"""Tests for SSH output parsing functionality.""" from src.sslysze_scan.ssh_scanner import extract_ssh_scan_results_from_output def test_extract_ssh_scan_results_from_output(): """Test extraction of SSH scan results from ssh-audit output.""" # Sample output from ssh-audit that includes actual algorithm listings # Without ANSI color codes since we disable them in the configuration sample_output = """(gen) banner: SSH-2.0-OpenSSH_8.9 (gen) software: OpenSSH 8.9 (gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+ (kex) curve25519-sha256 (kex) curve25519-sha256@libssh.org (kex) diffie-hellman-group1-sha1 (kex) diffie-hellman-group14-sha256 (key) rsa-sha2-512 (3072-bit) (key) rsa-sha2-256 (3072-bit) (key) ssh-rsa (3072-bit) (key) ssh-ed25519 (enc) chacha20-poly1305@openssh.com (enc) aes128-gcm@openssh.com (enc) aes256-gcm@openssh.com (enc) aes128-ctr (enc) aes192-ctr (enc) aes256-ctr (mac) umac-64-etm@openssh.com (mac) hmac-sha2-256-etm@openssh.com (mac) hmac-sha2-512-etm@openssh.com (mac) hmac-sha1-etm@openssh.com """ # Call the function result = extract_ssh_scan_results_from_output(sample_output) # Assertions assert result["ssh_version"] == "SSH-2.0-OpenSSH_8.9" assert "curve25519-sha256" in result["kex_algorithms"] assert "curve25519-sha256@libssh.org" in result["kex_algorithms"] assert "diffie-hellman-group1-sha1" in result["kex_algorithms"] assert "diffie-hellman-group14-sha256" in result["kex_algorithms"] assert len(result["kex_algorithms"]) >= 4 assert ( "chacha20-poly1305@openssh.com" in result["encryption_algorithms_client_to_server"] ) assert "aes128-gcm@openssh.com" in result["encryption_algorithms_client_to_server"] assert "aes256-gcm@openssh.com" in result["encryption_algorithms_client_to_server"] assert "aes128-ctr" in result["encryption_algorithms_client_to_server"] assert "aes192-ctr" in result["encryption_algorithms_client_to_server"] assert "aes256-ctr" in result["encryption_algorithms_client_to_server"] assert len(result["encryption_algorithms_client_to_server"]) >= 6 assert "umac-64-etm@openssh.com" in result["mac_algorithms_client_to_server"] assert "hmac-sha2-256-etm@openssh.com" in result["mac_algorithms_client_to_server"] assert "hmac-sha2-512-etm@openssh.com" in result["mac_algorithms_client_to_server"] assert "hmac-sha1-etm@openssh.com" in result["mac_algorithms_client_to_server"] assert len(result["mac_algorithms_client_to_server"]) >= 4 assert len(result["host_keys"]) >= 4 # Should have at least 4 host keys assert any("ssh-ed25519" in hk.get("algorithm", "") for hk in result["host_keys"]) assert any("rsa" in hk.get("algorithm", "") for hk in result["host_keys"]) assert result["is_old_ssh_version"] is False # Should not detect SSH-1 def test_extract_ssh_scan_results_ssh1_detection(): """Test SSH-1 detection in scan results.""" # Sample output with SSH-1 sample_output = """(gen) banner: SSH-1.5-test (kex) diffie-hellman-group1-sha1 """ # Call the function result = extract_ssh_scan_results_from_output(sample_output) # Assertions assert result["is_old_ssh_version"] is True def test_extract_ssh_scan_results_empty(): """Test extraction with empty results.""" # Empty output sample_output = "" # Call the function result = extract_ssh_scan_results_from_output(sample_output) # Assertions assert result["kex_algorithms"] == [] assert result["host_keys"] == [] assert result["is_old_ssh_version"] is False assert result["raw_output"] == ""