Merge pull request #60 from tech-advantage/ssh-backport

backport StrictHostKeyChecking to 2.3

Author: mildis

pom.xml

@@ -4,7 +4,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>fr.techad</groupId>
 	<artifactId>sonar-gerrit-plugin</artifactId>
-	<version>2.3.0</version>
+	<version>2.3.1</version>
 	<packaging>sonar-plugin</packaging>
 	<name>Sonar Gerrit Plugin</name>
 	<description>Sonar will rate your gerrit patch set and comment on found alerts.</description>

src/main/java/fr/techad/sonar/GerritConfiguration.java

@@ -18,6 +18,7 @@ public class GerritConfiguration {
     private boolean valid;
     private boolean anonymous;
     private boolean commentNewIssuesOnly;
+    private boolean strictHostkey;
 
     private String host;
 
@@ -48,6 +49,7 @@ public GerritConfiguration(Settings settings) {
 
         this.enable(settings.getBoolean(PropertyKey.GERRIT_ENABLED));
         this.commentNewIssuesOnly(settings.getBoolean(PropertyKey.GERRIT_COMMENT_NEW_ISSUES_ONLY));
+        this.strictlyCheckHostkey(settings.getBoolean(PropertyKey.GERRIT_STRICT_HOSTKEY));
 
         this.setScheme(settings.getString(PropertyKey.GERRIT_SCHEME));
         this.setHost(settings.getString(PropertyKey.GERRIT_HOST));
@@ -109,7 +111,15 @@ public boolean shouldCommentNewIssuesOnly() {
         return commentNewIssuesOnly;
     }
 
-    @NotNull
+    public GerritConfiguration strictlyCheckHostkey(boolean strictHostkey) {
+        this.strictHostkey = strictHostkey;
+        return this;
+    }
+
+    public boolean shouldStrictlyCheckHostKey() {
+        return strictHostkey;
+    }
+
     public String getScheme() {
         return scheme;
     }

src/main/java/fr/techad/sonar/GerritConstants.java

@@ -13,6 +13,7 @@ public final class GerritConstants {
     public static final String AUTH_BASIC = "basic";
     public static final String AUTH_DIGEST = "digest";
     public static final String GERRIT_COMMENT_NEW_ISSUES_ONLY = "false";
+    public static final String GERRIT_STRICT_HOSTKEY_DEFAULT = "true";
     public static final String GERRIT_VOTE_NO_ISSUE_DEFAULT = "+1";
     public static final String GERRIT_VOTE_ISSUE_BELOW_THRESHOLD_DEFAULT = "+1";
     public static final String GERRIT_VOTE_ISSUE_ABOVE_THRESHOLD_DEFAULT = "-1";

src/main/java/fr/techad/sonar/GerritPlugin.java

@@ -45,8 +45,13 @@ public void define(Context context) {
                 .type(PropertyType.PASSWORD).index(serverBaseIndex++).build();
 
         PropertyDefinition sshKeyPath = PropertyDefinition.builder(PropertyKey.GERRIT_SSH_KEY_PATH)
-                .category(GerritConstants.GERRIT_CATEGORY).subCategory(GerritConstants.GERRIT_SUBCATEGORY_SERVER)
-                .type(PropertyType.STRING).index(serverBaseIndex++).build();
+            .category(GerritConstants.GERRIT_CATEGORY).subCategory(GerritConstants.GERRIT_SUBCATEGORY_SERVER)
+            .type(PropertyType.STRING).index(serverBaseIndex++).build();
+
+        PropertyDefinition strictHostkey = PropertyDefinition.builder(PropertyKey.GERRIT_STRICT_HOSTKEY)
+            .category(GerritConstants.GERRIT_CATEGORY).subCategory(GerritConstants.GERRIT_SUBCATEGORY_SERVER)
+            .type(PropertyType.BOOLEAN).defaultValue(GerritConstants.GERRIT_STRICT_HOSTKEY_DEFAULT)
+            .index(serverBaseIndex++).build();
 
         PropertyDefinition authScheme = PropertyDefinition.builder(PropertyKey.GERRIT_HTTP_AUTH_SCHEME)
                 .category(GerritConstants.GERRIT_CATEGORY).subCategory(GerritConstants.GERRIT_SUBCATEGORY_SERVER)
@@ -102,7 +107,7 @@ public void define(Context context) {
 
         context.addExtensions(Arrays.asList(GerritConfiguration.class, GerritConnectorFactory.class,
                 GerritFacadeFactory.class, GerritInitializer.class, GerritProjectBuilder.class, GerritPostJob.class,
-                enabled, scheme, host, port, username, password, authScheme, basePath, sshKeyPath, label, message,
-                newIssuesOnly, threshold, voteNoIssue, voteIssueBelowThreshold, voteIssueAboveThreshold, issueComment));
+                enabled, scheme, host, port, username, password, authScheme, basePath, sshKeyPath, strictHostkey, label,
+                message, newIssuesOnly, threshold, voteNoIssue, voteIssueBelowThreshold, voteIssueAboveThreshold, issueComment));
     }
 }

