oxidized 0.34.1 → 0.34.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a097920373ca6a37ab3ab33b5dcf32c3a82fdde10e04002ba1bf18d503363407
-  data.tar.gz: 1906accf8b231c23988c60ec4c778569ef156ca19d9c04c19e8ee1558f2213c8
+  metadata.gz: f51898465cc98bf27a9bb2259b1e359f7f52f2c31b23eac63e7730f0eabbb8b8
+  data.tar.gz: 6c45f1b142609bc44b99025b4485b25fde43844738bd489dc2994df77ecf47d7
 SHA512:
-  metadata.gz: 06f22b2315d040b5030676843df8bdb1ff431734d05e7ffa4f1793635209bb0376e0c6433b4d945bc5bb014ba4766f177640cbb42aed43a8a32abb7157e18594
-  data.tar.gz: 490da3c86e4bcc9d12674129253e6b5118ebefac8b6d47fdf931ea2db620212fe8d3a6ec71a42d78a02d3df8b9c3709f1b650758259026abe41a88593f54c608
+  metadata.gz: c613a1c2c21144f6c064cb2dfaf94e7fa88248c499c43d3408cbce0e286bee477b09623c6432852b839c8c7f2c3a1511f9634d07ebc3bcbba5037032157f991a
+  data.tar.gz: 2cb4692eab7ebbd916264bae356d08b6f437a6f514da5a815bd1c79242d9a2cd558fcef13ad0f56eb6bb9ba74f054deba661a46b563c4a805ad4be4ede34808d

data/.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2025-07-18 14:37:30 UTC using RuboCop version 1.78.0.
+# on 2025-08-01 14:00:10 UTC using RuboCop version 1.79.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new

data/CHANGELOG.md

@@ -4,6 +4,30 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [0.34.2 – 2025-08-01]
+This release mainly fixes a bug in input/scp that made ssh raise an error when
+closing a closed connection (Issue #3583).
+
+A fix for config vars (Issue #3536) changes the way oxidized stores its
+vars internally (symblos => strings). Libraries depending on oxidized internal
+structures may have problem with this. oxidized-web was fixed in Release 0.17.1.
+
+### Added
+- Absolute time limit for a fetch job (default: 300 seconds) (@robertcheramy)
+
+### Changed
+- slackdiff: Attempt to join the channel if Errors::NotInChannel is encountered (@varesa)
+
+### Fixed
+- SSH raises error when closing a closed connection. Fixes #3583 (@ytti)
+- Config vars will not fall back to less specific. Fixes #3536 (@ytti)
+- input/scp: make common errors produce a warning, not a crashfile (@robertcheramy)
+- input/scp: implement timeouts. Fixes #3590 (@robertcheramy, @ytti)
+- model/mtrlrfs: add missing prompt (@R3thos)
+- slackdiff: Respect the HTTP proxy configuration while uploading the file. Fixes #3534 (@varesa)
+- logging (syslog): do not write two timestamps (Fixed in semanticlogger) (@robertcheramy)
+
+
 ## [0.34.1 - 2025-07-18]
 This release contains small fixes and will include the new version of oxidized-web (0.17.0) in the docker container.
 
@@ -15,6 +39,7 @@ This release contains small fixes and will include the new version of oxidized-w
 - junos: fix unfrozen literal strings (@robertcheramy)
 - spec/model: fix unfrozen literal strings and set a default prompt (@robertcheramy)
 
+
 ## [0.34.0 - 2025-07-15]
 :warning: This release introduces a [new logging system](docs/Configuration.md#logging),
 based on [semantic logger](https://logger.rocketjob.io/). The old configuration

data/docs/Configuration.md

@@ -1,30 +1,11 @@
 # Configuration
 
-## Debugging
-
-In case a model plugin doesn't work correctly (ios, procurve, etc.), you can
-enable live debugging of SSH/Telnet sessions. Just add a `debug` option
-containing the value true to the `input` section. The log files will be created
-depending on the parent directory of the logfile option.
-
-The following example will log an active ssh/telnet session
-`/home/oxidized/.config/oxidized/log/<IP-Address>-<PROTOCOL>`. The file will be
-truncated on each consecutive ssh/telnet session, so you need to put a `tailf`
-or `tail -f` on that file!
-
-```yaml
-log: /home/oxidized/.config/oxidized/log
-
-# ...
-
-input:
-  default: ssh, telnet
-  debug: true
-  ssh:
-    secure: false
-  http:
-    ssl_verify: true
-```
+## Modules
+The configuration of each module is described in its respective sub-configuration file:
+* [Inputs.md](Inputs.md)
+* [Outputs.md](Outputs.md)
+* [Sources.md](Sources.md)
+* [Hooks.md](Hooks.md)
 
 ## Privileged mode
 
@@ -65,142 +46,22 @@ The above strips out snmp community strings from your saved configs.
 
