ssh_host_key.rb
code Severe
Command Injection
Discovered 7 months ago
Source: static code analysis
Category: Command Injection
Confidence level: Medium

Problem

Possible command injection

Location

app/models/ssh_host_key.rb:94

Open3.popen3({}, *["ssh-keyscan", "-T", "5", "-p", "#{url.port}", "-f-"])

Category description: Command injection occurs when shell commands unsafely include user-manipulatable values.

Solution: fix the issue in app/models/ssh_host_key.rb or mark it as false positive.