src/main/java/fr/techad/sonar/PropertyKey.java

@@ -23,6 +23,7 @@ public final class PropertyKey {
     public static final String GERRIT_VOTE_ISSUE_BELOW_THRESHOLD = "GERRIT_VOTE_ISSUE_BELOW_THRESHOLD";
     public static final String GERRIT_VOTE_ISSUE_ABOVE_THRESHOLD = "GERRIT_VOTE_ISSUE_ABOVE_THRESHOLD";
     public static final String GERRIT_ISSUE_COMMENT = "GERRIT_ISSUE_COMMENT";
+    public static final String GERRIT_STRICT_HOSTKEY = "GERRIT_STRICT_HOSTKEY";
 
     private PropertyKey() {
     }

src/main/java/fr/techad/sonar/gerrit/GerritSshConnector.java

@@ -1,12 +1,17 @@
 package fr.techad.sonar.gerrit;
 
+import java.io.File;
 import java.io.IOException;
 import java.nio.ByteBuffer;
+import java.nio.file.Files;
+import java.nio.file.LinkOption;
+import java.nio.file.Paths;
 
 import fi.jpalomaki.ssh.Result;
 import fi.jpalomaki.ssh.SshClient;
 import fi.jpalomaki.ssh.UserAtHost;
 import fi.jpalomaki.ssh.jsch.JschSshClient;
+import fi.jpalomaki.ssh.jsch.JschSshClient.Options;
 
 import org.jetbrains.annotations.NotNull;
 import org.sonar.api.utils.log.Logger;
@@ -18,6 +23,9 @@ public class GerritSshConnector implements GerritConnector {
     private static final Logger LOG = Loggers.get(GerritSshConnector.class);
     private static final String CMD_LIST_FILES = "gerrit query --format=JSON --files --current-patch-set status:open change:%s limit:1";
     private static final String CMD_SET_REVIEW = "gerrit review %s -j";
+    private static final String SSH_KNOWN_HOSTS = ".ssh/known_hosts";
+    private static final String SSH_STRICT_NO = "StrictHostKeyChecking=no";
+    
     private final GerritConfiguration gerritConfiguration;
     private final UserAtHost userAtHost;
 
@@ -31,7 +39,7 @@ public GerritSshConnector(GerritConfiguration gerritConfiguration) {
     @NotNull
     @Override
     public String listFiles() throws IOException {
-        SshClient sshClient = new JschSshClient(gerritConfiguration.getSshKeyPath(), gerritConfiguration.getPassword());
+        SshClient sshClient = getSshClient();
 
         LOG.debug("[GERRIT PLUGIN] Execute command SSH {}",
                 String.format(CMD_LIST_FILES, gerritConfiguration.getChangeId()));
@@ -48,7 +56,7 @@ public String setReview(String reviewInputAsJson) throws IOException {
         LOG.info("[GERRIT PLUGIN] Setting review {}", reviewInputAsJson);
 
         ByteBuffer stdin = ByteBuffer.wrap(reviewInputAsJson.getBytes("UTF-8"));
-        SshClient sshClient = new JschSshClient(gerritConfiguration.getSshKeyPath(), gerritConfiguration.getPassword());
+        SshClient sshClient = getSshClient();
 
         LOG.debug("[GERRIT PLUGIN] Execute command SSH {}",
                 String.format(CMD_SET_REVIEW, gerritConfiguration.getRevisionId()));
@@ -58,4 +66,34 @@ public String setReview(String reviewInputAsJson) throws IOException {
 
         return cmdResult.stdoutAsText();
     }
+    
+    private SshClient getSshClient() {
+        SshClient sc = null;
+
+        if (gerritConfiguration.shouldStrictlyCheckHostKey()) {
+            LOG.debug("[GERRIT PLUGIN] SSH will check host key.");
+            sc = new JschSshClient(gerritConfiguration.getSshKeyPath(), gerritConfiguration.getPassword());
+        } else {
+            LOG.debug("[GERRIT PLUGIN] SSH will not check host key.");
+            String userKnownHosts = System.getProperty("user.home") + File.separator + SSH_KNOWN_HOSTS;
+            Boolean knownHostsExists = Files.exists(Paths.get(userKnownHosts), LinkOption.NOFOLLOW_LINKS);
+
+            if (!knownHostsExists) {
+                LOG.debug("[GERRIT PLUGIN] {} does not exist. Creating.", userKnownHosts);
+                // known_hosts DOES NOT exists => create it
+                try {
+                    Files.createFile(Paths.get(userKnownHosts));
+                } catch (IOException e) {
+                    LOG.warn("[GERRIT PLUGIN] Could not create known_hosts", e);
+                }
+                LOG.debug("[GERRIT PLUGIN] {} created.", userKnownHosts);
+            }
+
+            sc = new JschSshClient(gerritConfiguration.getSshKeyPath(), gerritConfiguration.getPassword(),
+                userKnownHosts, new Options("5s", "0s", "1M", "1M", SSH_STRICT_NO, false));
+        }
+
+        return sc;
+    }
+
 }