Skip to content
This repository was archived by the owner on Feb 26, 2021. It is now read-only.

Comments

Expand SSH Finding Model into multiple Categories#10

Merged
J12934 merged 13 commits intomasterfrom
findings-enhancment
Oct 18, 2019
Merged

Expand SSH Finding Model into multiple Categories#10
J12934 merged 13 commits intomasterfrom
findings-enhancment

Conversation

@J12934
Copy link
Member

@J12934 J12934 commented Sep 24, 2019
edited
Loading

General Changes

  • Change empty string fields like hostname and server_banner to null values
  • The location of the findings will now be equal to the hostname (if existing), falling back to the ip_address if not set.
  • All findings now have hostname and ip_address fields in their attributes map.
  • Split out the finding categories. Currently all SSH Scanner findings are of the category SSH Service. This category will be kept for the general purpose informational finding. The other "policy violation" type findings will be moved into their own category. The changes to these two categories are grouped below

Changes to SSH Service Category Findings

  • Added extra attributes for supported auth_methods, key_algorithms, encryption_algorithms, mac_algorithms & compression_algorithms to easily see all relevant informations about the ssh server

Changes to Policy Violation Type Findings

  • These findings were previously also in the SSH Service Category but will now be moved into the SSH Policy Violation Category
  • Which kind of policy was violated can be identified by the findings name. The following names are possible:
    • Insecure Methods / Algorithms:
      • Discouraged SSH Authentication Method
      • Insecure SSH Key Algorithms
      • Insecure SSH Encryption Ciphers
      • Insecure SSH MAC Algorithms
      • Insecure SSH Compression Algorithms
    • Missing Methods / Algorithms:
      • Missing SSH Authentication Method
      • Missing SSH Key Algorithms
      • Missing SSH Encryption Ciphers
      • Missing SSH MAC Algorithms
      • Missing SSH Compression Algorithms
    • Outdated SSH Protocol Version
  • These findings have a payload field in their attributes map which indicates which kind of key algorithms, encryption ciphers or other are in violation of the policy.
  • The description contains the original ssh_scan recommendation text.

@J12934 J12934 added the enhancement New feature or request label Sep 24, 2019
@J12934 J12934 self-assigned this Sep 24, 2019
@J12934 J12934 changed the title Convert empty strings in results to nil Expand SSH Finding Model into multiple Categories Sep 24, 2019
@J12934
Copy link
Member Author

J12934 commented Oct 7, 2019
edited
Loading

I refuse to accept the last codacity issue, (that the get_policy_violation_type is too complex). I think their cyclomatic complexity calculation logic really doesn't like case statements.

@J12934 J12934 marked this pull request as ready for review October 7, 2019 17:49
@J12934 J12934 requested a review from rfelber October 7, 2019 17:49
@J12934 J12934 requested a review from Weltraumschaf October 16, 2019 12:49
rfelber
rfelber approved these changes Oct 18, 2019
View reviewed changes
Copy link
Member

@rfelber rfelber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Im not sure about the port change but beside that it seems to be good.

@J12934 J12934 merged commit 8888369 into master Oct 18, 2019
@J12934 J12934 deleted the findings-enhancment branch October 18, 2019 14:39
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@Weltraumschaf Weltraumschaf Awaiting requested review from Weltraumschaf

1 more reviewer

@rfelber rfelber rfelber approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@J12934 J12934

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@J12934 @rfelber