 **NOTE:** Removing secrets reduces the usefulness as a full configuration backup, but it may make sharing configs easier.
 
-## Disabling SSH exec channels
-
-Oxidized uses exec channels to make information extraction simpler, but there
-are some situations where this doesn't work well, e.g. configuring devices. This
-feature can be turned off by setting the `ssh_no_exec`
-variable.
-
-```yaml
-vars:
-  ssh_no_exec: true
-```
-
-## Disabling SSH keepalives
-
-Oxidized SSH input makes use of SSH keepalives to prevent timeouts from slower
-devices and to quickly tear down stale sessions in larger deployments. There
-have been reports of SSH keepalives breaking compatibility with certain OS
-types. They can be disabled using the `ssh_no_keepalive` variable on a per-node
-basis (by specifying it in the source) or configured application-wide.
-
-```yaml
-vars:
-  ssh_no_keepalive: true
-```
-
-## SSH Auth Methods
-
-By default, Oxidized registers the following auth methods: `none`, `publickey` and `password`. However you can configure this globally, by groups, models or nodes.
-
-```yaml
-vars:
-  auth_methods: [ "none", "publickey", "password", "keyboard-interactive" ]
-```
-
-## Public Key Authentication with SSH
-
-Instead of password-based login, Oxidized can make use of key-based SSH
-authentication.
+## Timeout and Time limit
+You can configure when oxidized will `timeout` while fetching a configuration
+(default: 20 seconds), and how much absolute time (`timelimit`) the fetching
+is allowed to last (default: 300 seconds, or 5 minutes):
 
-You can tell Oxidized to use one or more private keys globally, or specify the
-key to be used on a per-node basis. The latter can be done by mapping the
-`ssh_keys` variable through the active source.
+* `timeout`: Maximum time to wait for a single operation during config fetching.
+  Not every input module has an implemented timeout.
+* `timelimit`: Maximum total time allowed for the entire fetch job. It is
+  independent of input modules and will always be enforced.
 
-Global:
+If `timelimit`is reached, the fetch job will be killed and will produce a
+warning. The job status will be set to `timelimit`.
 
 ```yaml
-vars:
-  ssh_keys: "~/.ssh/id_rsa"
-```
-
-Per-Node:
-
-```yaml
-# ...
-map:
-  name: 0
-  model: 1
-vars_map:
-  enable: 2
-  ssh_keys: 3
-# ...
-```
-
-If you are using a non-standard path, especially when copying the private key
-via a secured channel, make sure that the permissions are set correctly:
-
-```bash
-foo@bar:~$ ls -la ~/.ssh/
-total 20
-drwx------ 2 oxidized oxidized 4096 Mar 13 17:03 .
-drwx------ 5 oxidized oxidized 4096 Mar 13 21:40 ..
--r-------- 1 oxidized oxidized  103 Mar 13 17:03 authorized_keys
--rw------- 1 oxidized oxidized  399 Mar 13 17:02 id_ed25519
--rw-r--r-- 1 oxidized oxidized   94 Mar 13 17:02 id_ed25519.pub
-```
-
-Finally, multiple private keys can be specified as an array of file paths, such
-as `["~/.ssh/id_rsa", "~/.ssh/id_another_rsa"]`.
-
-## SSH Proxy Command
-
-Oxidized can `ssh` through a proxy as well. To do so we just need to set
-`ssh_proxy` variable with the proxy host information and optionally set the
-`ssh_proxy_port` with the SSH port if it is not listening on port 22.
-
-This can be provided on a per-node basis by mapping the proper fields from your
-source.
-
-An example for a `csv` input source that maps the 4th field as the `ssh_proxy`
-value and the 5th field as `ssh_proxy_port`.
-
-```yaml
-# ...
-map:
-  name: 0
-  model: 1
-vars_map:
-  enable: 2
-  ssh_proxy: 3
-  ssh_proxy_port: 4
-# ...
-```
-
-## SSH enabling legacy algorithms
-
-When connecting to older firmware over SSH, it is sometimes necessary to enable
-legacy/disabled settings like KexAlgorithms, HostKeyAlgorithms, MAC or the
-Encryption.
-
-These settings can be provided on a per-node basis by mapping the ssh_kex,
-ssh_host_key, ssh_hmac and the ssh_encryption fields from you source.
-
-```yaml
-# ...
-map:
-  name: 0
-  model: 1
-vars_map:
-  enable: 2
-  ssh_kex: 3
-  ssh_host_key: 4
-  ssh_hmac: 5
-  ssh_encryption: 6
-# ...
-```
-
-## FTP Passive Mode
-
-Oxidized uses ftp passive mode by default. Some devices require passive mode to
-be disabled. To do so, we can set `input.ftp.passive` to false - this will make
-use of FTP active mode.
-
-```yaml
-input:
-  ftp:
-    passive: false
+timeout: 20
+timelimit: 300
 ```
 
