happyDomain/checker-ssh
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

checker: enforce prober-as-observation, move all analysis to rules layer

Browse source
This commit is contained in:
nemunaire 2026-05-15 17:05:53 +08:00
commit f77895dcab
12 changed files with 174 additions and 171 deletions
Download patch file Download diff file Expand all files Collapse all files

6
checker/rules_banner.go
View file

@ -55,7 +55,7 @@ func (r *protocolVersionRule) Evaluate(ctx context.Context, obs sdk.ObservationG
states = append(states, sdk.CheckState{
Status: sdk.StatusCrit,
Code: "ssh_legacy_protocol",
Subject: ep.Address,
Subject: ep.Addr(),
Message: fmt.Sprintf("Server advertises SSH protocol %q (banner %q). SSH-1 is obsolete and insecure.", ep.ProtoVer, ep.Banner),
Meta: map[string]any{"fix": "Disable SSH-1 support; run an sshd that only speaks SSH-2."},
})
@ -86,7 +86,7 @@ func (r *bannerSoftwareRule) Evaluate(ctx context.Context, obs sdk.ObservationGe
}
var issues []Issue
for _, ep := range data.Endpoints {
issues = append(issues, analyseBannerSoftware(ep.Address, ep.Banner, ep.SoftVer)...)
issues = append(issues, analyseBannerSoftware(ep.Addr(), ep.Banner, ep.SoftVer)...)
}
if len(issues) == 0 {
return []sdk.CheckState{passState("ssh.banner_software.ok", "All probed servers advertise a recognised OpenSSH build.")}
@ -113,7 +113,7 @@ func (r *knownVulnsRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter
}
var issues []Issue
for _, ep := range data.Endpoints {
issues = append(issues, analyseBannerVulns(ep.Address, ep.Banner, ep.SoftVer)...)
issues = append(issues, analyseBannerVulns(ep.Addr(), ep.Banner, ep.SoftVer)...)
}
if len(issues) == 0 {
return []sdk.CheckState{passState("ssh.known_vulnerabilities.ok", "No known CVE match against the advertised OpenSSH versions.")}