pysftp wraps paramiko with a simpler SFTP interface. Connection(host, cnopts=...) with CnOpts.hostkeys=None disables host-key checking — MITM finding.
.Connection().put().get().Connection()Sinkpysftp.Connection(host, username=None, private_key=None, password=None, port=22, cnopts=None, ...) -> Connection
Opens an SFTP connection. Finding when cnopts.hostkeys is None.
.put()SinkConnection.put(localpath, remotepath=None, callback=None, confirm=True, preserve_mtime=False) -> SFTPAttributes
Uploads a file. Path-traversal risk on remotepath.
0, 1.get()SinkConnection.get(remotepath, localpath=None, callback=None, preserve_mtime=False) -> None
Downloads a file. Path-traversal risk on localpath.
0, 1| FQN | Field | |
|---|---|---|
| pysftp | fqns[0] |
Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.
from codepathfinder.go_rule import PyPysftp