 ## Advanced Configuration
@@ -230,6 +91,7 @@ threads: 30 # maximum number of threads
 # true - always use the maximum number of threads
 use_max_threads: false
 timeout: 20
+timelimit: 300
 retries: 3
 prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
 crash:
@@ -372,7 +234,7 @@ models:
     password: pass
 ```
 
-### Options (credentials, vars, etc.) precedence:
+## Options (credentials, vars, etc.) precedence:
 From least to most important:
 - global options
 - model specific options
@@ -513,9 +375,6 @@ following appenders are currently supported:
 > `stderr` and `stdout` are mutually exclusive and will produce a warning if used
 > simultaneously.
 
-> Note: `syslog` currently produces two timestamps because of an issue in
-> [Sematic Logger](https://github.com/reidmorrison/semantic_logger/issues/316).
-
 > You can configure as many file appenders as you wish.
 
 You can set a log level globally and/or for each appender.

data/docs/Hooks.md

@@ -249,7 +249,7 @@ Your AWS credentials should be stored in `~/.aws/credentials`.
 
 ## Hook type: slackdiff
 
-The `slackdiff` hook posts colorized config diffs to a [Slack](https://www.slack.com) channel of your choice. It only triggers for `post_store` events.
+The `slackdiff` hook posts colorized config diffs to a [Slack](https://www.slack.com) channel of your choice. It only triggers for `post_store` events. The used output must be capable of generating a diff. E.g. file output is not usable while git/gitcrypt will work.
 
 You will need to manually install the `slack-ruby-client` gem on your system:
 
@@ -270,7 +270,7 @@ hooks:
     channel: "CHANNEL_ID"
 ```
 
-The token parameter is a Slack API token that can be generated following [this tutorial](https://api.slack.com/tutorials/tracks/getting-a-token).  Until Slack stops supporting them, legacy tokens can also be used.
+The token parameter is a Slack API token that can be generated following [this tutorial](https://api.slack.com/tutorials/tracks/getting-a-token).  Until Slack stops supporting them, legacy tokens can also be used. If the token has channels:join permission, the bot will attempt to automatically join the configured channel if necessary.
 
 Optionally you can disable snippets and post a formatted message, for instance linking to a commit in a git repo. Named parameters `%{node}`, `%{group}`, `%{model}` and `%{commitref}` are available.
 

