From 3fe9299cdd06f48834e3ca5af48ed49ba98a9d14 Mon Sep 17 00:00:00 2001
From: Christoph Hartmann <chris@lollyrock.com>
Date: Mon, 18 Dec 2023 09:33:20 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20set=20default=20sudo=20executabl?=
 =?UTF-8?q?e=20(#2858)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 providers/os/connection/ssh.go      | 21 +++++++++++++++++----
 providers/os/connection/ssh_test.go | 24 ++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 4 deletions(-)
 create mode 100644 providers/os/connection/ssh_test.go

diff --git a/providers/os/connection/ssh.go b/providers/os/connection/ssh.go
index a00f5e30a2..d7ba4ec39f 100644
--- a/providers/os/connection/ssh.go
+++ b/providers/os/connection/ssh.go
@@ -78,6 +78,7 @@ func NewSshConnection(id uint32, conf *inventory.Config, asset *inventory.Asset)
 	}
 
 	if os.Getenv("MONDOO_SSH_SCP") == "on" || conf.Options["ssh_scp"] == "on" {
+		log.Debug().Msg("use scp file transfer")
 		res.UseScpFilesystem = true
 	}
 
@@ -100,6 +101,8 @@ func NewSshConnection(id uint32, conf *inventory.Config, asset *inventory.Asset)
 			// configure sudo
 			log.Debug().Msg("activated sudo for ssh connection")
 			res.Sudo = conf.Sudo
+		} else {
+			log.Debug().Msg("deactivated sudo for ssh connection since user is root")
 		}
 	}
 
@@ -281,13 +284,23 @@ func (c *SshConnection) Close() {
 	}
 }
 
+// checks the connection config and set default values if not provided by the user
+func (c *SshConnection) setDefaultSettings() {
+	// we always want to ensure we use the default port if nothing was specified
+	if c.conf.Port == 0 {
+		c.conf.Port = 22
+	}
+
+	// we need to check if an executable was provided, otherwise fallback to use sudo
+	if c.conf.Sudo != nil && c.conf.Sudo.Active && c.conf.Sudo.Executable == "" {
+		c.conf.Sudo.Executable = "sudo"
+	}
+}
+
 func (c *SshConnection) Connect() error {
 	cc := c.conf
 
-	// we always want to ensure we use the default port if nothing was specified
-	if cc.Port == 0 {
-		cc.Port = 22
-	}
+	c.setDefaultSettings()
 
 	// load known hosts and track the fingerprint of the ssh server for later identification
 	knownHostsCallback, err := knownHostsCallback()
diff --git a/providers/os/connection/ssh_test.go b/providers/os/connection/ssh_test.go
new file mode 100644
index 0000000000..d2377aab31
--- /dev/null
+++ b/providers/os/connection/ssh_test.go
@@ -0,0 +1,24 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package connection
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"go.mondoo.com/cnquery/v9/providers-sdk/v1/inventory"
+)
+
+func TestSSHDefaultSettings(t *testing.T) {
+	conn := &SshConnection{
+		conf: &inventory.Config{
+			Sudo: &inventory.Sudo{
+				Active: true,
+			},
+		},
+	}
+	conn.setDefaultSettings()
+	assert.Equal(t, int32(22), conn.conf.Port)
+	assert.Equal(t, "sudo", conn.conf.Sudo.Executable)
+}