ssh_scan 0.0.16 → 0.0.17.pre

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4ee64bc0510d0062484755cc9258e947ddd53575
-  data.tar.gz: abc430f6465b494019aa648d358c25224d49f4ce
+  metadata.gz: 377880ac09b5bd925aeb32066409dd9e4c8edc7e
+  data.tar.gz: c3b70dcfae67ffd84ddf0d028c67486bbf71256e
 SHA512:
-  metadata.gz: e0b5318192b079acc3c8a7d4232f56029dcaa8ad48d5dc40e1abc64bea229ef40b29ef4f24e9a42bb989e09b589c9f3f604e1f89bb164c4da7837e97e7300c40
-  data.tar.gz: 5c6d3cbaea3d77c7d3394dcf20fdca6a90f8b5bc14973c971d88bc84ee8220fb4332f182c3f5621c9414544ca8d376432bfccc54a5855d6777fcb0840c689f60
+  metadata.gz: 16055032c71dda26d38356da8622cd827fd6fd5dd6409325b6f66af1d38c80dff0a80e86f0416807da6663e0d2dfe7472c2f78db178a766434517e46121d67f0
+  data.tar.gz: 913c4870b8768f85c7ada637c76060ddc045dc64e53ef1dc8d52d717a3743b52b93793d518b55b8f55056b9eafc8501443d6514cf6c63567f9c850a4a12a348d

data/.gitignore

@@ -1,6 +1,9 @@
 *.gem
 *.rbc
 *.db
+*.key
+*.crt
+*.cert
 /.config
 /coverage/
 /InstalledFiles
@@ -29,10 +32,21 @@ build/
 
 # for a library or gem, you might want to ignore these files since the code is
 # intended to run in multiple environments; otherwise, check them in:
-# Gemfile.lock
+Gemfile.lock
 # .ruby-version
 # .ruby-gemset
 
 # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
 .rvmrc
 gh-pages/
+
+# https ssl certificates
+cert.pem
+key.pem
+
+# API Database
+#ssh_scan
+
+# Config files
+bin/ssh_scan_api_example_config.yml
+bin/ssh_scan_worker_example_config.yml

data/.travis.yml

@@ -4,6 +4,8 @@ matrix:
   - rvm: ruby-head
     env:
       - LABEL=unit_tests
+    after_success:
+      - coveralls
   - rvm: 2.3.0
     env:
       - LABEL=unit_tests

data/Gemfile

@@ -1,3 +1,4 @@
 source "https://rubygems.org"
 
+gem 'coveralls', require: false
 gemspec

data/README.md

@@ -4,7 +4,7 @@
 [![Code Climate](https://codeclimate.com/github/mozilla/ssh_scan.png)](https://codeclimate.com/github/mozilla/ssh_scan)
 [![Gem Version](https://badge.fury.io/rb/ssh_scan.svg)](https://badge.fury.io/rb/ssh_scan)
 [![Join the chat at https://gitter.im/mozilla-ssh_scan/Lobby](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/mozilla-ssh_scan/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
-
+[![Coverage Status](https://coveralls.io/repos/github/mozilla/ssh_scan/badge.svg?branch=master)](https://coveralls.io/github/mozilla/ssh_scan?branch=master)
 
