Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove paramiko invoke_shell and fix example #377

Merged
merged 2 commits into from Dec 10, 2018
Merged

Remove paramiko invoke_shell and fix example #377

merged 2 commits into from Dec 10, 2018

Commits on Aug 28, 2018

  1. Remove paramiko invoke_shell and fix example 

    Paramiko's invoke_shell function does not take a command argument
even though the Bandit example implied that. It simply opens a stream
for communicating with a shell. Therefore, it should not be flagged
as part of the Bandit scan.

The current example of paramiko command injection does not properly
create an instance of the SSHClient before calling the functions
on the client. Instead it's calling the functions statically which
is not proper syntax.

This patches updates the plugin and example. Bandit, however, is
still functioning properly to detect the improper use of exec_command().

Fixes Issue #375

Signed-off-by: Eric Brown <browne@vmware.com>
    @ericwb
    ericwb committed Aug 28, 2018
    Configuration menu
    Copy the full SHA
    12655e3 View commit details
    Browse the repository at this point in the history

Commits on Dec 10, 2018

  1. Merge branch 'master' into paramiko_example

    @ericwb
    ericwb committed Dec 10, 2018
    Configuration menu
    Copy the full SHA
    235f940 View commit details
    Browse the repository at this point in the history