ADd secure, remove username and password

Signed-off-by: Ben McDonald <ben.mcdonald@hpe.com>
2025-12-20 11:37:01 -07:00 · 2025-07-03 12:52:18 -07:00 · 2025-07-03 12:52:18 -07:00 · 488ad241f6
commit 488ad241f6
parent 4cfd48da63
2 changed files with 10 additions and 12 deletions
--- a/cmd/scan.go
+++ b/cmd/scan.go
@ -24,6 +24,7 @@ var (
 	targetHosts    [][]string
 	disableProbing bool
 	disableCache   bool
+	insecure       bool
 )

 // The `scan` command is usually the first step to using the CLI tool.
@ -138,8 +139,7 @@ var ScanCmd = &cobra.Command{
 			DisableProbing: disableProbing,
 			Verbose:        verbose,
 			Debug:          debug,
-			Username:       username,
-			Password:       password,
+			Insecure:       insecure,
 		})

 		if len(foundAssets) > 0 && debug {
@ -179,6 +179,7 @@ func init() {
 	ScanCmd.Flags().IPMaskVar(&subnetMask, "subnet-mask", net.IPv4Mask(255, 255, 255, 0), "Set the default subnet mask to use for with all subnets not using CIDR notation.")
 	ScanCmd.Flags().BoolVar(&disableProbing, "disable-probing", false, "Disable probing found assets for Redfish service(s) running on BMC nodes")
 	ScanCmd.Flags().BoolVar(&disableCache, "disable-cache", false, "Disable saving found assets to a cache database specified with 'cache' flag")
+	ScanCmd.Flags().BoolVar(&insecure, "insecure", false, "Skip TLS certificate verification during probe")

 	checkBindFlagError(viper.BindPFlag("scan.ports", ScanCmd.Flags().Lookup("port")))
 	checkBindFlagError(viper.BindPFlag("scan.scheme", ScanCmd.Flags().Lookup("scheme")))
--- a/pkg/scan.go
+++ b/pkg/scan.go
@ -1,6 +1,7 @@
 package magellan

 import (
+	"crypto/tls"
 	"fmt"
 	"math"
 	"net"
@ -34,8 +35,7 @@ type ScanParams struct {
 	DisableProbing bool
 	Verbose        bool
 	Debug          bool
-	Username       string
-	Password       string
+	Insecure       bool
 }

 // ScanForAssets() performs a net scan on a network to find available services
@ -71,8 +71,12 @@ func ScanForAssets(params *ScanParams) []RemoteAsset {
 		{Type: "JAWS", Path: "/jaws/monitor/outlets"},
 	}

+	transport := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: params.Insecure},
+	}
 	probeClient := &http.Client{
-		Timeout: time.Duration(params.Timeout) * time.Second,
+		Timeout:   time.Duration(params.Timeout) * time.Second,
+		Transport: transport,
 	}

 	var wg sync.WaitGroup
@ -92,8 +96,6 @@ func ScanForAssets(params *ScanParams) []RemoteAsset {
 						if params.Verbose {
 							log.Debug().Err(err).Msgf("failed to connect to host")
 						}
-						// NOTE: This was wg.Done() and return in the original, but that stops the whole worker.
-						// Continuing allows the worker to process other hosts in its queue.
 						continue
 					}
 					if !params.DisableProbing {
@ -106,11 +108,6 @@ func ScanForAssets(params *ScanParams) []RemoteAsset {
 									continue
 								}

-								// Add authentication for JAWS endpoints if credentials are provided
-								if probe.Type == "JAWS" && params.Username != "" && params.Password != "" {
-									req.SetBasicAuth(params.Username, params.Password)
-								}
-
 								res, err := probeClient.Do(req)
 								if err == nil && res != nil && res.StatusCode == http.StatusOK {
 									res.Body.Close()