data/docs/Inputs.md

@@ -0,0 +1,205 @@
+# Inputs
+## Index
+* Configuration
+  * [SSH](#ssh)
+  * [SCP](#scp)
+  * [FTP](#ftp)
+  * telnet
+  * http
+  * tftp
+  * exec
+* [Debugging](#debugging)
+
+## SSH
+### Disabling SSH exec channels
+
+Oxidized uses exec channels to make information extraction simpler, but there
+are some situations where this doesn't work well, e.g. configuring devices. This
+feature can be turned off by setting the `ssh_no_exec`
+variable.
+
+```yaml
+vars:
+  ssh_no_exec: true
+```
+
+### Disabling SSH keepalives
+
+Oxidized SSH input makes use of SSH keepalives to prevent timeouts from slower
+devices and to quickly tear down stale sessions in larger deployments. There
+have been reports of SSH keepalives breaking compatibility with certain OS
+types. They can be disabled using the `ssh_no_keepalive` variable on a per-node
+basis (by specifying it in the source) or configured application-wide.
+
+```yaml
+vars:
+  ssh_no_keepalive: true
+```
+
+### SSH Auth Methods
+
+By default, Oxidized registers the following auth methods: `none`, `publickey` and `password`. However you can configure this globally, by groups, models or nodes.
+
+```yaml
+vars:
+  auth_methods: [ "none", "publickey", "password", "keyboard-interactive" ]
+```
+
+### Public Key Authentication with SSH
+
+Instead of password-based login, Oxidized can make use of key-based SSH
+authentication.
+
+You can tell Oxidized to use one or more private keys globally, or specify the
+key to be used on a per-node basis. The latter can be done by mapping the
+`ssh_keys` variable through the active source.
+
+Global:
+
+```yaml
+vars:
+  ssh_keys: "~/.ssh/id_rsa"
+```
+
+Per-Node:
+
+```yaml
+# ...
+map:
+  name: 0
+  model: 1
+vars_map:
+  enable: 2
+  ssh_keys: 3
+# ...
+```
+
+If you are using a non-standard path, especially when copying the private key
+via a secured channel, make sure that the permissions are set correctly:
+
+```bash
+foo@bar:~$ ls -la ~/.ssh/
+total 20
+drwx------ 2 oxidized oxidized 4096 Mar 13 17:03 .
+drwx------ 5 oxidized oxidized 4096 Mar 13 21:40 ..
+-r-------- 1 oxidized oxidized  103 Mar 13 17:03 authorized_keys
+-rw------- 1 oxidized oxidized  399 Mar 13 17:02 id_ed25519
+-rw-r--r-- 1 oxidized oxidized   94 Mar 13 17:02 id_ed25519.pub
+```
+
+Finally, multiple private keys can be specified as an array of file paths, such
+as `["~/.ssh/id_rsa", "~/.ssh/id_another_rsa"]`.
+
+### SSH Proxy Command
+
+Oxidized can `ssh` through a proxy as well. To do so we just need to set
+`ssh_proxy` variable with the proxy host information and optionally set the
+`ssh_proxy_port` with the SSH port if it is not listening on port 22.
+
+This can be provided on a per-node basis by mapping the proper fields from your
+source.
+
+An example for a `csv` input source that maps the 4th field as the `ssh_proxy`
+value and the 5th field as `ssh_proxy_port`.
+
+```yaml
+# ...
+map:
+  name: 0
+  model: 1
+vars_map:
+  enable: 2
+  ssh_proxy: 3
+  ssh_proxy_port: 4
+# ...
+```
+
+### SSH enabling legacy algorithms
+
+When connecting to older firmware over SSH, it is sometimes necessary to enable
+legacy/disabled settings like KexAlgorithms, HostKeyAlgorithms, MAC or the
+Encryption.
+
+These settings can be provided on a per-node basis by mapping the ssh_kex,
+ssh_host_key, ssh_hmac and the ssh_encryption fields from you source.
+
+```yaml
+# ...
+map:
+  name: 0
+  model: 1
+vars_map:
+  enable: 2
+  ssh_kex: 3
+  ssh_host_key: 4
+  ssh_hmac: 5
+  ssh_encryption: 6
+# ...
+```
+
+### Custom SSH port
+Set the variable `ssh_port` to the desired value (default is 22).
+
+### SSH Host key verification
+With the configuration `secure', you can set the ssh key verification:
+- `true`: strict host verification, looking up the known host files
+- `false` (default): disable host verification, accept any ssh key
+
+```
+input:
+  ssh:
+    secure: true
+```
+
+## SCP
+### SSH Host key verification (SCP)
+Same as for [SSH host key verification](#ssh-host-key-verification)
+
+```
+input:
+  scp:
+    secure: true
+```
+
+### Custom SCP port
+Set the variable `ssh_port` to the desired value (default is 22).
+
+## FTP
+### FTP Passive Mode
+
+Oxidized uses ftp passive mode by default. Some devices require passive mode to
+be disabled. To do so, we can set `input.ftp.passive` to false - this will make
+use of FTP active mode.
+
+```yaml
+input:
+  ftp:
+    passive: false
+```
+
+
+## Debugging
+
+In case a model plugin doesn't work correctly (ios, procurve, etc.), you can
+enable live debugging of SSH/Telnet sessions. Just add a `debug` option
+containing the value true to the `input` section. The log files will be created
+depending on the parent directory of the logfile option.
+
+The following example will log an active ssh/telnet session
+`/home/oxidized/.config/oxidized/log/<IP-Address>-<PROTOCOL>`. The file will be
+truncated on each consecutive ssh/telnet session, so you need to put a `tailf`
+or `tail -f` on that file!
+
+```yaml
+log: /home/oxidized/.config/oxidized/log
+
+# ...
+
+input:
+  default: ssh, telnet
+  debug: true
+  ssh:
+    secure: false
+  http:
+    ssl_verify: true
+```

data/docs/Release.md

@@ -7,12 +7,17 @@ Oxidized versions are numbered like major.minor.patch
 - minor is incremented when releasing new features.
 - patch is incremented when releasing fixes only.
 
+## Create a release branch
+Name the release branch `release/0.xx.yy`
+
 ## Review changes
 Run `git diff 0.30.0` (where `0.30.0` is to be changed to the last release) and review
 all the changes that have been done. Have a specific look at changes you don't understand.
 
 For a graphical compare, use `git difftool -d 0.30.0`.
 
