gnx/Hotel-Booking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d4c6ae8aec11719312919ce2e884f92c9b7e1d36
Hotel-Booking/Backend/venv/lib/python3.12/site-packages/bandit/plugins/injection_paramiko.py
Iliyan Angelov 62c1fe5951 updates
2025-12-01 06:50:10 +02:00

64 lines
2.0 KiB
Python
Raw Blame History

#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
# SPDX-License-Identifier: Apache-2.0
r"""
==============================================
B601: Test for shell injection within Paramiko
==============================================
Paramiko is a Python library designed to work with the SSH2 protocol for secure
(encrypted and authenticated) connections to remote machines. It is intended to
run commands on a remote host. These commands are run within a shell on the
target and are thus vulnerable to various shell injection attacks. Bandit
reports a MEDIUM issue when it detects the use of Paramiko's "exec_command"
method advising the user to check inputs are correctly sanitized.
:Example:
.. code-block:: none
>> Issue: Possible shell injection via Paramiko call, check inputs are
properly sanitized.
Severity: Medium Confidence: Medium
CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
Location: ./examples/paramiko_injection.py:4
3 # this is not safe
4 paramiko.exec_command('something; really; unsafe')
5
.. seealso::
- https://security.openstack.org
- https://github.com/paramiko/paramiko
- https://www.owasp.org/index.php/Command_Injection
- https://cwe.mitre.org/data/definitions/78.html
.. versionadded:: 0.12.0
.. versionchanged:: 1.7.3
CWE information added
"""
import bandit
from bandit.core import issue
from bandit.core import test_properties as test
@test.checks("Call")
@test.test_id("B601")
def paramiko_calls(context):
issue_text = (
"Possible shell injection via Paramiko call, check inputs "
"are properly sanitized."
)
for module in ["paramiko"]:
if context.is_module_imported_like(module):
if context.call_function_name in ["exec_command"]:
return bandit.Issue(
severity=bandit.MEDIUM,
confidence=bandit.MEDIUM,
cwe=issue.Cwe.OS_COMMAND_INJECTION,
text=issue_text,
)
Reference in New Issue View Git Blame Copy Permalink