ssh_crypto.rb doesn't return a numeric value for SSH version

[weaverslodge]

Description

There are a number of checks made against the version of SSH within the controls. All rely on this particular command in ssh_crypto.rb.

inspec.command('ssh -V 2>&1 | cut -f1 -d" " | cut -f2 -d"_"').stdout.to_f

Reproduction steps

go to a server that you want to run the controls against. execute the ssh command as shown above

ssh -V 2>&1 | cut -f1 -d" " | cut -f2 -d"_"

[xxxx@xxxxx ~]$ ssh -V 2>&1 | cut -f1 -d" " | cut -f2 -d"_" 7.4p1,

Current Behavior

[xxxx@xxxx ~]$ ssh -V 2>&1 | cut -f1 -d" " | cut -f2 -d"_" 7.4p1,

Obviously if you are going to be checking this via a numerical check, having non numerics in the result is problematic

Expected Behavior

I'd expect to see

7.4

OS / Environment

Redhat 7 (3.10.0-1160.76.1.el7.x86_64)

Inspec Version

5.17.4

Baseline Version

ssh-baseline-2.8.0

Additional information

To get this to return the correct information I did this (although I'm sure there's a better way.

ssh -V 2>&1 | cut -f1 -d" " | cut -f2 -d"_"| sed "s/(.)p./\1/"

[rndmh3ro]

You're basically right.

The command used right now:

inspec> inspec.command('ssh -V 2>&1 | cut -f1 -d" " | cut -f2 -d"_"').stdout
=> "8.9p1\n"

A better command (using cut again, instead of sed to keep it simpler):

inspec> inspec.command('ssh -V 2>&1 | cut -f1 -d" " | cut -f2 -d"_" | cut -d "p" -f 1').stdout
=> "8.9\n"

However as we use to_f (to_float), all non float-characters are removed anyway:

inspec> inspec.command('ssh -V 2>&1 | cut -f1 -d" " | cut -f2 -d"_"').stdout.to_f
=> 8.9

So for me that's not really a bug. But feel free to change this via a PR. :)