+Commit fixes to the release branch
+
 ## Update the gem dependencies to the latest versions
 ```
 bundle outdated
@@ -29,9 +34,11 @@ If you change some code => Restart the release process at the beginning ;-)
 ## Make sure the file permissions are correct
 Run `bundle exec rake chmod`
 
-## Create a release branch
-Name the release branch `release/0.xx.yy`
+## Test !
+Test the git code and the container against as much device types and
+environments as you can.
 
+## Bump the version
 Update CHANGELOG.md:
 - review it
 - add release notes
@@ -42,16 +49,12 @@ Change the version in `lib/oxidized/version.rb`
 Upload the branch to github, make a Pull Request for it.
 
 ## Make sure you pass all GitHub CI
-They test different ruby versions, the docker build process and codeql.
-
-## Test !
-Test the git code and the container against as much device types and
-environments as you can.
+They test different ruby versions an run security checks on the code (codeql).
 
 ## Prepare the release in your working repository
 1. Merge the Pull Request into master with the commit message
    `chore(release): release version 0.3x.y`
-2. `git pull` master
+2. `git pull` on master
 3. Tag the commit with `git tag -a 0.xx.yy -m "Release 0.xx.yy"` or `rake tag`
 4. Build the gem with ‘rake build’
 5. Run `git diff` to check if there have been more changes (there shouldn't)

data/extra/device2yaml.rb

@@ -111,7 +111,7 @@ def yaml_output(prepend = '')
 end
 
 def cleanup
-  (@ssh.close rescue true) unless @ssh.closed?
+  (@ssh.close rescue true) unless @ssh.closed? # rubocop:disable Style/RedundantParentheses
   @output&.close
 end
 

data/extra/syslog.rb

@@ -141,7 +141,7 @@ module Oxidized
       if Oxidized::CFG.syslogd.resolve == false
         ipaddr
       else
-        name = (Resolv.getname ipaddr.to_s rescue ipaddr)
+        name = (Resolv.getname ipaddr.to_s rescue ipaddr) # rubocop:disable Style/RedundantParentheses
         Oxidized::CFG.syslogd.dns_map.each { |re, sub| name.sub! Regexp.new(re.to_s), sub }
         name
       end

data/lib/oxidized/config/vars.rb

@@ -4,21 +4,32 @@ module Oxidized
       # convenience method for accessing node, group or global level user variables
       def vars(name)
         model_name = @node.model.class.name.to_s.downcase
-        if @node.vars&.has_key?(name)
-          @node.vars[name]
-        elsif Oxidized.config.groups.has_key?(@node.group) &&
-              Oxidized.config.groups[@node.group].models.has_key(model_name) &&
-              Oxidized.config.groups[@node.group].models[model_name].vars.has_key?(name.to_s)
-          Oxidized.config.groups[@node.group].models[model_name].vars[name.to_s]
-        elsif Oxidized.config.groups.has_key?(@node.group) &&
-              Oxidized.config.groups[@node.group].vars.has_key?(name.to_s)
-          Oxidized.config.groups[@node.group].vars[name.to_s]
-        elsif Oxidized.config.models.has_key(model_name) &&
-              Oxidized.config.models[model_name].vars.has_key?(name.to_s)
-          Oxidized.config.models[model_name].vars[name.to_s]
-        elsif Oxidized.config.vars.has_key?(name.to_s)
-          Oxidized.config.vars[name.to_s]
+        groups = Oxidized.config.groups
+        models = Oxidized.config.models
+        group = groups[@node.group] if groups.has_key?(@node.group)
+        model = models[model_name] if models.has_key?(model_name)
+        group_model = group.models[model_name] if group&.models&.has_key?(model_name)
+
+        scopes = {
+          node:        @node.vars,
+          group_model: group_model&.vars,
+          group:       group&.vars,
+          model:       model&.vars,
+          vars:        Oxidized.config.vars
+        }
+
+        scopes.each do |scope_name, scope|
+          next unless scope&.has_key?(name.to_s)
+
+          val = scope[name.to_s]
+          if val.nil?
+            Oxidized.logger.debug "vars.rb: scope #{scope_name} has key #{name} with value nil, ignoring scope"
+          else
+            Oxidized.logger.debug "vars.rb: scope #{scope_name} has key #{name} with value #{val}, using scope"
+            return val
+          end
         end
+        nil
       end
     end
   end

data/lib/oxidized/config.rb

@@ -32,6 +32,7 @@ module Oxidized
       asetus.default.threads       = 30
       asetus.default.use_max_threads = false
