gitlab-ci: silence irrelevant bandit error

This SSH connection is only ever to the Vagrant VM on the same machine. >> Issue: [B507:ssh_no_host_key_verification] Paramiko call with policy set to automatically trust the unknown host key. Severity: High Confidence: Medium CWE: CWE-295 (https://cwe.mitre.org/data/definitions/295.html) More Info: https://bandit.readthedocs.io/en/1.7.6/plugins/b507_ssh_no_host_key_verification.html Location: ./fdroidserver/build.py:104:8 103 sshs = paramiko.SSHClient() 104 sshs.set_missing_host_key_policy(paramiko.AutoAddPolicy()) 105 sshs.connect(sshinfo['hostname'], username=sshinfo['user'],
2024-11-04 22:40:12 +01:00 · 2023-12-14 14:28:48 +01:00 · 2023-12-14 14:28:48 +01:00 · 2d5770985f
commit 2d5770985f
parent 865673964e
1 changed files with 1 additions and 1 deletions
--- a/fdroidserver/build.py
+++ b/fdroidserver/build.py
@ -101,7 +101,7 @@ def build_server(app, build, vcs, build_dir, output_dir, log_dir, force):
        # Open SSH connection...
        logging.info("Connecting to virtual machine...")
        sshs = paramiko.SSHClient()
-        sshs.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+        sshs.set_missing_host_key_policy(paramiko.AutoAddPolicy())  # nosec B507 only connects to local VM
        sshs.connect(sshinfo['hostname'], username=sshinfo['user'],
                     port=sshinfo['port'], timeout=300,
                     look_for_keys=False, key_filename=sshinfo['idfile'])