diff --git a/.pylintrc b/.pylintrc
new file mode 100644
index 0000000..3c23876
--- /dev/null
+++ b/.pylintrc
@@ -0,0 +1,610 @@
+[MAIN]
+
+# Analyse import fallback blocks. This can be used to support both Python 2 and
+# 3 compatible code, which means that the block might have code that exists
+# only in one or another interpreter, leading to false positives when analysed.
+analyse-fallback-blocks=no
+
+# Load and enable all available extensions. Use --list-extensions to see a list
+# all available extensions.
+#enable-all-extensions=
+
+# In error mode, messages with a category besides ERROR or FATAL are
+# suppressed, and no reports are done by default. Error mode is compatible with
+# disabling specific errors.
+#errors-only=
+
+# Always return a 0 (non-error) status code, even if lint errors are found.
+# This is primarily useful in continuous integration scripts.
+#exit-zero=
+
+# A comma-separated list of package or module names from where C extensions may
+# be loaded. Extensions are loading into the active Python interpreter and may
+# run arbitrary code.
+extension-pkg-allow-list=
+
+# A comma-separated list of package or module names from where C extensions may
+# be loaded. Extensions are loading into the active Python interpreter and may
+# run arbitrary code. (This is an alternative name to extension-pkg-allow-list
+# for backward compatibility.)
+extension-pkg-whitelist=
+
+# Return non-zero exit code if any of these messages/categories are detected,
+# even if score is above --fail-under value. Syntax same as enable. Messages
+# specified are enabled, while categories only check already-enabled messages.
+fail-on=
+
+# Specify a score threshold to be exceeded before program exits with error.
+fail-under=10
+
+# Interpret the stdin as a python script, whose filename needs to be passed as
+# the module_or_package argument.
+#from-stdin=
+
+# Files or directories to be skipped. They should be base names, not paths.
+ignore=CVS
+
+# Add files or directories matching the regex patterns to the ignore-list. The
+# regex matches against paths and can be in Posix or Windows format.
+ignore-paths=
+
+# Files or directories matching the regex patterns are skipped. The regex
+# matches against base names, not paths. The default value ignores Emacs file
+# locks
+ignore-patterns=^\.#
+
+# List of module names for which member attributes should not be checked
+# (useful for modules/projects where namespaces are manipulated during runtime
+# and thus existing member attributes cannot be deduced by static analysis). It
+# supports qualified module names, as well as Unix pattern matching.
+ignored-modules=
+
+# Python code to execute, usually for sys.path manipulation such as
+# pygtk.require().
+#init-hook=
+
+# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the
+# number of processors available to use, and will cap the count on Windows to
+# avoid hangs.
+jobs=1
+
+# Control the amount of potential inferred values when inferring a single
+# object. This can help the performance when dealing with large functions or
+# complex, nested conditions.
+limit-inference-results=100
+
+# List of plugins (as comma separated values of python module names) to load,
+# usually to register additional checkers.
+load-plugins=
+
+# Pickle collected data for later comparisons.
+persistent=yes
+
+# Minimum Python version to use for version dependent checks. Will default to
+# the version used to run pylint.
+py-version=3.5
+
+# Discover python modules and packages in the file system subtree.
+recursive=no
+
+# When enabled, pylint would attempt to guess common misconfiguration and emit
+# user-friendly hints instead of false-positive error messages.
+suggestion-mode=yes
+
+# Allow loading of arbitrary C extensions. Extensions are imported into the
+# active Python interpreter and may run arbitrary code.
+unsafe-load-any-extension=no
+
+# In verbose mode, extra non-checker-related info will be displayed.
+#verbose=
+
+
+[REPORTS]
+
+# Python expression which should return a score less than or equal to 10. You
+# have access to the variables 'fatal', 'error', 'warning', 'refactor',
+# 'convention', and 'info' which contain the number of messages in each
+# category, as well as 'statement' which is the total number of statements
+# analyzed. This score is used by the global evaluation report (RP0004).
+evaluation=max(0, 0 if fatal else 10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10))
+
+# Template used to display messages. This is a python new-style format string
+# used to format the message information. See doc for all details.