       asetus.default.timeout       = 20
+      asetus.default.timelimit     = 300
       asetus.default.retries       = 3
       asetus.default.prompt        = /^([\w.@-]+[#>]\s?)$/
       asetus.default.next_adds_job = false            # if true, /next adds job, so device is fetched immmeiately

data/lib/oxidized/hook/slackdiff.rb

@@ -11,14 +11,20 @@ class SlackDiff < Oxidized::Hook
     raise KeyError, 'hook.channel is required' unless cfg.has_key?('channel')
   end
 
-  def slack_upload(client, title, content, channel)
+  def slack_upload(client, title, content, channel, proxy)
     logger.info "Posting diff as snippet to #{channel}"
     upload_dest = client.files_getUploadURLExternal(filename:     "change",
                                                     length:       content.length,
                                                     snippet_type: "diff")
     file_uri = URI.parse(upload_dest[:upload_url])
 
-    http = Net::HTTP.new(file_uri.host, file_uri.port)
+    proxy_uri = URI.parse(proxy) if proxy
+    proxy_address = proxy_uri ? proxy_uri.host : :ENV
+    proxy_port = proxy_uri&.port
+    proxy_user = proxy_uri&.user
+    proxy_pass = proxy_uri&.password
+
+    http = Net::HTTP.new(file_uri.host, file_uri.port, proxy_address, proxy_port, proxy_user, proxy_pass)
     http.use_ssl = true
 
     request = Net::HTTP::Post.new(file_uri.request_uri, { Host: file_uri.host })
@@ -31,8 +37,15 @@ class SlackDiff < Oxidized::Hook
       id:    upload_dest[:file_id],
       title: title
     }]
-    client.files_completeUploadExternal(channel_id: channel,
-                                        files:      files.to_json)
+    begin
+      client.files_completeUploadExternal(channel_id: channel,
+                                          files:      files.to_json)
+    rescue Slack::Web::Api::Errors::NotInChannel
+      logger.info "Not in specified channel, attempting to join"
+      client.conversations_join(channel: channel)
+      client.files_completeUploadExternal(channel_id: channel,
+                                          files:      files.to_json)
+    end
   end
 
   def run_hook(ctx)
@@ -53,7 +66,7 @@ class SlackDiff < Oxidized::Hook
       unless diff == "no diffs"
         title = "#{ctx.node.name} #{ctx.node.group} #{ctx.node.model.class.name.to_s.downcase}"
         content = diff[:patch].lines.to_a[4..-1].join
-        slack_upload(client, title, content, cfg.channel)
+        slack_upload(client, title, content, cfg.channel, cfg.has_key?('proxy') ? cfg.proxy : nil)
       end
     end
     # message custom formatted - optional

data/lib/oxidized/input/scp.rb

@@ -7,11 +7,14 @@ module Oxidized
   class SCP < Input
     RESCUE_FAIL = {
       debug: [
-        # Net::SSH::Disconnect,
+        Net::SSH::Disconnect,
+        Net::SSH::ConnectionTimeout
       ],
       warn:  [
-        # RuntimeError,
-        # Net::SSH::AuthenticationFailed,
+        Net::SCP::Error,
+        Net::SSH::HostKeyUnknown,
+        Net::SSH::AuthenticationFailed,
+        Timeout::Error
       ]
     }.freeze
     include Input::CLI
@@ -20,17 +23,39 @@ module Oxidized
       @node = node
       @node.model.cfg['scp'].each { |cb| instance_exec(&cb) }
       @log = File.open(Oxidized::Config::LOG + "/#{@node.ip}-scp", 'w') if Oxidized.config.input.debug?
-      @ssh = Net::SSH.start(@node.ip, @node.auth[:username], password: @node.auth[:password])
+      @ssh = Net::SSH.start(@node.ip, @node.auth[:username], make_ssh_opts)
       connected?
     end
 
+    def make_ssh_opts
+      secure = Oxidized.config.input.scp.secure?
+      ssh_opts = {
+        number_of_password_prompts:      0,
+        verify_host_key:                 secure ? :always : :never,
+        append_all_supported_algorithms: true,
+        password:                        @node.auth[:password],
+        timeout:                         Oxidized.config.timeout,
+        port:                            (vars(:ssh_port) || 22).to_i,
+        forward_agent:                   false
+      }
+
+      # Use our logger for Net::SSH
+      ssh_logger = SemanticLogger[Net::SSH]
+      ssh_logger.level = Oxidized.config.input.debug? ? :debug : :fatal
+      ssh_opts[:logger] = ssh_logger
+
+      ssh_opts
+    end
+
     def connected?
       @ssh && (not @ssh.closed?)
     end
 
     def cmd(file)