 A SSH configuration and policy scanner
 
@@ -59,38 +59,40 @@ bundle install
 
 Run `ssh_scan -h` to get this
 
-ssh_scan v0.0.15 (https://github.com/mozilla/ssh_scan)
-
-    Usage: ssh_scan [options]
-        -t, --target [IP/Range/Hostname] IP/Ranges/Hostname to scan
-        -f, --file [FilePath]            File Path of the file containing IP/Range/Hostnames to scan
-        -T, --timeout [seconds]          Timeout per connect after which ssh_scan gives up on the host
-        -L, --logger [Log File Path]     Enable logger
-        -O, --from_json [FilePath]       File to read JSON output from
-        -o, --output [FilePath]          File to write JSON output to
-        -p, --port [PORT]                Port (Default: 22)
-        -P, --policy [FILE]              Custom policy file (Default: Mozilla Modern)
-            --threads [NUMBER]           Number of worker threads (Default: 5)
-            --fingerprint-db [FILE]      File location of fingerprint database (Default: ./fingerprints.db)
-        -u, --unit-test [FILE]           Throw appropriate exit codes based on compliance status
-        -V, --verbosity                  Set the logger level (Accepted Params: INFO, DEBUG, WARN, ERROR, FATAL)
-        -v, --version                    Display just version info
-        -h, --help                       Show this message
-
-    Examples:
-
-      ssh_scan -t 192.168.1.1
-      ssh_scan -t server.example.com
-      ssh_scan -t ::1
-      ssh_scan -t ::1 -T 5
-      ssh_scan -f hosts.txt
-      ssh_scan -o output.json
-      ssh_scan -O output.json -o rescan_output.json
-      ssh_scan -t 192.168.1.1 -p 22222
-      ssh_scan -t 192.168.1.1 -p 22222 -L output.log -V INFO
-      ssh_scan -t 192.168.1.1 -P custom_policy.yml
-      ssh_scan -t 192.168.1.1 --unit-test -P custom_policy.yml
-
+ssh_scan v0.0.17 (https://github.com/mozilla/ssh_scan)
+
+Usage: ssh_scan [options]
+    -t, --target [IP/Range/Hostname] IP/Ranges/Hostname to scan
+    -f, --file [FilePath]            File Path of the file containing IP/Range/Hostnames to scan
+    -T, --timeout [seconds]          Timeout per connect after which ssh_scan gives up on the host
+    -L, --logger [Log File Path]     Enable logger
+    -O, --from_json [FilePath]       File to read JSON output from
+    -o, --output [FilePath]          File to write JSON output to
+    -p, --port [PORT]                Port (Default: 22)
+    -P, --policy [FILE]              Custom policy file (Default: Mozilla Modern)
+        --threads [NUMBER]           Number of worker threads (Default: 5)
+        --fingerprint-db [FILE]      File location of fingerprint database (Default: ./fingerprints.db)
+        --suppress-update-status     Do not check for updates
+    -u, --unit-test [FILE]           Throw appropriate exit codes based on compliance status
+    -V [STD_LOGGING_LEVEL],          File to write JSON output to
+        --verbosity
+    -v, --version                    Display just version info
+    -l, --listen                     Listen and serve API requests
+    -h, --help                       Show this message
+
+Examples:
+
+  ssh_scan -t 192.168.1.1
+  ssh_scan -t server.example.com
+  ssh_scan -t ::1
+  ssh_scan -t ::1 -T 5
+  ssh_scan -f hosts.txt
+  ssh_scan -o output.json
+  ssh_scan -O output.json -o rescan_output.json
+  ssh_scan -t 192.168.1.1 -p 22222
+  ssh_scan -t 192.168.1.1 -p 22222 -L output.log -V INFO
+  ssh_scan -t 192.168.1.1 -P custom_policy.yml
+  ssh_scan -t 192.168.1.1 --unit-test -P custom_policy.yml
 
 - See here for [example video](https://asciinema.org/a/7pliiw5zqhj7eqvz7q437u6vx)
 - See here for [example output](https://github.com/mozilla/ssh_scan/blob/master/examples/192.168.1.1.json)

data/Rakefile

@@ -22,14 +22,20 @@ TRAVELING_RUBY_VERSION = "20150210-2.1.5"
 SQLITE3_VERSION = "1.3.9"  # Must match Gemfile
 
 desc "Package your app"
-task :package => ['package:linux:x86', 'package:linux:x86_64', 'package:osx', 'package:win32']
+task :package => [
+  'package:linux:x86',
+  'package:linux:x86_64',
+  'package:osx',
+  'package:win32'
+]
 
