Merge pull request #1281 from tgauth/update-ssh-server-grammar

SteveL-MSFT · web-flow · commit 6eeef0eb833e · 2025-12-02T22:00:19.000Z
update sshd config grammar
diff --git a/grammars/tree-sitter-ssh-server-config/grammar.js b/grammars/tree-sitter-ssh-server-config/grammar.js
@@ -5,7 +5,7 @@
 
 const PREC = {
   MATCH: 2,
-  OPERATOR: 1,
+  OPERATOR: 1
 }
 
 module.exports = grammar({
@@ -14,10 +14,10 @@ module.exports = grammar({
   extras: $ => [' ', '\t', '\r'],
 
   rules: {
-    server_config: $ => seq(repeat(choice($.empty_line, $.comment, $.keyword)), repeat($.match)),
+    server_config: $ => seq(repeat(choice($._empty_line, $.comment, $.keyword)), repeat($.match)),
 
     // check for an empty line that is just a /n character
-    empty_line: $ => '\n',
+    _empty_line: $ => '\n',
     comment: $ => /#.*\n/,
 
     keyword: $ => seq(
@@ -30,20 +30,31 @@ module.exports = grammar({
 
     match: $ => seq(
       token(prec(PREC.MATCH, /match/i)),
-      field('criteria', $.keyword),
+      seq(repeat1($.criteria), $._empty_line),
       repeat1(choice($.comment, $.keyword)),
     ),
 
-    arguments: $ => repeat1(choice($.boolean, $.number, $._quotedString, $._commaSeparatedString)),
+    criteria: $ => seq(
+      field('criteria', $.alpha),
+      choice(seq(/[ \t]/, optional('=')), '='),
+      field('argument', $._argument)
+    ),
 
+    _argument: $ => choice($.boolean, $.number, $.string, $._commaSeparatedString, $._doublequotedString, $._singlequotedString),
+    arguments: $ => repeat1($._argument),
+
+    alpha: $ => /[a-zA-Z]+/i,
     alphanumeric: $ => /[a-zA-Z0-9]+/i,
     boolean: $ => choice('yes', 'no'),
     number: $ => /\d+/,
     operator: $ => token(prec(PREC.OPERATOR, /[-+\^]/)),
-    string: $ => /[^\r\n,"]+/,
+    string: $ => /[^\r\n,"'\s]+/, /* cannot contain spaces */
+
+    _quotedString: $ => /[^\r\n,"']+/, /* can contain spaces */
+    _doublequotedString: $ => seq('"', alias($._quotedString, $.string), repeat(seq(',', alias($._quotedString, $.string))), '"'),
+    _singlequotedString: $ => seq('\'', alias($._quotedString, $.string), repeat(seq(',', alias($._quotedString, $.string))), '\''),
 
-    _commaSeparatedString: $ => seq($.string, repeat(seq(',', $.string))),
-    _quotedString: $ => seq('\"', $.string, '\"'),
+    _commaSeparatedString: $ => prec(1, seq($.string, repeat1(seq(',', $.string))))
   }
 
 });
diff --git a/grammars/tree-sitter-ssh-server-config/test/corpus/invalid_expressions.txt b/grammars/tree-sitter-ssh-server-config/test/corpus/invalid_expressions.txt
@@ -8,8 +8,7 @@ AuthorizedKeysFile"ARG"
 (server_config
   (ERROR
     (alphanumeric)
-    (UNEXPECTED 'A'))
-  (empty_line))
+    (string)))
 =====
 missing argument after keyword
 =====
@@ -19,5 +18,4 @@ AuthorizedKeysFile
 
 (server_config
   (ERROR
-    (alphanumeric))
-  (empty_line))
+    (alphanumeric)))
diff --git a/grammars/tree-sitter-ssh-server-config/test/corpus/valid_expressions.txt b/grammars/tree-sitter-ssh-server-config/test/corpus/valid_expressions.txt
@@ -29,10 +29,9 @@ authorizedkeysfile "path to authorized keys file"
 