+msg-template=
+
+# Set the output format. Available formats are text, parseable, colorized, json
+# and msvs (visual studio). You can also give a reporter class, e.g.
+# mypackage.mymodule.MyReporterClass.
+#output-format=
+
+# Tells whether to display a full report or only the messages.
+reports=no
+
+# Activate the evaluation score.
+score=yes
+
+
+[MESSAGES CONTROL]
+
+# Only show warnings with the listed confidence levels. Leave empty to show
+# all. Valid levels: HIGH, CONTROL_FLOW, INFERENCE, INFERENCE_FAILURE,
+# UNDEFINED.
+confidence=HIGH,
+ CONTROL_FLOW,
+ INFERENCE,
+ INFERENCE_FAILURE,
+ UNDEFINED
+
+# Disable the message, report, category or checker with the given id(s). You
+# can either give multiple identifiers separated by comma (,) or put this
+# option multiple times (only on the command line, not in the configuration
+# file where it should appear only once). You can also use "--disable=all" to
+# disable everything first and then re-enable specific checks. For example, if
+# you want to run only the similarities checker, you can use "--disable=all
+# --enable=similarities". If you want to run only the classes checker, but have
+# no Warning level messages displayed, use "--disable=all --enable=classes
+# --disable=W".
+disable=raw-checker-failed,
+ bad-inline-option,
+ locally-disabled,
+ file-ignored,
+ suppressed-message,
+ useless-suppression,
+ deprecated-pragma,
+ use-symbolic-message-instead
+
+# Enable the message, report, category or checker with the given id(s). You can
+# either give multiple identifier separated by comma (,) or put this option
+# multiple time (only on the command line, not in the configuration file where
+# it should appear only once). See also the "--disable" option for examples.
+enable=c-extension-no-member
+
+
+[LOGGING]
+
+# The type of string formatting that logging methods do. `old` means using %
+# formatting, `new` is for `{}` formatting.
+logging-format-style=old
+
+# Logging modules to check that the string format arguments are in logging
+# function parameter format.
+logging-modules=logging
+
+
+[SPELLING]
+
+# Limits count of emitted suggestions for spelling mistakes.
+max-spelling-suggestions=4
+
+# Spelling dictionary name. Available dictionaries: none. To make it work,
+# install the 'python-enchant' package.
+spelling-dict=
+
+# List of comma separated words that should be considered directives if they
+# appear at the beginning of a comment and should not be checked.
+spelling-ignore-comment-directives=fmt: on,fmt: off,noqa:,noqa,nosec,isort:skip,mypy:
+
+# List of comma separated words that should not be checked.
+spelling-ignore-words=
+
+# A path to a file that contains the private dictionary; one word per line.
+spelling-private-dict-file=
+
+# Tells whether to store unknown words to the private dictionary (see the
+# --spelling-private-dict-file option) instead of raising a message.
+spelling-store-unknown-words=no
+
+
+[MISCELLANEOUS]
+
+# List of note tags to take in consideration, separated by a comma.
+notes=FIXME,
+ XXX,
+ TODO
+
+# Regular expression of note tags to take in consideration.
+notes-rgx=
+
+
+[TYPECHECK]
+
+# List of decorators that produce context managers, such as
+# contextlib.contextmanager. Add to this list to register other decorators that
+# produce valid context managers.
+contextmanager-decorators=contextlib.contextmanager
+
+# List of members which are set dynamically and missed by pylint inference
+# system, and so shouldn't trigger E1101 when accessed. Python regular
+# expressions are accepted.
+generated-members=
+
+# Tells whether to warn about missing members when the owner of the attribute
+# is inferred to be None.
+ignore-none=yes
+
+# This flag controls whether pylint should warn about no-member and similar
+# checks whenever an opaque object is returned when inferring. The inference
+# can return multiple potential results while evaluating a Python object, but
+# some branches might not be evaluated, which results in partial inference. In
+# that case, it might be useful to still emit no-member and other checks for
+# the rest of the inferred objects.
+ignore-on-opaque-inference=yes
+
+# List of symbolic message names to ignore for Mixin members.
