1# -*- coding: utf-8 -*- 2 3# Copyright (c) 2020 - 2021 Detlev Offenbach <detlev@die-offenbachs.de> 4# 5 6""" 7Module implementing a check for use of mako templates. 8""" 9 10# 11# This is a modified version of the one found in the bandit package. 12# 13# Original Copyright 2014 Hewlett-Packard Development Company, L.P. 14# 15# SPDX-License-Identifier: Apache-2.0 16# 17 18 19def getChecks(): 20 """ 21 Public method to get a dictionary with checks handled by this module. 22 23 @return dictionary containing checker lists containing checker function and 24 list of codes 25 @rtype dict 26 """ 27 return { 28 "Call": [ 29 (checkSshNoHostKeyVerification, ("S507",)), 30 ], 31 } 32 33 34def checkSshNoHostKeyVerification(reportError, context, config): 35 """ 36 Function to check for use of mako templates. 37 38 @param reportError function to be used to report errors 39 @type func 40 @param context security context object 41 @type SecurityContext 42 @param config dictionary with configuration data 43 @type dict 44 """ 45 if ( 46 context.isModuleImportedLike('paramiko') and 47 context.callFunctionName == 'set_missing_host_key_policy' and 48 context.callArgs and 49 context.callArgs[0] in ['AutoAddPolicy', 'WarningPolicy'] 50 ): 51 reportError( 52 context.node.lineno - 1, 53 context.node.col_offset, 54 "S507", 55 "H", 56 "M", 57 ) 58