 namespace :package do
   namespace :linux do
     desc "Package your app for Linux x86"
     task :x86 => [:bundle_install,
       "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86.tar.gz",
-      "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86-sqlite3-#{SQLITE3_VERSION}.tar.gz"
+      "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86-sqlite3\
+-#{SQLITE3_VERSION}.tar.gz"
     ] do
       create_package("linux-x86")
     end
@@ -37,7 +43,8 @@ namespace :package do
     desc "Package your app for Linux x86_64"
     task :x86_64 => [:bundle_install,
       "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86_64.tar.gz",
-      "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86_64-sqlite3-#{SQLITE3_VERSION}.tar.gz"
+      "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86_64-sqlite3\
+-#{SQLITE3_VERSION}.tar.gz"
     ] do
       create_package("linux-x86_64")
     end
@@ -46,20 +53,23 @@ namespace :package do
   desc "Package your app for OS X"
   task :osx => [:bundle_install,
     "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-osx.tar.gz",
-    "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-osx-sqlite3-#{SQLITE3_VERSION}.tar.gz"
+    "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-osx-sqlite3\
+-#{SQLITE3_VERSION}.tar.gz"
   ] do
     create_package("osx")
   end
 
   desc "Package your app for Windows x86"
-  task :win32 => [:bundle_install, "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-win32.tar.gz"] do
+  task :win32 => [:bundle_install, "packaging/traveling-ruby\
+-#{TRAVELING_RUBY_VERSION}-win32.tar.gz"] do
     create_package("win32", :windows)
   end
 
   desc "Install gems to local directory"
   task :bundle_install do
     if RUBY_VERSION !~ /^2\.3\./
-      abort "You can only 'bundle install' using Ruby 2.3, because that's what Traveling Ruby uses."
+      abort "You can only 'bundle install' using Ruby 2.3, because \
+that's what Traveling Ruby uses."
     end
     sh "rm -rf packaging/tmp"
     sh "mkdir packaging/tmp"
@@ -69,7 +79,8 @@ namespace :package do
     sh "cp -R bin/* packaging/tmp/bin"
     sh "cp Gemfile Gemfile.lock #{PACKAGE_NAME}.gemspec packaging/tmp/"
     Bundler.with_clean_env do
-      sh "cd packaging/tmp && env BUNDLE_IGNORE_CONFIG=1 bundle install --path ../vendor --without development"
+      sh "cd packaging/tmp && env BUNDLE_IGNORE_CONFIG=1 bundle install \
+--path ../vendor --without development"
     end
     sh "rm -rf packaging/tmp"
     sh "rm -f packaging/vendor/*/*/cache/*"
@@ -96,15 +107,18 @@ file "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-win32.tar.gz" do
   download_runtime("win32")
 end
 
-file "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86-sqlite3-#{SQLITE3_VERSION}.tar.gz" do
+file "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86-sqlite3\
+-#{SQLITE3_VERSION}.tar.gz" do
   download_native_extension("linux-x86", "sqlite3-#{SQLITE3_VERSION}")
 end
 
-file "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86_64-sqlite3-#{SQLITE3_VERSION}.tar.gz" do
+file "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86_64-sqlite3\
+-#{SQLITE3_VERSION}.tar.gz" do
   download_native_extension("linux-x86_64", "sqlite3-#{SQLITE3_VERSION}")
 end
 
-file "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-osx-sqlite3-#{SQLITE3_VERSION}.tar.gz" do
+file "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-osx-sqlite3\
+-#{SQLITE3_VERSION}.tar.gz" do
   download_native_extension("osx", "sqlite3-#{SQLITE3_VERSION}")
 end
 
