hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 21:25:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add query for insecure SSH host key policies in Paramiko.

Browse Source
This commit is contained in:
Taus Brock-Nannestad
2019-03-18 16:45:54 +01:00
parent 285f8b06bd
commit 52278b25d9
8 changed files with 106 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/test/query-tests/Security/CWE-295/MissingHostKeyValidation.expected Normal file
View File

@@ -0,0 +1,2 @@
| paramiko_host_key.py:5:1:5:49 | ControlFlowNode for Attribute() | Setting missing host key policy to AutoAddPolicy may be unsafe. |
| paramiko_host_key.py:7:1:7:49 | ControlFlowNode for Attribute() | Setting missing host key policy to WarningPolicy may be unsafe. |

1
python/ql/test/query-tests/Security/CWE-295/MissingHostKeyValidation.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE-295/MissingHostKeyValidation.ql

7
python/ql/test/query-tests/Security/CWE-295/paramiko_host_key.py Normal file
View File

@@ -0,0 +1,7 @@
from paramiko.client import AutoAddPolicy, WarningPolicy, RejectPolicy, SSHClient
client = SSHClient()
client.set_missing_host_key_policy(AutoAddPolicy) # bad
client.set_missing_host_key_policy(RejectPolicy) # good
client.set_missing_host_key_policy(WarningPolicy) # bad

0
python/ql/test/query-tests/Security/lib/paramiko/__init__.py Normal file
View File

15
python/ql/test/query-tests/Security/lib/paramiko/client.py Normal file
View File

@@ -0,0 +1,15 @@
class SSHClient(object):
def __init__(self, *args, **kwargs):
pass
def set_missing_host_key_policy(self, *args, **kwargs):
pass
class AutoAddPolicy(object):
pass
class WarningPolicy(object):
pass
class RejectPolicy(object):
pass