+ignored-checks-for-mixins=no-member,
+ not-async-context-manager,
+ not-context-manager,
+ attribute-defined-outside-init
+
+# List of class names for which member attributes should not be checked (useful
+# for classes with dynamically set attributes). This supports the use of
+# qualified names.
+ignored-classes=optparse.Values,thread._local,_thread._local,argparse.Namespace
+
+# Show a hint with possible names when a member name was not found. The aspect
+# of finding the hint is based on edit distance.
+missing-member-hint=yes
+
+# The minimum edit distance a name should have in order to be considered a
+# similar match for a missing member name.
+missing-member-hint-distance=1
+
+# The total number of similar names that should be taken in consideration when
+# showing a hint for a missing member.
+missing-member-max-choices=1
+
+# Regex pattern to define which classes are considered mixins.
+mixin-class-rgx=.*[Mm]ixin
+
+# List of decorators that change the signature of a decorated function.
+signature-mutators=
+
+
+[CLASSES]
+
+# Warn about protected attribute access inside special methods
+check-protected-access-in-special-methods=no
+
+# List of method names used to declare (i.e. assign) instance attributes.
+defining-attr-methods=__init__,
+ __new__,
+ setUp,
+ __post_init__
+
+# List of member names, which should be excluded from the protected access
+# warning.
+exclude-protected=_asdict,
+ _fields,
+ _replace,
+ _source,
+ _make
+
+# List of valid names for the first argument in a class method.
+valid-classmethod-first-arg=cls
+
+# List of valid names for the first argument in a metaclass class method.
+valid-metaclass-classmethod-first-arg=cls
+
+
+[VARIABLES]
+
+# List of additional names supposed to be defined in builtins. Remember that
+# you should avoid defining new builtins when possible.
+additional-builtins=
+
+# Tells whether unused global variables should be treated as a violation.
+allow-global-unused-variables=yes
+
+# List of names allowed to shadow builtins
+allowed-redefined-builtins=
+
+# List of strings which can identify a callback function by name. A callback
+# name must start or end with one of those strings.
+callbacks=cb_,
+ _cb
+
+# A regular expression matching the name of dummy variables (i.e. expected to
+# not be used).
+dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_
+
+# Argument names that match this expression will be ignored. Default to name
+# with leading underscore.
+ignored-argument-names=_.*|^ignored_|^unused_
+
+# Tells whether we should check for unused import in __init__ files.
+init-import=no
+
+# List of qualified module names which can have objects that can redefine
+# builtins.
+redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io
+
+
+[FORMAT]
+
+# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
+expected-line-ending-format=
+
+# Regexp for a line that is allowed to be longer than the limit.
+ignore-long-lines=^\s*(# )??$
+
+# Number of spaces of indent required inside a hanging or continued line.
+indent-after-paren=4
+
+# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1
+# tab).
+indent-string=' '
+
+# Maximum number of characters on a single line.
+max-line-length=128
+
+# Maximum number of lines in a module.
+max-module-lines=1000
+
+# Allow the body of a class to be on the same line as the declaration if body
+# contains single statement.
+single-line-class-stmt=no
+
+# Allow the body of an if to be on the same line as the test if there is no
+# else.
+single-line-if-stmt=no
+
+
+[IMPORTS]
+
+# List of modules that can be imported at any level, not just the top level
+# one.
+allow-any-import-level=
+
+# Allow wildcard imports from modules that define __all__.
+allow-wildcard-with-all=no
+
+# Deprecated modules which should not be used, separated by a comma.
+deprecated-modules=
+
+# Output a graph (.gv or any supported image format) of external dependencies
+# to the given file (report RP0402 must not be disabled).
+ext-import-graph=
+
+# Output a graph (.gv or any supported image format) of all (i.e. internal and
+# external) dependencies to the given file (report RP0402 must not be
+# disabled).
+import-graph=
+
+# Output a graph (.gv or any supported image format) of internal dependencies
+# to the given file (report RP0402 must not be disabled).
+int-import-graph=
+
+# Force import order to recognize a module as part of the standard
+# compatibility libraries.
+known-standard-library=
+
+# Force import order to recognize a module as part of a third party library.
