Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add: privilege credential for SSH authenticated scans #1576

Merged
merged 2 commits into from
Feb 27, 2024
Merged

Add: privilege credential for SSH authenticated scans #1576

merged 2 commits into from
Feb 27, 2024

Conversation

jjnicola
Copy link
Member

@jjnicola jjnicola commented Feb 23, 2024
edited
Loading

What:
Add: privilege credential for SSH authenticated scans

After a successful authentication, the scanner can require privilege access for some test. In this case the privilege credential are used.
This means that the privilege username and password only make sense for SSH service and only if the regular username and password are given

Also, add a small fix for a parameter name in the openvasd/config.rs

Jira: SC-1025

Why:
was changed for UP credential and added for USK credential.

How:

Checklist:

  • Tests
  • PR merge commit message adjusted

@jjnicola jjnicola requested a review from a team as a code owner February 23, 2024 07:04
@jjnicola jjnicola force-pushed the privilege-credential branch 2 times, most recently from 988ee02 to e6eb977 Compare February 23, 2024 07:40
nichtsfrei
nichtsfrei previously approved these changes Feb 26, 2024
View reviewed changes
@nichtsfrei
Copy link
Member

Looks good, I like that the privileged information are duplicated instead of introducing a new credential type because it is making it easier to use.

An alternative approach could be to introduce a new struct:

struct PrivilegeInformation {
   username: String,
   password: String,
}

and include that as an option into the enum variants an option while annotating it with serde flatten:

...
  #[serde(flatten)]
  privelege: Option<PrivilegeInformation>,
...

that way we could ensure that username and password are written in the same way.

However since we just have two cases, it can be seen as optional :).

@jjnicola jjnicola force-pushed the privilege-credential branch 2 times, most recently from 99cd3f8 to 374adf4 Compare February 26, 2024 13:42
@jjnicola
Add: privilege credential for SSH authenticated scans
ac857f0 
After a successful authentication, the scanner can require privilege access for some test. In this case the privilege credential are used.
This means that the privilege username and password only make sense for SSH service and only if the regular username and password are given
@jjnicola jjnicola merged commit 9e751be into main Feb 27, 2024
17 of 18 checks passed
@jjnicola jjnicola deleted the privilege-credential branch February 27, 2024 12:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nichtsfrei nichtsfrei nichtsfrei approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jjnicola @nichtsfrei