checker-ssh/checker
Pierre-Olivier Mercier fb2ae7d903
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/tag Build is passing
checker: suppress CVE warnings for vendor-backported OpenSSH fixes
Distributions backport security fixes without bumping the upstream
OpenSSH version, so a banner like "OpenSSH_9.2p1 Debian-2+deb12u3" was
wrongly flagged for regreSSHion despite carrying the fix.

Thread the banner vendor comment into analyseBannerVulns and add a
per-CVE VendorFixes table recording the earliest patched package
revision per distro/upstream version. Revisions are compared with a
faithful port of dpkg's verrevcmp ordering. Populated for CVE-2024-6387
from DSA-5724-1 (Debian) and USN-6859-1 (Ubuntu).
2026-06-18 16:55:19 +09:00
..
algorithms.go Initial commit 2026-04-26 16:23:21 +07:00
collect.go checker: implement ShareKey to mutualise SSH probes across targets 2026-06-18 15:28:28 +09:00
definition.go checker: lower minimum check interval to 5 minutes 2026-05-15 17:29:16 +08:00
interactive.go checker: make port 22 probe optional 2026-05-15 17:29:16 +08:00
kexinit.go Initial commit 2026-04-26 16:23:21 +07:00
prober.go checker: enforce prober-as-observation, move all analysis to rules layer 2026-05-15 17:29:16 +08:00
provider.go Initial commit 2026-04-26 16:23:21 +07:00
report.go checker: enforce prober-as-observation, move all analysis to rules layer 2026-05-15 17:29:16 +08:00
rules.go checker: enforce prober-as-observation, move all analysis to rules layer 2026-05-15 17:29:16 +08:00
rules_algorithms.go checker: enforce prober-as-observation, move all analysis to rules layer 2026-05-15 17:29:16 +08:00
rules_auth.go checker: enforce prober-as-observation, move all analysis to rules layer 2026-05-15 17:29:16 +08:00
rules_banner.go checker: suppress CVE warnings for vendor-backported OpenSSH fixes 2026-06-18 16:55:19 +09:00
rules_hostkey.go checker: enforce prober-as-observation, move all analysis to rules layer 2026-05-15 17:29:16 +08:00
rules_reachability.go checker: enforce prober-as-observation, move all analysis to rules layer 2026-05-15 17:29:16 +08:00
rules_sshfp.go checker: enforce prober-as-observation, move all analysis to rules layer 2026-05-15 17:29:16 +08:00
service.go Initial commit 2026-04-26 16:23:21 +07:00
sharekey_test.go checker: implement ShareKey to mutualise SSH probes across targets 2026-06-18 15:28:28 +09:00
sshfp.go checker: enforce prober-as-observation, move all analysis to rules layer 2026-05-15 17:29:16 +08:00
types.go checker: enforce prober-as-observation, move all analysis to rules layer 2026-05-15 17:29:16 +08:00
vulns.go checker: suppress CVE warnings for vendor-backported OpenSSH fixes 2026-06-18 16:55:19 +09:00
vulns_vendorfix_test.go checker: suppress CVE warnings for vendor-backported OpenSSH fixes 2026-06-18 16:55:19 +09:00