+known-third-party=enchant
+
+# Couples of modules and preferred modules, separated by a comma.
+preferred-modules=
+
+
+[EXCEPTIONS]
+
+# Exceptions that will emit a warning when caught.
+overgeneral-exceptions=BaseException,
+ Exception
+
+
+[REFACTORING]
+
+# Maximum number of nested blocks for function / method body
+max-nested-blocks=5
+
+# Complete name of functions that never returns. When checking for
+# inconsistent-return-statements if a never returning function is called then
+# it will be considered as an explicit return statement and no message will be
+# printed.
+never-returning-functions=sys.exit,argparse.parse_error
+
+
+[SIMILARITIES]
+
+# Comments are removed from the similarity computation
+ignore-comments=yes
+
+# Docstrings are removed from the similarity computation
+ignore-docstrings=yes
+
+# Imports are removed from the similarity computation
+ignore-imports=yes
+
+# Signatures are removed from the similarity computation
+ignore-signatures=yes
+
+# Minimum lines number of a similarity.
+min-similarity-lines=4
+
+
+[DESIGN]
+
+# List of regular expressions of class ancestor names to ignore when counting
+# public methods (see R0903)
+exclude-too-few-public-methods=
+
+# List of qualified class names to ignore when counting class parents (see
+# R0901)
+ignored-parents=
+
+# Maximum number of arguments for function / method.
+max-args=5
+
+# Maximum number of attributes for a class (see R0902).
+max-attributes=7
+
+# Maximum number of boolean expressions in an if statement (see R0916).
+max-bool-expr=5
+
+# Maximum number of branch for function / method body.
+max-branches=12
+
+# Maximum number of locals for function / method body.
+max-locals=15
+
+# Maximum number of parents for a class (see R0901).
+max-parents=7
+
+# Maximum number of public methods for a class (see R0904).
+max-public-methods=20
+
+# Maximum number of return / yield for function / method body.
+max-returns=6
+
+# Maximum number of statements in function / method body.
+max-statements=50
+
+# Minimum number of public methods for a class (see R0903).
+min-public-methods=2
+
+
+[STRING]
+
+# This flag controls whether inconsistent-quotes generates a warning when the
+# character used as a quote delimiter is used inconsistently within a module.
+check-quote-consistency=no
+
+# This flag controls whether the implicit-str-concat should generate a warning
+# on implicit string concatenation in sequences defined over several lines.
+check-str-concat-over-line-jumps=no
+
+
+[BASIC]
+
+# Naming style matching correct argument names.
+argument-naming-style=snake_case
+
+# Regular expression matching correct argument names. Overrides argument-
+# naming-style. If left empty, argument names will be checked with the set
+# naming style.
+#argument-rgx=
+
+# Naming style matching correct attribute names.
+attr-naming-style=snake_case
+
+# Regular expression matching correct attribute names. Overrides attr-naming-
+# style. If left empty, attribute names will be checked with the set naming
+# style.
+#attr-rgx=
+
+# Bad variable names which should always be refused, separated by a comma.
+bad-names=foo,
+ bar,
+ baz,
+ toto,
+ tutu,
+ tata
+
+# Bad variable names regexes, separated by a comma. If names match any regex,
+# they will always be refused
+bad-names-rgxs=
+
+# Naming style matching correct class attribute names.
+class-attribute-naming-style=any
+
+# Regular expression matching correct class attribute names. Overrides class-
+# attribute-naming-style. If left empty, class attribute names will be checked
+# with the set naming style.
+#class-attribute-rgx=
+
+# Naming style matching correct class constant names.
+class-const-naming-style=UPPER_CASE
+
+# Regular expression matching correct class constant names. Overrides class-
+# const-naming-style. If left empty, class constant names will be checked with
+# the set naming style.
+#class-const-rgx=
+
+# Naming style matching correct class names.
+class-naming-style=PascalCase
+
+# Regular expression matching correct class names. Overrides class-naming-
+# style. If left empty, class names will be checked with the set naming style.
+#class-rgx=
+
+# Naming style matching correct constant names.
+const-naming-style=UPPER_CASE
+
+# Regular expression matching correct constant names. Overrides const-naming-
+# style. If left empty, constant names will be checked with the set naming
+# style.