@@ -115,7 +129,8 @@ def create_package(target, os_type = :unix)
   sh "mkdir -p #{package_dir}/lib/app"
   sh "cp bin/#{PACKAGE_NAME} #{package_dir}/lib/app/"
   sh "mkdir #{package_dir}/lib/ruby"
-  sh "tar -xzf packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-#{target}.tar.gz -C #{package_dir}/lib/ruby"
+  sh "tar -xzf packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-#{target}\
+.tar.gz -C #{package_dir}/lib/ruby"
   if os_type == :unix
     sh "cp packaging/wrapper.sh #{package_dir}/#{PACKAGE_NAME}"
   else
@@ -127,8 +142,14 @@ def create_package(target, os_type = :unix)
   sh "cp Gemfile Gemfile.lock #{PACKAGE_NAME}.gemspec #{package_dir}/lib/vendor/"
   sh "mkdir #{package_dir}/lib/vendor/.bundle"
   sh "cp packaging/bundler-config #{package_dir}/lib/vendor/.bundle/config"
-  sh "tar -xzf packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-#{target}-sqlite3-#{SQLITE3_VERSION}.tar.gz " +
-    "-C #{package_dir}/lib/vendor/ruby"
+  if os_type == :unix
+    sh "tar -xzf packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-#{target}-\
+sqlite3-#{SQLITE3_VERSION}.tar.gz " +
+      "-C #{package_dir}/lib/vendor/ruby"
+  else
+    sh "tar -xzf packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-#{target}\
+.tar.gz " + "-C #{package_dir}/lib/vendor/ruby"
+  end
   if !ENV['DIR_ONLY']
     if os_type == :unix
       sh "tar -czf #{package_dir}.tar.gz #{package_dir}"
@@ -142,10 +163,13 @@ end
 
 def download_runtime(target)
   sh "cd packaging && curl -L -O --fail " +
-    "https://d6r77u77i8pq3.cloudfront.net/releases/traveling-ruby-#{TRAVELING_RUBY_VERSION}-#{target}.tar.gz"
+    "https://d6r77u77i8pq3.cloudfront.net/releases/traveling-ruby-\
+#{TRAVELING_RUBY_VERSION}-#{target}.tar.gz"
 end
 
 def download_native_extension(target, gem_name_and_version)
-  sh "curl -L --fail -o packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-#{target}-#{gem_name_and_version}.tar.gz " +
-    "https://d6r77u77i8pq3.cloudfront.net/releases/traveling-ruby-gems-#{TRAVELING_RUBY_VERSION}-#{target}/#{gem_name_and_version}.tar.gz"
+  sh "curl -L --fail -o packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}\
+-#{target}-#{gem_name_and_version}.tar.gz " +
+    "https://d6r77u77i8pq3.cloudfront.net/releases/traveling-ruby-gems-\
+#{TRAVELING_RUBY_VERSION}-#{target}/#{gem_name_and_version}.tar.gz"
 end

data/bin/ssh_scan

@@ -11,61 +11,83 @@ require 'logger'
 
 #Default options
 options = {
-  :sockets => [],
-  :policy => File.expand_path("../../policies/mozilla_modern.yml", __FILE__),
-  :unit_test => false,
-  :timeout => 2,
-  :threads => 5,
-  :verbosity => nil,
-  :logger => Logger.new(STDERR),
-  :fingerprint_database => "./fingerprints.db"
+  "sockets" => [],
+  "policy" => File.join(Dir.pwd, '/config/policies/mozilla_modern.yml'),
+  "unit_test" => false,
+  "timeout" => 2,
+  "threads" => 5,
+  "verbosity" => nil,
+  "logger" => Logger.new(STDERR),
+  "fingerprint_database" => "./fingerprints.db"
 }
 
+# Reorder arguments before parsing
+def reorder_args!(order, opt_parser)
+  old_args = opt_parser.default_argv
+  new_args = []
+  len = opt_parser.default_argv.length
+  order.each do |next_keyset|
+    i = 0
+    (0...len).each do
+      if next_keyset.include?(opt_parser.default_argv[i])
+        new_args << old_args.delete_at(i) << old_args.delete_at(i)
+      else
+        i += 1
+      end
+    end
+  end
+  new_args += old_args
+  opt_parser.default_argv = new_args
+end
+
 target_parser = SSHScan::TargetParser.new()
 
 opt_parser = OptionParser.new do |opts|
-  opts.banner = "ssh_scan v#{SSHScan::VERSION} (https://github.com/mozilla/ssh_scan)\n\n" +
-                "Usage: ssh_scan [options]"
+  opts.banner =
+    "ssh_scan v#{SSHScan::VERSION} (https://github.com/mozilla/ssh_scan)\n\n\
+Usage: ssh_scan [options]"
 
