_USE_INSECURE_CIPHER,INPUT_PROXY_USE_INSECURE_CIPHER",
}, },
cli.StringFlag{ cli.StringFlag{
Name: "proxy.fingerprint", Name: "proxy.fingerprint",
@ -224,33 +231,35 @@ func run(c *cli.Context) error {
} }
plugin := Plugin{ plugin := Plugin{
Config: Config{ Config: Config{
Key: c.String("ssh-key"), Key: c.String("ssh-key"),
KeyPath: c.String("key-path"), KeyPath: c.String("key-path"),
Username: c.String("user"), Username: c.String("user"),
Password: c.String("password"), Password: c.String("password"),
Passphrase: c.String("ssh-passphrase"), Passphrase: c.String("ssh-passphrase"),
Fingerprint: c.String("fingerprint"), Fingerprint: c.String("fingerprint"),
Host: c.StringSlice("host"), Host: c.StringSlice("host"),
Port: c.Int("port"), Port: c.Int("port"),
Timeout: c.Duration("timeout"), Timeout: c.Duration("timeout"),
CommandTimeout: c.Duration("command.timeout"), CommandTimeout: c.Duration("command.timeout"),
Script: scripts, Script: scripts,
ScriptStop: c.Bool("script.stop"), ScriptStop: c.Bool("script.stop"),
Envs: c.StringSlice("envs"), Envs: c.StringSlice("envs"),
Debug: c.Bool("debug"), Debug: c.Bool("debug"),
Sync: c.Bool("sync"), Sync: c.Bool("sync"),
Ciphers: c.StringSlice("ciphers"), Ciphers: c.StringSlice("ciphers"),
UseInsecureCipher: c.Bool("useInsecureCipher"),
Proxy: easyssh.DefaultConfig{ Proxy: easyssh.DefaultConfig{
Key: c.String("proxy.ssh-key"), Key: c.String("proxy.ssh-key"),
KeyPath: c.String("proxy.key-path"), KeyPath: c.String("proxy.key-path"),
User: c.String("proxy.username"), User: c.String("proxy.username"),
Password: c.String("proxy.password"), Password: c.String("proxy.password"),
Passphrase: c.String("proxy.ssh-passphrase"), Passphrase: c.String("proxy.ssh-passphrase"),
Fingerprint: c.String("proxy.fingerprint"), Fingerprint: c.String("proxy.fingerprint"),
Server: c.String("proxy.host"), Server: c.String("proxy.host"),
Port: c.String("proxy.port"), Port: c.String("proxy.port"),
Timeout: c.Duration("proxy.timeout"), Timeout: c.Duration("proxy.timeout"),
Ciphers: c.StringSlice("proxy.ciphers"), Ciphers: c.StringSlice("proxy.ciphers"),
UseInsecureCipher: c.Bool("proxy.useInsecureCipher"),
}, },
}, },
Writer: os.Stdout, Writer: os.Stdout,

77
plugin.go
View File

@ -23,23 +23,24 @@ var (
type ( type (
// Config for the plugin. // Config for the plugin.
Config struct { Config struct {
Key string Key string
Passphrase string Passphrase string
KeyPath string KeyPath string
Username string Username string
Password string Password string
Host []string Host []string
Port int Port int
Fingerprint string Fingerprint string
Timeout time.Duration Timeout time.Duration
CommandTimeout time.Duration CommandTimeout time.Duration
Script []string Script []string
ScriptStop bool ScriptStop bool
Envs []string Envs []string
Proxy easyssh.DefaultConfig Proxy easyssh.DefaultConfig
Debug bool Debug bool
Sync bool Sync bool
Ciphers []string Ciphers []string
UseInsecureCipher bool
} }
// Plugin structure // Plugin structure
@ -56,27 +57,29 @@ func escapeArg(arg string) string {
func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) { func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
// Create MakeConfig instance with remote username, server address and path to private key. // Create MakeConfig instance with remote username, server address and path to private key.
ssh := &easyssh.MakeConfig{ ssh := &easyssh.MakeConfig{
Server: host, Server: host,
User: p.Config.Username, User: p.Config.Username,
Password: p.Config.Password, Password: p.Config.Password,
Port: strconv.Itoa(p.Config.Port), Port: strconv.Itoa(p.Config.Port),
Key: p.Config.Key, Key: p.Config.Key,
KeyPath: p.Config.KeyPath, KeyPath: p.Config.KeyPath,
Passphrase: p.Config.Passphrase, Passphrase: p.Config.Passphrase,
Timeout: p.Config.Timeout, Timeout: p.Config.Timeout,
Ciphers: p.Config.Ciphers, Ciphers: p.Config.Ciphers,
Fingerprint: p.Config.Fingerprint, Fingerprint: p.Config.Fingerprint,
UseInsecureCipher: p.Config.UseInsecureCipher,
Proxy: easyssh.DefaultConfig{ Proxy: easyssh.DefaultConfig{
Server: p.Config.Proxy.Server, Server: p.Config.Proxy.Server,
User: p.Config.Proxy.User, User: p.Config.Proxy.User,
Password: p.Config.Proxy.Password, Password: p.Config.Proxy.Password,
Port: p.Config.Proxy.Port, Port: p.Config.Proxy.Port,
Key: p.Config.Proxy.Key, Key: p.Config.Proxy.Key,
KeyPath: p.Config.Proxy.KeyPath, KeyPath: p.Config.Proxy.KeyPath,
Passphrase: p.Config.Proxy.Passphrase, Passphrase: p.Config.Proxy.Passphrase,
Timeout: p.Config.Proxy.Timeout, Timeout: p.Config.Proxy.Timeout,
Ciphers: p.Config.Proxy.Ciphers, Ciphers: p.Config.Proxy.Ciphers,
Fingerprint: p.Config.Proxy.Fingerprint, Fingerprint: p.Config.Proxy.Fingerprint,
UseInsecureCipher: p.Config.Proxy.UseInsecureCipher,
}, },
} }

35
plugin_test.go
View File

@ -669,3 +669,38 @@ func TestPlugin_scriptCommands(t *testing.T) {
}) })
} }
} }
func TestUseInsecureCipher(t *testing.T) {
var (
buffer bytes.Buffer
expected = `
======CMD======
mkdir a/b/c
mkdir d/e/f
======END======
err: mkdir: can't create directory 'a/b/c': No such file or directory
err: mkdir: can't create directory 'd/e/f': No such file or directory
`
)
plugin := Plugin{
Config: Config{
Host: []string{"localhost"},
Username: "drone-scp",
Port: 22,
KeyPath: "./tests/.ssh/id_rsa",
Script: []string{
"mkdir a/b/c",
"mkdir d/e/f",
},
CommandTimeout: 10 * time.Second,
UseInsecureCipher: true,
},
Writer: &buffer,
}
err := plugin.Exec()
assert.NotNil(t, err)
assert.Equal(t, unindent(expected), unindent(buffer.String()))
}