silence new bandit warning

Test results: >> Issue: [B507:ssh_no_host_key_verification] Paramiko call with policy set to automatically trust the unknown host key. Severity: High Confidence: Medium CWE: CWE-295 (https://cwe.mitre.org/data/definitions/295.html) More Info: https://bandit.readthedocs.io/en/1.7.10/plugins/b507_ssh_no_host_key_verification.html Location: ./st2common/st2common/runners/paramiko_ssh.py:781:8 780 client = paramiko.SSHClient() 781 client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) 782 -------------------------------------------------- Code scanned: Total lines of code: 21204 Total lines skipped (#nosec): 0 Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0 Run metrics: Total issues (by severity): Undefined: 0 Low: 15 Medium: 13 High: 1 Total issues (by confidence): Undefined: 0 Low: 3 Medium: 13 High: 13 Files skipped (0):
StackStorm · Oct 24, 2024 · 86b5495 · 86b5495
1 parent cb9fb6b
commit 86b5495
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/st2common/st2common/runners/paramiko_ssh.py b/st2common/st2common/runners/paramiko_ssh.py
@@ -778,7 +778,8 @@ def _connect(self, host, socket=None):
             conninfo["sock"] = socket
 
         client = paramiko.SSHClient()
-        client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+        # FIXME: Allow the admin or end user control the host key policy
+        client.set_missing_host_key_policy(paramiko.AutoAddPolicy())  # nosec
 
         extra = {"_conninfo": conninfo}
         self.logger.debug("Connection info", extra=extra)