   opts.on("-t", "--target [IP/Range/Hostname]", Array,
           "IP/Ranges/Hostname to scan") do |sockets|
     sockets.each do |socket|
       ip, port = socket.chomp.split(':')
-      options[:sockets] += target_parser.enumerateIPRange(ip, port)
+      options["sockets"] += target_parser.enumerateIPRange(ip, port)
     end
   end
 
   opts.on("-f", "--file [FilePath]",
-          "File Path of the file containing IP/Range/Hostnames to scan") do |file|
-    unless File.exists?(file)
+          "File Path of the file containing IP/Range/Hostnames to \
+scan") do |file|
+    unless File.exist?(file)
       puts "\nReason: input file supplied is not a file"
       exit
     end
     File.open(file).each do |line|
       line.chomp.split(',').each do |socket|
         ip, port = socket.chomp.split(':')
-        options[:sockets] += target_parser.enumerateIPRange(ip, port)
+        options["sockets"] += target_parser.enumerateIPRange(ip, port)
       end
     end
   end
 
   opts.on("-T", "--timeout [seconds]",
-          "Timeout per connect after which ssh_scan gives up on the host") do |timeout|
-    options[:timeout] = timeout.to_i
+          "Timeout per connect after which ssh_scan gives up on the\
+ host") do |timeout|
+    options["timeout"] = timeout.to_i
   end
 
   opts.on("-L", "--logger [Log File Path]",
           "Enable logger") do |log_file|
     if log_file.nil?
-      options[:logger] = Logger.new(STDERR)
+      options["logger"] = Logger.new(STDERR)
     else
-      options[:logger] = Logger.new $stdout.reopen(log_file, "w")
+      options["logger"] = Logger.new $stdout.reopen(log_file, "w")
     end
   end
 
   opts.on("-O", "--from_json [FilePath]",
           "File to read JSON output from") do |file|
-    unless File.exists?(file)
+    unless File.exist?(file)
       puts "\nReason: Invalid file"
       exit
     end
@@ -73,7 +95,10 @@ opt_parser = OptionParser.new do |opts|
     json = file.read
     parsed_json = JSON.parse(json)
     parsed_json.each do |host|
-      options[:sockets] += target_parser.enumerateIPRange(host['ip'], host['port'])
+      options["sockets"] += target_parser.enumerateIPRange(
+        host['ip'],
+        host['port']
+      )
     end
   end
 
@@ -85,54 +110,61 @@ opt_parser = OptionParser.new do |opts|
   opts.on("-p", "--port [PORT]", Array,
           "Port (Default: 22)") do |ports|
     temp = []
-    options[:sockets].each do |socket|
+    options["sockets"].each do |socket|
       ports.each do |port|
         ip, old_port = socket.chomp.split(':')
         if !old_port.nil?
-          puts "Specifying port simultaneously with -t and -p is not allowed. Please fix this and try again"
+          puts "Specifying port simultaneously with -t and -p is not\
+ allowed. Please fix this and try again"
           exit 1
         end
         temp += target_parser.enumerateIPRange(ip, port)
       end
     end
-    options[:sockets] = temp
+    options["sockets"] = temp
   end
 
   opts.on("-P", "--policy [FILE]",
           "Custom policy file (Default: Mozilla Modern)") do |policy|
-    options[:policy] = policy
+    options["policy"] = policy
   end
 
   opts.on("--threads [NUMBER]",
           "Number of worker threads (Default: 5)") do |threads|
-    options[:threads] = threads.to_i
+    options["threads"] = threads.to_i
   end
 
   opts.on("--fingerprint-db [FILE]",
-          "File location of fingerprint database (Default: ./fingerprints.db)") do |fingerprint_db|
-    options[:fingerprint_database] = fingerprint_db
+          "File location of fingerprint database (Default: \
+./fingerprints.db)") do |fingerprint_db|
+    options["fingerprint_database"] = fingerprint_db
   end
 
   opts.on("--suppress-update-status", "Do not check for updates") do
-    options[:suppress_update_status] = true
+    options["suppress_update_status"] = true
   end
 
   opts.on("-u", "--unit-test [FILE]",
           "Throw appropriate exit codes based on compliance status") do
-    options[:unit_test] = true
+    options["unit_test"] = true
   end
 
