Derived from the flake8-bandit linter.
This rule is unstable and in preview. The
--preview flag is required for use.
What it does#
Checks for uses of policies disabling SSH verification in Paramiko.
Why is this bad?#
By default, Paramiko checks the identity of remote host when establishing an SSH connection. Disabling the verification might lead to the client connecting to a malicious host, without the client knowing.