From 2d5770985fc80ca45c7456ec36d754a331034b7a Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Thu, 14 Dec 2023 14:28:48 +0100
Subject: [PATCH] gitlab-ci: silence irrelevant bandit error

This SSH connection is only ever to the Vagrant VM on the same machine.

>> Issue: [B507:ssh_no_host_key_verification] Paramiko call with policy set to automatically trust the unknown host key.
   Severity: High   Confidence: Medium
   CWE: CWE-295 (https://cwe.mitre.org/data/definitions/295.html)
   More Info: https://bandit.readthedocs.io/en/1.7.6/plugins/b507_ssh_no_host_key_verification.html
   Location: ./fdroidserver/build.py:104:8
103	        sshs = paramiko.SSHClient()
104	        sshs.set_missing_host_key_policy(paramiko.AutoAddPolicy())
105	        sshs.connect(sshinfo['hostname'], username=sshinfo['user'],
---
 fdroidserver/build.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fdroidserver/build.py b/fdroidserver/build.py
index 00019e36..fb68f6c6 100644
--- a/fdroidserver/build.py
+++ b/fdroidserver/build.py
@@ -101,7 +101,7 @@ def build_server(app, build, vcs, build_dir, output_dir, log_dir, force):
         # Open SSH connection...
         logging.info("Connecting to virtual machine...")
         sshs = paramiko.SSHClient()
-        sshs.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+        sshs.set_missing_host_key_policy(paramiko.AutoAddPolicy())  # nosec B507 only connects to local VM
         sshs.connect(sshinfo['hostname'], username=sshinfo['user'],
                      port=sshinfo['port'], timeout=300,
                      look_for_keys=False, key_filename=sshinfo['idfile'])