python.lang.security.audit.paramiko.paramiko-exec-command.paramiko-exec-command

Community Favorite
profile photo of semgrepsemgrep
Author
48,183
Download Count*
LGPL Commons Clause
License

Unverified SSL context detected. This will permit insecure connections without verifying SSL certificates. Use 'ssl.create_default_context()' instead.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: paramiko-exec-command
    patterns:
      - pattern-inside: |
          $CLIENT = paramiko.client.SSHClient(...)
          ...
      - pattern: $CLIENT.exec_command(...)
      - pattern-not: $CLIENT.exec_command("...", ...)
    message: Unverified SSL context detected. This will permit insecure connections
      without verifying SSL certificates. Use 'ssl.create_default_context()'
      instead.
    metadata:
      source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/plugins/injection_paramiko.py
      owasp:
        - A01:2017 - Injection
        - A03:2021 - Injection
      cwe:
        - "CWE-78: Improper Neutralization of Special Elements used in an OS
          Command ('OS Command Injection')"
      references:
        - http://docs.paramiko.org/en/stable/api/client.html#paramiko.client.SSHClient.exec_command
        - https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/plugins/injection_paramiko.py
      category: security
      technology:
        - paramiko
      cwe2022-top25: true
      cwe2021-top25: true
      subcategory:
        - audit
      likelihood: LOW
      impact: HIGH
      confidence: LOW
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Command Injection
    severity: ERROR
    languages:
      - python

Examples

paramiko-exec-command.py

# cf. https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/examples/paramiko_injection.py

import paramiko
from paramiko import client


client = paramiko.client.SSHClient()
client.connect("somehost")

# ok:paramiko-exec-command
client.exec_command("ls -r /")

# ruleid:paramiko-exec-command
client.exec_command(user_input)

client2 = client.SSHClient()
client2.connect("somehost")

# ok:paramiko-exec-command
client2.exec_command("ls -r /")

# ruleid:paramiko-exec-command
client2.exec_command(user_input)