core/cli
8
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions 1
cli/pkg/devops/serve.go
Snider 9f4007c409 Remove StrictHostKeyChecking=no from SSH commands (#315) 
* Remove StrictHostKeyChecking=no and implement proper host key verification

This commit addresses security concerns from the OWASP audit by enforcing
strict host key verification for all SSH and SCP commands.

Key changes:
- Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and pkg/devops.
- Removed insecure host key verification from pkg/ansible SSH client.
- Implemented a synchronous host key discovery mechanism during VM boot
  using ssh-keyscan to populate ~/.core/known_hosts.
- Updated the devops Boot lifecycle to wait until the host key is verified.
- Ensured pkg/ansible correctly handles missing known_hosts files.
- Refactored hardcoded SSH port 2222 to a package constant DefaultSSHPort.
- Added CORE_SKIP_SSH_SCAN environment variable for test environments.

* Remove StrictHostKeyChecking=no and implement proper host key verification

Addresses security concerns from OWASP audit by enforcing strict host key
verification.

Changes:
- Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and devops.
- Removed insecure host key verification from pkg/ansible.
- Added synchronous host key discovery using ssh-keyscan during VM boot.
- Updated Boot lifecycle to wait for host key verification.
- Handled missing known_hosts file in pkg/ansible.
- Refactored hardcoded SSH port to DefaultSSHPort constant.
- Fixed formatting issues identified by QA check.

* Secure SSH commands and fix auto-merge CI failure

Addresses OWASP security audit by enforcing strict host key verification
and fixes a CI failure in the auto-merge workflow.

Key changes:
- Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and pkg/devops.
- Removed insecure host key verification from pkg/ansible.
- Implemented synchronous host key discovery using ssh-keyscan during VM boot.
- Handled missing known_hosts file in pkg/ansible.
- Refactored hardcoded SSH port to DefaultSSHPort constant.
- Added pkg/ansible/ssh_test.go to verify SSH client initialization.
- Fixed formatting in pkg/io/local/client.go.
- Fixed auto-merge.yml by inlining the script and providing repository context
  to 'gh' command, resolving the "not a git repository" error in CI.

* Secure SSH, fix CI auto-merge, and resolve merge conflicts

This commit addresses the OWASP security audit by enforcing strict host key
verification and resolves persistent CI issues.

Security Changes:
- Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and devops.
- Removed insecure host key verification from pkg/ansible.
- Implemented synchronous host key discovery using ssh-keyscan during VM boot.
- Updated Boot lifecycle to wait for host key verification.
- Handled missing known_hosts file in pkg/ansible.
- Refactored hardcoded SSH port to DefaultSSHPort constant.

CI and Maintenance:
- Fixed auto-merge.yml by inlining the script and adding repository context
  to 'gh' command, resolving the "not a git repository" error in CI.
- Resolved merge conflicts in .github/workflows/auto-merge.yml with dev branch.
- Added pkg/ansible/ssh_test.go for SSH client verification.
- Fixed formatting in pkg/io/local/client.go to pass QA checks.

* Secure SSH and TLS connections, and fix CI issues

Addresses security concerns from OWASP audit and CodeQL by enforcing strict
host key verification and TLS certificate verification.

Security Changes:
- Enforced strict SSH host key checking in pkg/container and devops.
- Removed insecure SSH host key verification from pkg/ansible.
- Added synchronous host key discovery during VM boot using ssh-keyscan.
- Updated UniFi client to enforce TLS certificate verification by default.
- Added --insecure flag and config option for UniFi to allow opt-in to
  skipping TLS verification for self-signed certificates.

CI and Maintenance:
- Fixed auto-merge workflow by providing repository context to 'gh' command.
- Resolved merge conflicts in .github/workflows/auto-merge.yml.
- Added unit tests for secured Ansible SSH client.
- Fixed formatting issues identified by QA checks.

* fix: gofmt alignment in cmd_config.go

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Secure connections, fix CI auto-merge, and resolve formatting

Addresses OWASP security audit and CodeQL security alerts by enforcing
secure defaults for SSH and TLS connections.