-  opts.on("-V", "--verbosity",
-          "Set the logger level (Accepted Params: INFO, DEBUG, WARN, ERROR, FATAL)") do |verbosity|
-    options[:logger].level = case options[:verbosity]
-      when "INFO" then Logger::INFO
-      when "DEBUG" then Logger::DEBUG
-      when "WARN" then Logger::WARN
-      when "ERROR" then Logger::ERROR
-      when "FATAL" then Logger::FATAL
-      else
-        puts "Can't convert #{options[:verbosity]} to any of the Logger level constants"
-        exit
+  opts.on("-V", "--verbosity [STD_LOGGING_LEVEL]",
+          "File to write JSON output to") do |verb|
+    case verb
+    when "INFO"
+      options["logger"].level ==  Logger::INFO
+    when "WARN"
+      options["logger"].level ==  Logger::WARN
+    when "DEBUG"
+      options["logger"].level ==  Logger::DEBUG
+    when "ERROR"
+      options["logger"].level ==  Logger::ERROR
+    when "FATAL"
+      options["logger"].level ==  Logger::FATAL
+    else
+      options["logger"].fatal("Unrecognized logging verbosity level #{verb}")
+      exit 1
     end
   end
 
@@ -166,16 +198,17 @@ opt_parser = OptionParser.new do |opts|
   end
 end
 
+reorder_args!([["-t", "--target"], ["-p", "--port"]], opt_parser)
 opt_parser.parse!
 
-if options[:sockets].nil?
+if options["sockets"].nil?
   puts opt_parser.help
   puts "\nReason: no target specified"
   exit 1
 end
 
-options[:sockets].each do |socket|
-  ip, port = socket.chomp.split(':')
+options["sockets"].each do |socket|
+  ip = socket.chomp.split(':')[0]
   unless ip.ip_addr? || ip.fqdn?
     puts opt_parser.help
     puts "\nReason: #{socket} is not a valid target"
@@ -183,8 +216,8 @@ options[:sockets].each do |socket|
   end
 end
 
-options[:sockets].each do |socket|
-  ip, port = socket.chomp.split(':')
+options["sockets"].each do |socket|
+  port = socket.chomp.split(':')[1]
   unless (0..65535).include?(port.to_i)
     puts opt_parser.help
     puts "\nReason: port supplied is not within acceptable range"
@@ -192,29 +225,34 @@ options[:sockets].each do |socket|
   end
 end
 
-unless File.exists?(options[:policy])
+unless File.exist?(options["policy"])
   puts opt_parser.help
   puts "\nReason: policy file supplied is not a file"
   exit 1
 end
 
 # Check to see if we're running the latest released version
-if !options[:suppress_update_status]
+if !options["suppress_update_status"]
   update = SSHScan::Update.new
   if update.newer_gem_available?
-    options[:logger].warn("You're NOT using the latest version of ssh_scan, try 'gem update ssh_scan' to get the latest")
+    options["logger"].warn(
+      "You're NOT using the latest version of ssh_scan, try 'gem update \
+ssh_scan' to get the latest"
+    )
   else
-    if update.errors.size > 0
+    if update.errors.any?
       update.errors.each do |error|
-        options[:logger].error(error)
+        options["logger"].error(error)
       end
     else
-      options[:logger].info("You're using the latest version of ssh_scan #{SSHScan::VERSION}")
+      options["logger"].info(
+        "You're using the latest version of ssh_scan #{SSHScan::VERSION}"
+      )
     end
   end
 end
 
-options[:policy_file] = SSHScan::Policy.from_file(options[:policy])
+options["policy_file"] = SSHScan::Policy.from_file(options["policy"])
 
 # Perform scan and get results
 scan_engine = SSHScan::ScanEngine.new()
@@ -222,7 +260,7 @@ results = scan_engine.scan(options)
 
 puts JSON.pretty_generate(results)
 
-if options[:unit_test] == true
+if options["unit_test"] == true
   results.each do |result|
     if result["compliance"] &&
        result["compliance"][:compliant] == false