Skip to content

update sshd config grammar #1281

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
SteveL-MSFT merged 9 commits into from
Dec 2, 2025
Merged

update sshd config grammar #1281

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
d2a7ca6
update grammar so quotedString node is not hidden
tgauth Nov 20, 2025
d2c697d
fix test
tgauth Nov 21, 2025
9e88c74
revert parser test to original behavior
tgauth Dec 2, 2025
4b57750
update grammar for quoted strings and match criteria logic to support…
tgauth Dec 2, 2025
f3ade88
add test for single-quoted args
tgauth Dec 2, 2025
74ab420
revert unneeded change to rust parser
tgauth Dec 2, 2025
1924dd0
revert unneeded grammar precendence change
tgauth Dec 2, 2025
09ac3c1
add rekeyLimit to multi-arg keyword list
tgauth Dec 2, 2025
466c3d7
address copilot feedback on typos/spacing
tgauth Dec 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 19 additions & 8 deletions grammars/tree-sitter-ssh-server-config/grammar.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

const PREC = {
MATCH: 2,
OPERATOR: 1,
OPERATOR: 1
}

module.exports = grammar({
Expand All @@ -14,10 +14,10 @@ module.exports = grammar({
extras: $ => [' ', '\t', '\r'],

rules: {
server_config: $ => seq(repeat(choice($.empty_line, $.comment, $.keyword)), repeat($.match)),
server_config: $ => seq(repeat(choice($._empty_line, $.comment, $.keyword)), repeat($.match)),

// check for an empty line that is just a /n character
empty_line: $ => '\n',
_empty_line: $ => '\n',
comment: $ => /#.*\n/,

keyword: $ => seq(
Expand All @@ -30,20 +30,31 @@ module.exports = grammar({

match: $ => seq(
token(prec(PREC.MATCH, /match/i)),
field('criteria', $.keyword),
seq(repeat1($.criteria), $._empty_line),
repeat1(choice($.comment, $.keyword)),
),

arguments: $ => repeat1(choice($.boolean, $.number, $._quotedString, $._commaSeparatedString)),
criteria: $ => seq(
field('criteria', $.alpha),
choice(seq(/[ \t]/, optional('=')), '='),
field('argument', $._argument)
),

_argument: $ => choice($.boolean, $.number, $.string, $._commaSeparatedString, $._doublequotedString, $._singlequotedString),
arguments: $ => repeat1($._argument),

alpha: $ => /[a-zA-Z]+/i,
alphanumeric: $ => /[a-zA-Z0-9]+/i,
boolean: $ => choice('yes', 'no'),
number: $ => /\d+/,
operator: $ => token(prec(PREC.OPERATOR, /[-+\^]/)),
string: $ => /[^\r\n,"]+/,
string: $ => /[^\r\n,"'\s]+/, /* cannot contain spaces */

_quotedString: $ => /[^\r\n,"']+/, /* can contain spaces */
_doublequotedString: $ => seq('"', alias($._quotedString, $.string), repeat(seq(',', alias($._quotedString, $.string))), '"'),
_singlequotedString: $ => seq('\'', alias($._quotedString, $.string), repeat(seq(',', alias($._quotedString, $.string))), '\''),

_commaSeparatedString: $ => seq($.string, repeat(seq(',', $.string))),
_quotedString: $ => seq('\"', $.string, '\"'),
_commaSeparatedString: $ => prec(1, seq($.string, repeat1(seq(',', $.string))))
}

});
6 changes: 2 additions & 4 deletions grammars/tree-sitter-ssh-server-config/test/corpus/invalid_expressions.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,7 @@ AuthorizedKeysFile"ARG"
(server_config
(ERROR
(alphanumeric)
(UNEXPECTED 'A'))
(empty_line))
(string)))
=====
missing argument after keyword
=====
Expand All @@ -19,5 +18,4 @@ AuthorizedKeysFile

