[Fall 2021] Step 2: Coverage Improvement - SSH libraries

[onionymous]

SSH libraries make it possible to remotely execute commands. This can be a source of command injection if user-controlled data is able to flow to these sites.

We have some existing models for SSH libraries like paramiko and pexpect (see https://github.com/facebook/pyre-check/blob/main/stubs/third_party_taint/rce_sinks.pysa). The goal of this task is to add coverage for other SSH libraries that we're missing.

Some libraries to get you started:

• spur (https://pypi.org/project/spur/)
• ssh2-python (https://pypi.org/project/ssh2-python/)
• twisted-conch (https://twistedmatrix.com/documents/current/conch/examples/index.html)
• trigger (https://trigger.readthedocs.io/en/latest/examples.html#execute-commands-asynchronously-using-twisted)
• parallel-ssh (https://github.com/ParallelSSH/parallel-ssh)
• scrapli (can use paramiko, ssh2, asyncssh as transport) (https://github.com/carlmontanari/scrapli)
• redexpect (based on ssh2-python) (https://github.com/Red-M/RedExpect)
• netmiko (based on paramiko) (https://pypi.org/project/netmiko/)

Feel free to add coverage for any other SSH libraries you find that aren't listed!

Also, since this task covers multiple libraries, it's OK for several to work on this concurrently and add coverage for different libraries.

Submitting a PR

We use the following linters internally, so to save everyone's time, please make sure you run the following linters locally and fix errors related to the files you modified before submitting a PR:

black && usort format . && flake8

To install the linters, you can run the following command:

pip install flake8 usort black==21.4b2