From 488ad241f6393458e28ba48199e750c61a5179e5 Mon Sep 17 00:00:00 2001 From: Ben McDonald Date: Thu, 3 Jul 2025 12:52:18 -0700 Subject: [PATCH] ADd secure, remove username and password Signed-off-by: Ben McDonald --- cmd/scan.go | 5 +++-- pkg/scan.go | 17 +++++++---------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/cmd/scan.go b/cmd/scan.go index 4a1deb9..2f1e932 100644 --- a/cmd/scan.go +++ b/cmd/scan.go @@ -24,6 +24,7 @@ var ( targetHosts [][]string disableProbing bool disableCache bool + insecure bool ) // The `scan` command is usually the first step to using the CLI tool. @@ -138,8 +139,7 @@ var ScanCmd = &cobra.Command{ DisableProbing: disableProbing, Verbose: verbose, Debug: debug, - Username: username, - Password: password, + Insecure: insecure, }) if len(foundAssets) > 0 && debug { @@ -179,6 +179,7 @@ func init() { ScanCmd.Flags().IPMaskVar(&subnetMask, "subnet-mask", net.IPv4Mask(255, 255, 255, 0), "Set the default subnet mask to use for with all subnets not using CIDR notation.") ScanCmd.Flags().BoolVar(&disableProbing, "disable-probing", false, "Disable probing found assets for Redfish service(s) running on BMC nodes") ScanCmd.Flags().BoolVar(&disableCache, "disable-cache", false, "Disable saving found assets to a cache database specified with 'cache' flag") + ScanCmd.Flags().BoolVar(&insecure, "insecure", false, "Skip TLS certificate verification during probe") checkBindFlagError(viper.BindPFlag("scan.ports", ScanCmd.Flags().Lookup("port"))) checkBindFlagError(viper.BindPFlag("scan.scheme", ScanCmd.Flags().Lookup("scheme"))) diff --git a/pkg/scan.go b/pkg/scan.go index 2ef87fd..af4907f 100644 --- a/pkg/scan.go +++ b/pkg/scan.go @@ -1,6 +1,7 @@ package magellan import ( + "crypto/tls" "fmt" "math" "net" @@ -34,8 +35,7 @@ type ScanParams struct { DisableProbing bool Verbose bool Debug bool - Username string - Password string + Insecure bool } // ScanForAssets() performs a net scan on a network to find available services @@ -71,8 +71,12 @@ func ScanForAssets(params *ScanParams) []RemoteAsset { {Type: "JAWS", Path: "/jaws/monitor/outlets"}, } + transport := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: params.Insecure}, + } probeClient := &http.Client{ - Timeout: time.Duration(params.Timeout) * time.Second, + Timeout: time.Duration(params.Timeout) * time.Second, + Transport: transport, } var wg sync.WaitGroup @@ -92,8 +96,6 @@ func ScanForAssets(params *ScanParams) []RemoteAsset { if params.Verbose { log.Debug().Err(err).Msgf("failed to connect to host") } - // NOTE: This was wg.Done() and return in the original, but that stops the whole worker. - // Continuing allows the worker to process other hosts in its queue. continue } if !params.DisableProbing { @@ -106,11 +108,6 @@ func ScanForAssets(params *ScanParams) []RemoteAsset { continue } - // Add authentication for JAWS endpoints if credentials are provided - if probe.Type == "JAWS" && params.Username != "" && params.Password != "" { - req.SetBasicAuth(params.Username, params.Password) - } - res, err := probeClient.Do(req) if err == nil && res != nil && res.StatusCode == http.StatusOK { res.Body.Close()