(server_config
(ERROR
(alphanumeric))
(empty_line))
(alphanumeric)))
107 changes: 80 additions & 27 deletions grammars/tree-sitter-ssh-server-config/test/corpus/valid_expressions.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,9 @@ authorizedkeysfile "path to authorized keys file"

(server_config
(match
(keyword
(alphanumeric)
(arguments
(string)))
(criteria
(alpha)
(string))
(keyword
(alphanumeric)
(arguments
Expand All @@ -52,10 +51,9 @@ authorizedkeysfile "path to authorized keys file"
(arguments
(boolean)))
(match
(keyword
(alphanumeric)
(arguments
(string)))
(criteria
(alpha)
(string))
(keyword
(alphanumeric)
(arguments
Expand Down Expand Up @@ -229,19 +227,17 @@ passwordauthentication yes

(server_config
(match
(keyword
(alphanumeric)
(arguments
(string)))
(criteria
(alpha)
(string))
(keyword
(alphanumeric)
(arguments
(boolean))))
(match
(keyword
(alphanumeric)
(arguments
(string)))
(criteria
(alpha)
(string))
(keyword
(alphanumeric)
(arguments
Expand Down Expand Up @@ -281,6 +277,11 @@ Subsystem sftp sftp-server.exe -f LOCAL0 -l DEBUG3
(keyword
(alphanumeric)
(arguments
(string)
(string)
(string)
(string)
(string)
(string))))
=====
parse mini config
Expand All @@ -304,10 +305,9 @@ passwordauthentication yes
(arguments
(string)))
(match
(keyword
(alphanumeric)
(arguments
(string)))
(criteria
(alpha)
(string))
(keyword
(alphanumeric)
(arguments
Expand All @@ -318,10 +318,9 @@ passwordauthentication yes
(string)
(string))))
(match
(keyword
(alphanumeric)
(arguments
(string)))
(criteria
(alpha)
(string))
(keyword
(alphanumeric)
(arguments
Expand Down Expand Up @@ -354,8 +353,7 @@ parse empty line


---
(server_config
(empty_line))
(server_config)
====
parse repeatable keyword
====
Expand All @@ -367,4 +365,59 @@ allowgroups administrators "openssh users"
(alphanumeric)
(arguments
(string)
(string))))
(string))))
====
parse repeatable strings without quotes
====
allowgroups groupOne groupTwo

---
(server_config
(keyword
(alphanumeric)
(arguments
(string)
(string))))
====
parse comma separated string with quotes
====
ciphers "chacha20-poly1305@openssh.com,aes128-gcm@openssh.com"

---
(server_config
(keyword
(alphanumeric)
(arguments
(string)
(string))))
====
parse single-quoted argument
====
allowgroups 'openssh users'

---
(server_config
(keyword
(alphanumeric)
(arguments
(string))))
====
parse multiple match criteria
====
match user User1,User2 Address 192.0.2.0/24
passwordauthentication no

---
(server_config
(match
(criteria
(alpha)
(string)
(string))
(criteria
(alpha)
(string))
(keyword
(alphanumeric)
(arguments
(boolean)))))
7 changes: 4 additions & 3 deletions resources/sshdconfig/src/metadata.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.

// keywords that can have multiple argments per line but cannot be repeated over multiple lines,
// keywords that can have multiple arguments per line but cannot be repeated over multiple lines,
// as subsequent entries are ignored, should be represented as arrays
pub const MULTI_ARG_KEYWORDS: [&str; 16] = [
pub const MULTI_ARG_KEYWORDS: [&str; 17] = [
"authenticationmethods",
"authorizedkeysfile",
"casignaturealgorithms",
Expand All @@ -19,7 +19,8 @@ pub const MULTI_ARG_KEYWORDS: [&str; 16] = [
"permituserenvironment",
"persourcepenalties",
"persourcepenaltyexemptlist",
"pubkeyacceptedalgorithms"
"pubkeyacceptedalgorithms",
"rekeylimit" // first arg is bytes, second arg (optional) is amount of time
];

// keywords that can be repeated over multiple lines and should be represented as arrays.
Expand Down