+#const-rgx=
+
+# Minimum line length for functions/classes that require docstrings, shorter
+# ones are exempt.
+docstring-min-length=-1
+
+# Naming style matching correct function names.
+function-naming-style=snake_case
+
+# Regular expression matching correct function names. Overrides function-
+# naming-style. If left empty, function names will be checked with the set
+# naming style.
+#function-rgx=
+
+# Good variable names which should always be accepted, separated by a comma.
+good-names=i,
+ j,
+ k,
+ ex,
+ Run,
+ _
+
+# Good variable names regexes, separated by a comma. If names match any regex,
+# they will always be accepted
+good-names-rgxs=
+
+# Include a hint for the correct naming format with invalid-name.
+include-naming-hint=no
+
+# Naming style matching correct inline iteration names.
+inlinevar-naming-style=any
+
+# Regular expression matching correct inline iteration names. Overrides
+# inlinevar-naming-style. If left empty, inline iteration names will be checked
+# with the set naming style.
+#inlinevar-rgx=
+
+# Naming style matching correct method names.
+method-naming-style=snake_case
+
+# Regular expression matching correct method names. Overrides method-naming-
+# style. If left empty, method names will be checked with the set naming style.
+#method-rgx=
+
+# Naming style matching correct module names.
+module-naming-style=snake_case
+
+# Regular expression matching correct module names. Overrides module-naming-
+# style. If left empty, module names will be checked with the set naming style.
+#module-rgx=
+
+# Colon-delimited sets of names that determine each other's naming style when
+# the name regexes allow several styles.
+name-group=
+
+# Regular expression which should only match function or class names that do
+# not require a docstring.
+no-docstring-rgx=^_
+
+# List of decorators that produce properties, such as abc.abstractproperty. Add
+# to this list to register other decorators that produce valid properties.
+# These decorators are taken in consideration only for invalid-name.
+property-classes=abc.abstractproperty
+
+# Regular expression matching correct type variable names. If left empty, type
+# variable names will be checked with the set naming style.
+#typevar-rgx=
+
+# Naming style matching correct variable names.
+variable-naming-style=snake_case
+
+# Regular expression matching correct variable names. Overrides variable-
+# naming-style. If left empty, variable names will be checked with the set
+# naming style.
+#variable-rgx=
diff --git a/README.md b/README.md
index c9450b3..d765008 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ To uninstall:
## Usage & Syntax
```
-usage: pfsense-vshell [-h] --host HOST [--virtual_shell] [--command COMMAND] [--check_auth COMMAND] --username USERNAME --password PASSWORD [--scheme {http,https}] [--port PORT] [--timeout TIMEOUT] [--shell_timeout SHELL_TIMEOUT] [--no_verify] [--version] [--verbose]
+usage: pfsense-vshell [-h] --host HOST [--virtual_shell] [--command COMMAND] --username USERNAME --password PASSWORD [--scheme {http,https}] [--port PORT] [--timeout TIMEOUT] [--shell_timeout SHELL_TIMEOUT] [--no_verify] [--version] [--verbose]
```
| Command | Shorthand | Required | Description | Example Usage |
@@ -65,7 +65,7 @@ $ pfsense-vshell --host 127.0.0.1 --command "pkg install -y pfSense-pkg-nmap" --
5: Display pfSense vShell version
```shell script
$ pfsense-vshell --version
-pfsense-vshell v2.0.0
+pfsense-vshell v2.0.3
```
## Notes
diff --git a/pfsense_vshell/__init__.py b/pfsense_vshell/__init__.py
index 8764e79..dee3ede 100644
--- a/pfsense_vshell/__init__.py
+++ b/pfsense_vshell/__init__.py
@@ -1,4 +1,4 @@
-# Copyright 2020 Jared Hendrickson
+# Copyright 2022 Jared Hendrickson
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,14 +12,17 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+
# IMPORT MODULES #
-import requests
+import datetime
import html
+import requests
import urllib3
-import datetime
class PFClient:
+ """Client object that facilitates controlling the virtual shell."""