 (server_config
   (match
-    (keyword
-      (alphanumeric)
-      (arguments
-        (string)))
+    (criteria
+      (alpha)
+      (string))
     (keyword
       (alphanumeric)
       (arguments
@@ -52,10 +51,9 @@ authorizedkeysfile "path to authorized keys file"
     (arguments
       (boolean)))
   (match
-    (keyword
-      (alphanumeric)
-      (arguments
-        (string)))
+    (criteria
+      (alpha)
+      (string))
     (keyword
       (alphanumeric)
       (arguments
@@ -229,19 +227,17 @@ passwordauthentication yes
 
 (server_config
   (match
-    (keyword
-      (alphanumeric)
-      (arguments
-        (string)))
+    (criteria
+      (alpha)
+      (string))
     (keyword
       (alphanumeric)
       (arguments
         (boolean))))
   (match
-    (keyword
-      (alphanumeric)
-      (arguments
-        (string)))
+    (criteria
+      (alpha)
+      (string))
     (keyword
       (alphanumeric)
       (arguments
@@ -281,6 +277,11 @@ Subsystem	sftp	sftp-server.exe -f LOCAL0 -l DEBUG3
   (keyword
     (alphanumeric)
     (arguments
+      (string)
+      (string)
+      (string)
+      (string)
+      (string)
       (string))))
 =====
 parse mini config
@@ -304,10 +305,9 @@ passwordauthentication yes
     (arguments
       (string)))
   (match
-    (keyword
-      (alphanumeric)
-      (arguments
-        (string)))
+    (criteria
+      (alpha)
+      (string))
     (keyword
       (alphanumeric)
       (arguments
@@ -318,10 +318,9 @@ passwordauthentication yes
         (string)
         (string))))
   (match
-    (keyword
-      (alphanumeric)
-      (arguments
-        (string)))
+    (criteria
+      (alpha)
+      (string))
     (keyword
       (alphanumeric)
       (arguments
@@ -354,8 +353,7 @@ parse empty line
 
 
 ---
-(server_config
-  (empty_line))
+(server_config)
 ====
 parse repeatable keyword
 ====
@@ -367,4 +365,59 @@ allowgroups administrators "openssh users"
     (alphanumeric)
     (arguments
       (string)
-      (string))))
+      (string))))
+====
+parse repeatable strings without quotes
+====
+allowgroups groupOne groupTwo
+
+---
+(server_config
+  (keyword
+    (alphanumeric)
+    (arguments
+      (string)
+      (string))))
+====
+parse comma separated string with quotes
+====
+ciphers "chacha20-poly1305@openssh.com,aes128-gcm@openssh.com"
+
+---
+(server_config
+  (keyword
+    (alphanumeric)
+    (arguments
+      (string)
+      (string))))
+====
+parse single-quoted argument
+====
+allowgroups 'openssh users'
+
+---
+(server_config
+  (keyword
+    (alphanumeric)
+    (arguments
+      (string))))
+====
+parse multiple match criteria
+====
+match user User1,User2 Address 192.0.2.0/24
+passwordauthentication no
+
+---
+(server_config
+  (match
+    (criteria
+      (alpha)
+        (string)
+        (string))
+    (criteria
+      (alpha)
+        (string))
+    (keyword
+      (alphanumeric)
+        (arguments
+          (boolean)))))
diff --git a/resources/sshdconfig/src/metadata.rs b/resources/sshdconfig/src/metadata.rs
@@ -1,9 +1,9 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-// keywords that can have multiple argments per line but cannot be repeated over multiple lines,
+// keywords that can have multiple arguments per line but cannot be repeated over multiple lines,
 // as subsequent entries are ignored, should be represented as arrays
-pub const MULTI_ARG_KEYWORDS: [&str; 16] = [
+pub const MULTI_ARG_KEYWORDS: [&str; 17] = [
     "authenticationmethods",
     "authorizedkeysfile",
     "casignaturealgorithms",
@@ -19,7 +19,8 @@ pub const MULTI_ARG_KEYWORDS: [&str; 16] = [
     "permituserenvironment",
     "persourcepenalties",
     "persourcepenaltyexemptlist",
-    "pubkeyacceptedalgorithms"
+    "pubkeyacceptedalgorithms",
+    "rekeylimit" // first arg is bytes, second arg (optional) is amount of time
 ];
 
 // keywords that can be repeated over multiple lines and should be represented as arrays.
