Addresses OWASP security audit by enforcing strict host key verification and fixes a CI failure in the auto-merge workflow. Key changes: - Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and pkg/devops. - Removed insecure host key verification from pkg/ansible. - Implemented synchronous host key discovery using ssh-keyscan during VM boot. - Handled missing known_hosts file in pkg/ansible. - Refactored hardcoded SSH port to DefaultSSHPort constant. - Added pkg/ansible/ssh_test.go to verify SSH client initialization. - Fixed formatting in pkg/io/local/client.go. - Fixed auto-merge.yml by inlining the script and providing repository context to 'gh' command, resolving the "not a git repository" error in CI.
36 lines
721 B
Go
36 lines
721 B
Go
package ansible
|
|
|
|
import (
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestNewSSHClient(t *testing.T) {
|
|
cfg := SSHConfig{
|
|
Host: "localhost",
|
|
Port: 2222,
|
|
User: "root",
|
|
}
|
|
|
|
client, err := NewSSHClient(cfg)
|
|
assert.NoError(t, err)
|
|
assert.NotNil(t, client)
|
|
assert.Equal(t, "localhost", client.host)
|
|
assert.Equal(t, 2222, client.port)
|
|
assert.Equal(t, "root", client.user)
|
|
assert.Equal(t, 30*time.Second, client.timeout)
|
|
}
|
|
|
|
func TestSSHConfig_Defaults(t *testing.T) {
|
|
cfg := SSHConfig{
|
|
Host: "localhost",
|
|
}
|
|
|
|
client, err := NewSSHClient(cfg)
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, 22, client.port)
|
|
assert.Equal(t, "root", client.user)
|
|
assert.Equal(t, 30*time.Second, client.timeout)
|
|
}
|