       logger.debug "SCP: #{file} @ #{@node.name}"
-      @ssh.scp.download!(file)
+      Timeout.timeout(Oxidized.config.timeout) do
+        @ssh.scp.download!(file)
+      end
     end
 
     def send(my_proc)
@@ -44,7 +69,11 @@ module Oxidized
     private
 
     def disconnect
-      @ssh.close
+      Timeout.timeout(Oxidized.config.timeout) do
+        @ssh.close
+      end
+    rescue Timeout::Error
+      logger.debug "#{@node.name} timed out while disconnecting"
     ensure
       @log.close if Oxidized.config.input.debug?
     end

data/lib/oxidized/input/ssh.rb

@@ -14,6 +14,7 @@ module Oxidized
       ]
     }.freeze
     include Input::CLI
+
     class NoShell < OxidizedError; end
 
     def connect(node) # rubocop:disable Naming/PredicateMethod
@@ -81,12 +82,12 @@ module Oxidized
       Timeout.timeout(Oxidized.config.timeout) { @ssh.loop }
     rescue Errno::ECONNRESET, Net::SSH::Disconnect, IOError => e
       logger.debug 'The other side closed the connection while ' \
-                   "disconnecting, rasing #{e.class} with #{e.messages}"
+                   "disconnecting, raising #{e.class} with #{e.message}"
     rescue Timeout::Error
       logger.debug "#{@node.name} timed out while disconnecting"
     ensure
       @log.close if Oxidized.config.input.debug?
-      (@ssh.close rescue true) unless @ssh.closed?
+      (@ssh.close rescue true) unless @ssh.closed? # rubocop:disable Style/RedundantParentheses
     end
 
     def shell_open(ssh)
@@ -162,7 +163,7 @@ module Oxidized
       ssh_opts[:host_key]   = vars(:ssh_host_key).split(/,\s*/)   if vars(:ssh_host_key)
       ssh_opts[:hmac]       = vars(:ssh_hmac).split(/,\s*/)       if vars(:ssh_hmac)
 
-      # Use our logger for Net:SSH
+      # Use our logger for Net::SSH
       ssh_logger = SemanticLogger[Net::SSH]
       ssh_logger.level = Oxidized.config.input.debug? ? :debug : :fatal
       ssh_opts[:logger] = ssh_logger

data/lib/oxidized/input/telnet.rb

@@ -4,6 +4,7 @@ module Oxidized
   class Telnet < Input
     RESCUE_FAIL = {}.freeze
     include Input::CLI
+
     attr_reader :telnet
 
     def connect(node) # rubocop:disable Naming/PredicateMethod
@@ -67,7 +68,7 @@ module Oxidized
       # This exception is intented and therefore not handled here
     ensure
       @log.close if Oxidized.config.input.debug?
-      (@telnet.close rescue true) unless @telnet.sock.closed?
+      (@telnet.close rescue true) unless @telnet.sock.closed? # rubocop:disable Style/RedundantParentheses
     end
   end
 end

data/lib/oxidized/job.rb

@@ -7,13 +7,21 @@ module Oxidized
     def initialize(node)
       @node = node
       @start = Time.now.utc
-      self.name = "Oxidized::Job '#{@node.name}'"
+      self.name = "Job '#{@node.name}'"
       super do
-        logger.debug "Starting fetching process for #{@node.name} at #{Time.now.utc}"
-        @status, @config = @node.run
-        @end             = Time.now.utc
-        @time            = @end - @start
-        logger.debug "Config fetched for #{@node.name} at #{@end}"
+        logger.debug "Starting fetching process for #{@node.name}"
+        begin
+          Timeout.timeout(Oxidized.config.timelimit) do
+            @status, @config = @node.run
+          end
+          logger.debug "Config fetched for #{@node.name}"
+        rescue Timeout::Error
+          logger.warn "Job timelimit reached for #{@node.name}"
+          @status = :timelimit
+        ensure
+          @end  = Time.now.utc
+          @time = @end - @start
+        end
       end
     end
   end

data/lib/oxidized/model/model.rb

@@ -4,6 +4,7 @@ require_relative 'outputs'
 module Oxidized
   class Model
     include SemanticLogger::Loggable
+
     using Refinements
 
     include Oxidized::Config::Vars

data/lib/oxidized/model/mtrlrfs.rb

@@ -3,6 +3,7 @@ class Mtrlrfs < Oxidized::Model
 
   # Motorola RFS/Extreme WM
 
+  prompt /^([\w.@-]+\*?[#>])\s?$/
   comment  '# '
 
   cmd :all do |cfg|

data/lib/oxidized/nodes.rb

@@ -38,8 +38,10 @@ module Oxidized
     def node_want?(node_want, node)
       return true unless node_want
 
+      # rubocop:disable Style/RedundantParentheses
       node_want_ip = (IPAddr.new(node_want) rescue false)
       name_is_ip   = (IPAddr.new(node[:name]) rescue false)
+      # rubocop:enable Style/RedundantParentheses
       # rubocop:todo Lint/DuplicateBranch