+
def __init__(self, host, username, password, port=443, scheme="https", timeout=30, verify=True):
"""
Initializes the object at creation
@@ -54,7 +57,7 @@ def version():
Provides the current version of pfsense vShell
:return: (string) the current pfSense vShell version
"""
- return "2.0.2"
+ return "2.0.3"
def url(self):
"""
@@ -70,10 +73,14 @@ def run_command(self, cmd):
:param cmd: (string) a shell command to execute
:return: (string) output of the shell command
"""
-
+ # Ensure there are no apparent issues with the target host.
self.__has_host_errors__()
+
+ # Make our HTTP request.
payload = {"__csrf_magic": self.get_csrf_token("/diag_command.php"), "txtCommand": cmd, "submit": "EXEC"}
req = self.request("/diag_command.php", method="POST", data=payload)
+
+ # Write the command executed to the vShell history and log the action.
self.history.append(cmd)
self.__log__("run_command", cmd)
@@ -81,6 +88,9 @@ def run_command(self, cmd):
if "
" in req.text: return html.unescape(req.text.split("")[1].split("")[0]) + # Return none if we were unable to locate the output + return None + def request(self, uri, method="GET", data=None): """ Makes HTTP requests on behalf of our object @@ -92,7 +102,9 @@ def request(self, uri, method="GET", data=None): # Try to make our HTTP request, handle errors accordingly try: - req = self.session.request(method, self.url() + uri, data=data, timeout=self.timeout, verify=self.verify) + session = self.session + req = session.request(method, self.url() + uri, data=data, timeout=self.timeout, verify=self.verify) + session.close() self.last_request = req self.__log__("request", str(req.status_code) + " " + method + " " + uri) return req @@ -106,13 +118,19 @@ def request(self, uri, method="GET", data=None): self.__log__("request", str(connection_error)) self.__get_error__(12) + # Return none if we somehow land here + return None + def authenticate(self): """ Attempts to authenticate using the objects current properties :return: (bool) true if authentication was successful, false if it wasn't """ + # Make an initial request to the initialize the CSRF checks. pre_auth_req = self.request("/index.php") + + # Format our request payload include the valid CSRF token. payload = { "__csrf_magic": self.get_csrf_token("/index.php"), "usernamefld": self.username, @@ -141,9 +159,9 @@ def get_csrf_token(self, uri): """ Retrieves the current CSRF token for a page :param uri: (string) the URI (e.g. index.php) to retrieve the CSRF token from - :return: (string) the CSRF token + :return: (string) the valid CSRF token or empty string if no CSRF token was found """ - + # Initialize CSRF token attributes and make initial CSRF query. csrf_token_length = 55 csrf_token = "" csrf_resp = self.request(uri, "GET") @@ -154,7 +172,8 @@ def get_csrf_token(self, uri): csrf += csrf_resp.text.split("sid:")[1].split(";")[0].replace(" ", "").replace("\n", "").replace("\"", "") csrf_token = csrf if len(csrf) is csrf_token_length else "" - return csrf_token # Return our token + # Return the valid CSRF token, or empty string if it could not be determined. + return csrf_token def has_dns_rebind_error(self, req=None): """ @@ -162,7 +181,7 @@ def has_dns_rebind_error(self, req=None): :param req: (object) optionally provide an existing Response object created by the requests module :return: (bool) true if a DNS rebind error was found, false if it wasn't """ - + # Make a preliminary request to check if a DNS Rebind error was detected by pfSense. resp = req.text if req else self.request("/").text return True if "Potential DNS Rebind attack detected" in resp else False @@ -173,8 +192,9 @@ def is_host_pfsense(self, req=None): :param req: (object) optionally provide an existing Response object created by the requests module :return: (bool) true if the host is running pfSense, false if it is not """ - + # Make a preliminary request to check for keywords that indicate the target is running pfSense. resp = req.text if req else self.request("/").text + platform_confidence = 0 # List of platform dependent