Key changes:
- Enforced strict SSH host key checking (StrictHostKeyChecking=yes).
- Implemented synchronous host key verification during VM boot using ssh-keyscan.
- Updated UniFi client to enforce TLS certificate verification by default.
- Added --insecure flag and config option for UniFi to allow opt-in to
  skipping TLS verification.
- Fixed auto-merge workflow by providing repository context to 'gh' command.
- Resolved merge conflicts in .github/workflows/auto-merge.yml.
- Fixed formatting in internal/cmd/unifi/cmd_config.go and pkg/io/local/client.go.
- Added unit tests for secured Ansible SSH client.

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Claude <developers@lethean.io>
2026-02-05 07:09:34 +00:00

109 lines
2.7 KiB
Go
Raw Blame History

package devops
import (
"context"
"fmt"
"os"
"os/exec"
"path/filepath"
"github.com/host-uk/core/pkg/io"
)
// ServeOptions configures the dev server.
type ServeOptions struct {
Port int // Port to serve on (default 8000)
Path string // Subdirectory to serve (default: current dir)
}
// Serve mounts the project and starts a dev server.
func (d *DevOps) Serve(ctx context.Context, projectDir string, opts ServeOptions) error {
running, err := d.IsRunning(ctx)
if err != nil {
return err
}
if !running {
return fmt.Errorf("dev environment not running (run 'core dev boot' first)")
}
if opts.Port == 0 {
opts.Port = 8000
}
servePath := projectDir
if opts.Path != "" {
servePath = filepath.Join(projectDir, opts.Path)
}
// Mount project directory via SSHFS
if err := d.mountProject(ctx, servePath); err != nil {
return fmt.Errorf("failed to mount project: %w", err)
}
// Detect and run serve command
serveCmd := DetectServeCommand(d.medium, servePath)
fmt.Printf("Starting server: %s\n", serveCmd)
fmt.Printf("Listening on http://localhost:%d\n", opts.Port)
// Run serve command via SSH
return d.sshShell(ctx, []string{"cd", "/app", "&&", serveCmd})
}
// mountProject mounts a directory into the VM via SSHFS.
func (d *DevOps) mountProject(ctx context.Context, path string) error {
absPath, err := filepath.Abs(path)
if err != nil {
return err
}
// Use reverse SSHFS mount
// The VM connects back to host to mount the directory
cmd := exec.CommandContext(ctx, "ssh",
"-o", "StrictHostKeyChecking=yes",
"-o", "UserKnownHostsFile=~/.core/known_hosts",
"-o", "LogLevel=ERROR",
"-R", "10000:localhost:22", // Reverse tunnel for SSHFS
"-p", fmt.Sprintf("%d", DefaultSSHPort),
"root@localhost",
fmt.Sprintf("mkdir -p /app && sshfs -p 10000 %s@localhost:%s /app -o allow_other", os.Getenv("USER"), absPath),
)
return cmd.Run()
}
// DetectServeCommand auto-detects the serve command for a project.
func DetectServeCommand(m io.Medium, projectDir string) string {
// Laravel/Octane
if hasFile(m, projectDir, "artisan") {
return "php artisan octane:start --host=0.0.0.0 --port=8000"
}
// Node.js with dev script
if hasFile(m, projectDir, "package.json") {
if hasPackageScript(m, projectDir, "dev") {
return "npm run dev -- --host 0.0.0.0"
}
if hasPackageScript(m, projectDir, "start") {
return "npm start"
}
}
// PHP with composer
if hasFile(m, projectDir, "composer.json") {
return "frankenphp php-server -l :8000"
}
// Go
if hasFile(m, projectDir, "go.mod") {
if hasFile(m, projectDir, "main.go") {
return "go run ."
}
}
// Python Django
if hasFile(m, projectDir, "manage.py") {
return "python manage.py runserver 0.0.0.0:8000"
}
// Fallback: simple HTTP server
return "python3 -m http.server 8000"
}
Reference in a new issue View git blame Copy permalink