Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

⭐ introduce sshd.config.blocks #3194

Merged
merged 3 commits into from
Feb 5, 2024
Merged

⭐ introduce sshd.config.blocks #3194

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9563096
⭐ introduce sshd.config.blocks
arlimus Feb 5, 2024
28721f7
🟢 fix ssh params test
arlimus Feb 5, 2024
f13bdb3
🟢 fix mqlc tests for new fields
arlimus Feb 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion mqlc/mqlc_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1912,7 +1912,7 @@ func TestSuggestions(t *testing.T) {
{
// resource suggestions
"ssh",
[]string{"os.unix.sshd", "sshd", "sshd.config", "windows.security.health"},
[]string{"os.unix.sshd", "sshd", "sshd.config", "sshd.config.matchBlock", "windows.security.health"},
errors.New("cannot find resource for identifier 'ssh'"),
nil,
},
Expand Down
4 changes: 2 additions & 2 deletions providers-sdk/v1/testutils/testdata/arch.json
View file
Open in desktop

Large diffs are not rendered by default.

9 changes: 9 additions & 0 deletions providers/os/resources/os.lr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -672,6 +672,8 @@ sshd.config {
content(files) string
// Configuration values of this SSH server
params(content) map[string]string
// Blocks with match conditions in this SSH server config
blocks(content) []sshd.config.matchBlock
// Ciphers configured for this SSH server
ciphers(params) []string
// MACs configured for this SSH server
Expand All @@ -684,6 +686,13 @@ sshd.config {
permitRootLogin(params) []string
}

private sshd.config.matchBlock @defaults("criteria") {
// The match criteria for this block
criteria string
// Configuration values in this block
params map[string]string
}

// Service on this system
service @defaults("name running enabled type") {
init(name string)
Expand Down
102 changes: 101 additions & 1 deletion providers/os/resources/os.lr.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 9 additions & 0 deletions providers/os/resources/os.lr.manifest.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -838,6 +838,8 @@ resources:
min_mondoo_version: 5.15.0
sshd.config:
fields:
blocks:
min_mondoo_version: latest
ciphers: {}
content: {}
file: {}
Expand All @@ -853,6 +855,13 @@ resources:
snippets:
- query: sshd.config.params['Banner'] == '/etc/ssh/sshd-banner'
title: Check that the SSH banner is sourced from /etc/ssh/sshd-banner
sshd.config.matchBlock:
fields:
condition: {}
criteria: {}
params: {}
is_private: true
min_mondoo_version: latest
user:
fields:
authorizedkeys: {}
Expand Down
54 changes: 45 additions & 9 deletions providers/os/resources/sshd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,19 @@ import (
"errors"
"fmt"
"strings"
"sync"

"go.mondoo.com/cnquery/v10/llx"
"go.mondoo.com/cnquery/v10/providers-sdk/v1/plugin"
"go.mondoo.com/cnquery/v10/providers/os/connection/shared"
"go.mondoo.com/cnquery/v10/providers/os/resources/sshd"
"go.mondoo.com/cnquery/v10/types"
)

type mqlSshdConfigInternal struct {
lock sync.Mutex
}

func initSshdConfig(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) {
if x, ok := args["path"]; ok {
path, ok := x.Value.(string)
Expand Down Expand Up @@ -117,19 +123,49 @@ func (s *mqlSshdConfig) content(files []interface{}) (string, error) {
return fullContent, nil
}

func (s *mqlSshdConfig) params(content string) (map[string]interface{}, error) {
params, err := sshd.Params(content)
if err != nil {
return nil, err
func matchBlocks2Resources(m sshd.MatchBlocks, runtime *plugin.Runtime, ownerID string) ([]any, error) {
res := make([]any, len(m))
for i := range m {
cur := m[i]
obj, err := CreateResource(runtime, "sshd.config.matchBlock", map[string]*llx.RawData{
"__id": llx.StringData(ownerID + "\x00" + cur.Criteria),
"criteria": llx.StringData(cur.Criteria),
"params": llx.MapData(cur.Params, types.String),
})
if err != nil {
return nil, err
}
res[i] = obj
}
return res, nil
}

// convert map
res := map[string]interface{}{}
for k, v := range params {
res[k] = v
func (s *mqlSshdConfig) parse(content string) error {
s.lock.Lock()
defer s.lock.Unlock()

params, err := sshd.ParseBlocks(content)
if err != nil {
s.Params = plugin.TValue[map[string]any]{Error: err, State: plugin.StateIsSet | plugin.StateIsNull}
s.Blocks = plugin.TValue[[]any]{Error: err, State: plugin.StateIsSet | plugin.StateIsNull}
} else {
blocks, err := matchBlocks2Resources(params, s.MqlRuntime, s.__id)
if err != nil {
return err
}
s.Params = plugin.TValue[map[string]any]{Data: params.Flatten(), State: plugin.StateIsSet}
s.Blocks = plugin.TValue[[]any]{Data: blocks, State: plugin.StateIsSet}
}

return res, nil
return err
}

func (s *mqlSshdConfig) params(content string) (map[string]any, error) {
return nil, s.parse(content)
}

func (s *mqlSshdConfig) blocks(content string) ([]any, error) {
return nil, s.parse(content)
}

func (s *mqlSshdConfig) parseConfigEntrySlice(raw interface{}) ([]interface{}, error) {
Expand Down
Loading
Loading