key words to check for @@ -185,8 +205,8 @@ def is_host_pfsense(self, req=None): "csrfMagicToken", "/csrf/csrf-magic.js", "wizard.php", "/css/pfSense.css" ] # Loop through our list and add up a confidence score - for ci in check_items: - platform_confidence = platform_confidence + 10 if ci in resp else platform_confidence + for item in check_items: + platform_confidence = platform_confidence + 10 if item in resp else platform_confidence return True if platform_confidence > 50 else False diff --git a/scripts/pfsense-vshell b/scripts/pfsense-vshell index 0d44e6f..d7e02c6 100644 --- a/scripts/pfsense-vshell +++ b/scripts/pfsense-vshell @@ -1,5 +1,5 @@ #!/usr/bin/python3 -# Copyright 2020 Jared Hendrickson +# Copyright 2022 Jared Hendrickson # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/setup.py b/setup.py index 673071b..d521b3d 100644 --- a/setup.py +++ b/setup.py @@ -1,4 +1,4 @@ -# Copyright 2020 Jared Hendrickson +# Copyright 2022 Jared Hendrickson # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,7 +29,7 @@ def read_me(): description="A command line tool to run remote shell commands on pfSense without SSH", long_description=read_me(), long_description_content_type="text/markdown", - version="2.0.2", + version="2.0.3", scripts=['scripts/pfsense-vshell'], packages=["pfsense_vshell"], install_requires=[ diff --git a/tests/test_vshell.py b/tests/test_vshell.py new file mode 100644 index 0000000..eea29c7 --- /dev/null +++ b/tests/test_vshell.py @@ -0,0 +1,82 @@ +# Copyright 2022 Jared Hendrickson +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import unittest +import os +import copy +import pfsense_vshell + + +class TestVShell(unittest.TestCase): + """Test the pfsense_vshell.PFClient object methods and attributes.""" + + # Set attributes + vshell = None + + def setUp(self): + """Define attributes required for test methods.""" + # Define the vshell attribute + self.vshell = pfsense_vshell.PFClient( + os.environ.get("PFSENSE_VSHELL_HOST", "localhost"), + username=os.environ.get("PFSENSE_VSHELL_USERNAME", "admin"), + password=os.environ.get("PFSENSE_VSHELL_PASSWORD", "pfsense"), + port=int(os.environ.get("PFSENSE_VSHELL_PORT", 443)), + scheme=os.environ.get("PFSENSE_VSHELL_SCHEME", "https"), + timeout=int(os.environ.get("PFSENSE_VSHELL_TIMEOUT", 30)), + verify=bool(os.environ.get("PFSENSE_VSHELL_VERIFY", False)) + ) + + def test_get_csrf_token(self): + """Ensure we are able to fetch the CSRF token and it is a valid length.""" + self.assertEqual(len(self.vshell.get_csrf_token("/index.php")), 55) + + def test_authenticate(self): + """Ensure we are able to determine successful authentication from failed authentication.""" + # Check bad authentication using a clone of the PFClient object + bad_auth_vshell = copy.deepcopy(self.vshell) + bad_auth_vshell.username = "INVALID" + bad_auth_vshell.password = "INVALID" + self.assertFalse(bad_auth_vshell.authenticate()) + + # Check good authentication. + self.assertTrue(self.vshell.authenticate()) + + def test_is_host_pfsense(self): + """Ensure module can accurate tell if a host is running pfSense.""" + # Check if module correctly identifies pfSense host. + self.assertTrue(self.vshell.is_host_pfsense()) + + # Check if module correctly identifies non-pfSense host using a clone of the PFClient object + non_pfsense_vshell = copy.deepcopy(self.vshell) + non_pfsense_vshell.host = "example.com" + non_pfsense_vshell.port = 80 + non_pfsense_vshell.scheme = "http" + self.assertFalse(non_pfsense_vshell.is_host_pfsense()) + + def test_run_command(self): + """Ensure specific commands produce an expected output.""" + # Ensure working directory is pfSense webroot. + self.assertEqual(self.vshell.run_command("pwd"), "/usr/local/www") + + # Ensure current user is pfSense root. + self.assertEqual(self.vshell.run_command("whoami"), "root") + + # Ensure executed commands are registered in the vshell history. + self.assertIn("pwd", self.vshell.history) + self.assertIn("whoami", self.vshell.history) + + +if __name__ == '__main__': + unittest.main()