chore: support UseInsecureCipher (#158)

2025-05-09 18:23:21 +08:00 · 2020-05-24 10:43:11 +08:00 · 2020-05-24 10:43:11 +08:00 · 7344ac6529
commit 7344ac6529
parent 1288a4b20d
5 changed files with 116 additions and 67 deletions
--- a/go.mod
+++ b/go.mod
@ -3,7 +3,7 @@ module github.com/appleboy/drone-ssh
 go 1.14

 require (
-	github.com/appleboy/easyssh-proxy v1.3.5
+	github.com/appleboy/easyssh-proxy v1.3.6
 	github.com/joho/godotenv v1.3.0
 	github.com/stretchr/testify v1.3.0
 	github.com/urfave/cli v1.22.4
--- a/go.sum
+++ b/go.sum
@ -5,6 +5,8 @@ github.com/appleboy/easyssh-proxy v1.3.4 h1:yNgzsJ9qaDNGzQILDXEK4boioJMmUUaTUsxY
 github.com/appleboy/easyssh-proxy v1.3.4/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
 github.com/appleboy/easyssh-proxy v1.3.5 h1:EGTCbqAVRcGKHQMFSxz30lQmb+0nXL+jUiCrg/FjHQM=
 github.com/appleboy/easyssh-proxy v1.3.5/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
+github.com/appleboy/easyssh-proxy v1.3.6 h1:YELdI5z/NK/hSspkkcohSa9uJQxA4/e2H+f5jDD6pGA=
+github.com/appleboy/easyssh-proxy v1.3.6/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
--- a/main.go
+++ b/main.go
@ -19,7 +19,6 @@ func main() {
 	if filename, found := os.LookupEnv("PLUGIN_ENV_FILE"); found {
 		_ = godotenv.Load(filename)
 	}
-	defaultCiphers := cli.StringSlice{"aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc"}
 	app := cli.NewApp()
 	app.Name = "Drone SSH"
 	app.Usage = "Executing remote ssh commands"
@ -63,7 +62,11 @@ func main() {
 			Name:   "ciphers",
 			Usage:  "The allowed cipher algorithms. If unspecified then a sensible",
 			EnvVar: "PLUGIN_CIPHERS,SSH_CIPHERS,CIPHERS,INPUT_CIPHERS",
-			Value:  &defaultCiphers,
+		},
+		cli.BoolFlag{
+			Name:   "useInsecureCipher",
+			Usage:  "include more ciphers with use_insecure_cipher",
+			EnvVar: "PLUGIN_USE_INSECURE_CIPHER,SSH_USE_INSECURE_CIPHER,USE_INSECURE_CIPHER,INPUT_USE_INSECURE_CIPHER",
 		},
 		cli.StringFlag{
 			Name:   "fingerprint",
@ -160,7 +163,11 @@ func main() {
 			Name:   "proxy.ciphers",
 			Usage:  "The allowed cipher algorithms. If unspecified then a sensible",
 			EnvVar: "PLUGIN_PROXY_CIPHERS,SSH_PROXY_CIPHERS,PROXY_CIPHERS,INPUT_PROXY_CIPHERS",
-			Value:  &defaultCiphers,
+		},
+		cli.BoolFlag{
+			Name:   "proxy.useInsecureCipher",
+			Usage:  "include more ciphers with use_insecure_cipher",
+			EnvVar: "PLUGIN_PROXY_USE_INSECURE_CIPHER,SSH_PROXY_USE_INSECURE_CIPHER,PROXY_USE_INSECURE_CIPHER,INPUT_PROXY_USE_INSECURE_CIPHER",
 		},
 		cli.StringFlag{
 			Name:   "proxy.fingerprint",
@ -240,6 +247,7 @@ func run(c *cli.Context) error {
 			Debug:             c.Bool("debug"),
 			Sync:              c.Bool("sync"),
 			Ciphers:           c.StringSlice("ciphers"),
+			UseInsecureCipher: c.Bool("useInsecureCipher"),
 			Proxy: easyssh.DefaultConfig{
 				Key:               c.String("proxy.ssh-key"),
 				KeyPath:           c.String("proxy.key-path"),
@ -251,6 +259,7 @@ func run(c *cli.Context) error {
 				Port:              c.String("proxy.port"),
 				Timeout:           c.Duration("proxy.timeout"),
 				Ciphers:           c.StringSlice("proxy.ciphers"),
+				UseInsecureCipher: c.Bool("proxy.useInsecureCipher"),
 			},
 		},
 		Writer: os.Stdout,
--- a/plugin.go
+++ b/plugin.go
@ -40,6 +40,7 @@ type (
 		Debug             bool
 		Sync              bool
 		Ciphers           []string
+		UseInsecureCipher bool
 	}

 	// Plugin structure
@ -66,6 +67,7 @@ func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
 		Timeout:           p.Config.Timeout,
 		Ciphers:           p.Config.Ciphers,
 		Fingerprint:       p.Config.Fingerprint,
+		UseInsecureCipher: p.Config.UseInsecureCipher,
 		Proxy: easyssh.DefaultConfig{
 			Server:            p.Config.Proxy.Server,
 			User:              p.Config.Proxy.User,
@ -77,6 +79,7 @@ func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
 			Timeout:           p.Config.Proxy.Timeout,
 			Ciphers:           p.Config.Proxy.Ciphers,
 			Fingerprint:       p.Config.Proxy.Fingerprint,
+			UseInsecureCipher: p.Config.Proxy.UseInsecureCipher,
 		},
 	}

--- a/plugin_test.go
+++ b/plugin_test.go
@ -669,3 +669,38 @@ func TestPlugin_scriptCommands(t *testing.T) {
 		})
 	}
 }
+
+func TestUseInsecureCipher(t *testing.T) {
+	var (
+		buffer   bytes.Buffer
+		expected = `
+			======CMD======
+			mkdir a/b/c
+			mkdir d/e/f
+			======END======
+			err: mkdir: can't create directory 'a/b/c': No such file or directory
+			err: mkdir: can't create directory 'd/e/f': No such file or directory
+		`
+	)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"localhost"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"mkdir a/b/c",
+				"mkdir d/e/f",
+			},
+			CommandTimeout:    10 * time.Second,
+			UseInsecureCipher: true,
+		},
+		Writer: &buffer,
+	}
+
+	err := plugin.Exec()
+	assert.NotNil(t, err)
+
+	assert.Equal(t, unindent(expected), unindent(buffer.String()))
+}