PyPI - sshplex - Versions diffs - 1.4.0__tar.gz → 1.5.0__tar.gz - Mend

sshplex 1.4.0tar.gz → 1.5.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

{sshplex-1.4.0/sshplex.egg-info → sshplex-1.5.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: sshplex
-Version: 1.4.0
+Version: 1.5.0
 Summary: Multiplex your SSH connections with style
 Author-email: MJAHED Sabri <contact@sabrimjahed.com>
 License: MIT

{sshplex-1.4.0 → sshplex-1.5.0}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "sshplex"
-version = "1.4.0"
+version = "1.5.0"
 description = "Multiplex your SSH connections with style"
 authors = [{name = "MJAHED Sabri", email = "contact@sabrimjahed.com"}]
 readme = "README.md"

{sshplex-1.4.0 → sshplex-1.5.0}/sshplex/lib/config.py RENAMED Viewed

@@ -88,7 +88,7 @@ class ConsulConfig(BaseModel):
     port: int = Field(443, description="Consul port number")
     token: str = Field("default_token", description="Consul token for authentication")
     scheme: str = Field("https", description="URL scheme (e.g., 'https')")
-    verify: bool = Field(False, description="Whether to verify SSL certificates")
+    verify: bool = Field(True, description="Whether to verify SSL certificates (default: True for security)")
     dc: str = Field("dc1", description="Datacenter name")
     cert: str = Field("", description="Path to SSL certificate")

{sshplex-1.4.0 → sshplex-1.5.0}/sshplex/lib/multiplexer/tmux.py RENAMED Viewed

@@ -1,6 +1,7 @@
 """SSHplex tmux multiplexer implementation."""
 import platform
+import re
 import subprocess
 import uuid
 from datetime import datetime
@@ -261,8 +262,10 @@ class TmuxManager(MultiplexerBase):
                 return False
             pane = self.panes[hostname]
+            # Sanitize title to prevent injection - only allow safe characters
+            safe_title = re.sub(r'[^\w\s.-]', '', title)[:50]  # Remove dangerous chars, limit length
             # Set pane title using printf escape sequence
-            pane.send_keys(f'printf "\\033]2;{title}\\033\\\\"', enter=True)
+            pane.send_keys(f'printf "\\033]2;{safe_title}\\033\\\\"', enter=True)
             return True
         except Exception as e:

{sshplex-1.4.0 → sshplex-1.5.0}/sshplex/sshplex_connector.py RENAMED Viewed

@@ -1,6 +1,9 @@
 """SSHplex Connector - SSH connections and tmux session management."""
+import os
 import platform
+import re
+import shlex
 import time
 from datetime import datetime
 from typing import Any, List, Optional
@@ -50,6 +53,10 @@ class SSHplexConnector:
         if not username or not username.strip():
             raise ValueError("SSH username cannot be empty")
+        # Validate username format to prevent injection
+        if not re.match(r'^[a-zA-Z0-9._-]+$', username):
+            raise ValueError(f"Invalid username format: {username}")
         if port < 1 or port > 65535:
             raise ValueError(f"SSH port must be between 1 and 65535, got {port}")
@@ -75,6 +82,12 @@ class SSHplexConnector:
             for _i, host in enumerate(hosts):
                 hostname = host.ip if host.ip else host.name
+                # Validate hostname format to prevent injection
+                if not re.match(r'^[a-zA-Z0-9.-]+$', hostname):
+                    self.logger.warning(f"Invalid hostname format (potential injection): {hostname}")
+                    self.logger.warning("Skipping potentially malicious host")
+                    continue
                 # Build SSH command
                 ssh_command = self._build_ssh_command(host, username, key_path, port)
@@ -194,9 +207,21 @@ class SSHplexConnector:
                         None
                     )
                     if proxy:
-                        cmd_parts.extend([
-                            "-o", f"ProxyCommand=ssh -i {proxy.key_path} -W %h:%p {proxy.username}@{proxy.host}"
-                        ])
+                        # Sanitize proxy credentials to prevent injection
+                        proxy_host = proxy.host or ''
+                        proxy_user = proxy.username or ''
+                        proxy_key = proxy.key_path or ''
+                        # Validate proxy values format
+                        if (re.match(r'^[a-zA-Z0-9.-]+$', proxy_host) and
+                            re.match(r'^[a-zA-Z0-9._-]+$', proxy_user) and
+                            os.path.isabs(proxy_key) and '..' not in proxy_key):
+                            # Use shlex.quote for safe shell escaping
+                            cmd_parts.extend([
+                                "-o", f"ProxyCommand=ssh -i {shlex.quote(proxy_key)} -W %h:%p {shlex.quote(proxy_user)}@{shlex.quote(proxy_host)}"
+                            ])
+                        else:
+                            self.logger.warning("Proxy configuration contains invalid values, skipping proxy")
         except Exception:
             # Proxy not configured for this host, continue without it
             pass
@@ -233,8 +258,8 @@ class SSHplexConnector:
         timeout = getattr(self.config.ssh, 'timeout', 10) if self.config else 10
         cmd_parts.extend(["-o", f"ConnectTimeout={timeout}"])
-        # Add user@hostname
-        cmd_parts.append(f"{username}@{hostname}")
+        # Add user@hostname with proper escaping
+        cmd_parts.append(f"{shlex.quote(username)}@{shlex.quote(hostname)}")
         return " ".join(cmd_parts)

{sshplex-1.4.0 → sshplex-1.5.0/sshplex.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: sshplex
-Version: 1.4.0
+Version: 1.5.0
 Summary: Multiplex your SSH connections with style
 Author-email: MJAHED Sabri <contact@sabrimjahed.com>
 License: MIT