       if name_is_ip && (node_want_ip == node[:name])
         true

data/lib/oxidized/source/csv.rb

@@ -43,7 +43,7 @@ module Oxidized
           # map node specific vars
           vars = {}
           @cfg.vars_map.each do |key, position|
-            vars[key.to_sym] = node_var_interpolate data[position]
+            vars[key.to_s] = node_var_interpolate data[position]
           end
           keys[:vars] = vars unless vars.empty?
 

data/lib/oxidized/source/jsonfile.rb

@@ -50,7 +50,7 @@ module Oxidized
           # map node specific vars
           vars = {}
           @cfg.vars_map.each do |key, want_position|
-            vars[key.to_sym] = node_var_interpolate string_navigate_object(node, want_position)
+            vars[key.to_s] = node_var_interpolate string_navigate_object(node, want_position)
           end
           keys[:vars] = vars unless vars.empty?
 

data/lib/oxidized/source/sql.rb

@@ -42,7 +42,7 @@ module Oxidized
           # map node specific vars
           vars = {}
           @cfg.vars_map.each do |key, sql_column|
-            vars[key.to_sym] = node_var_interpolate node[sql_column.to_sym]
+            vars[key.to_s] = node_var_interpolate node[sql_column.to_sym]
           end
           keys[:vars] = vars unless vars.empty?
 

data/lib/oxidized/version.rb

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
 module Oxidized
-  VERSION = '0.34.1'
-  VERSION_FULL = '0.34.1'
+  VERSION = '0.34.2'
+  VERSION_FULL = '0.34.2'
   def self.version_set
     version_full = %x(git describe --tags).chop rescue ""
     version      = %x(git describe --tags --abbrev=0).chop rescue ""

data/oxidized.gemspec

@@ -41,7 +41,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'net-telnet',           '~> 0.2'
   s.add_dependency 'psych',                '~> 5.0'
   s.add_dependency 'rugged',               '~> 1.6'
-  s.add_dependency 'semantic_logger',      '~> 4.16'
+  s.add_dependency 'semantic_logger',      '~> 4.17.0'
   s.add_dependency 'slop',                 '~> 4.6'
   s.add_dependency 'syslog',               '~> 0.3.0'
   s.add_dependency 'syslog_protocol',      '~> 0.9.2'
@@ -53,13 +53,13 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'mocha',               '~> 2.1'
   s.add_development_dependency 'pry',                 '~> 0.15.0'
   s.add_development_dependency 'rake',                '~> 13.0'
-  s.add_development_dependency 'rubocop',             '~> 1.78.0'
+  s.add_development_dependency 'rubocop',             '~> 1.79.1'
   s.add_development_dependency 'rubocop-minitest',    '~> 0.38.0'
   s.add_development_dependency 'rubocop-rake',        '~> 0.7.0'
   s.add_development_dependency 'rubocop-sequel',      '~> 0.4.0'
   s.add_development_dependency 'simplecov',           '~> 0.22.0'
 
   # Dependencies on optional libraries, used for unit tests & development
-  s.add_development_dependency 'oxidized-web',        '~> 0.16'
+  s.add_development_dependency 'oxidized-web',        '~> 0.17.1'
   s.add_development_dependency 'sequel',              '>= 5.63.0', '<= 5.94.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oxidized
 version: !ruby/object:Gem::Version
-  version: 0.34.1
+  version: 0.34.2
 platform: ruby
 authors:
 - Saku Ytti
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-07-18 00:00:00.000000000 Z
+date: 2025-08-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: asetus
@@ -158,14 +158,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.16'
+        version: 4.17.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.16'
+        version: 4.17.0
 - !ruby/object:Gem::Dependency
   name: slop
   requirement: !ruby/object:Gem::Requirement
@@ -304,14 +304,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.78.0
+        version: 1.79.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.78.0
+        version: 1.79.1
 - !ruby/object:Gem::Dependency
   name: rubocop-minitest
   requirement: !ruby/object:Gem::Requirement
@@ -374,14 +374,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: 0.17.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: 0.17.1
 - !ruby/object:Gem::Dependency
   name: sequel
   requirement: !ruby/object:Gem::Requirement
@@ -440,6 +440,7 @@ files:
 - docs/DeviceSimulation.md
 - docs/Docker.md
 - docs/Hooks.md
+- docs/Inputs.md
 - docs/Issues.md
 - docs/Model-Notes/ADVA.md
 - docs/Model-Notes/APC_AOS.md