Import contacts via SFTP #765

alanzirek · 2025-02-27T15:48:13Z

WIP

core/management/commands/fetch_export_agricoll_contacts_file.py

utilisation de la propriété fingerprint sur l'objet key https://docs.paramiko.org/en/latest/api/keys.html#paramiko.pkey.PKey.fingerprint

core/tests/test_fetch_export_agricoll_contacts_file.py

+
+        # Récupère et ajoute le fingerprint du serveur SFTP à la liste des fingerprints autorisés
+        client = paramiko.SSHClient()
+        client.set_missing_host_key_policy(paramiko.AutoAddPolicy())


To fix the problem, we should replace the use of AutoAddPolicy with RejectPolicy. This ensures that the SSH client will only connect to hosts with known and verified keys, maintaining the security of the connection.

We need to modify the code in core/tests/test_fetch_export_agricoll_contacts_file.py to use RejectPolicy instead of AutoAddPolicy. Additionally, we should ensure that the host key is added to the known hosts list before attempting to connect. This can be done by manually adding the host key to the SSHClient object.

alanzirek added 4 commits February 27, 2025 12:34

WIP

14d5fc1

Ajoute la vérification de l'hôte

cd29782

Ajoute vérification de l'empreinte lors de la connexion au serveur SFTP

c560999

Supprime clamav pour la review app

3a0f45d

github-advanced-security bot found potential problems Feb 27, 2025

View reviewed changes

core/management/commands/fetch_export_agricoll_contacts_file.py Fixed Show fixed Hide fixed

alanzirek force-pushed the import-contacts-sftp branch from 3bef987 to 3a0f45d Compare February 27, 2025 17:34

alanzirek added 2 commits February 28, 2025 13:52

appel le script d'import des contacts

18fc1d7

simplification de la vérification de l'empreinte

5799cd3

utilisation de la propriété fingerprint sur l'objet key https://docs.paramiko.org/en/latest/api/keys.html#paramiko.pkey.PKey.fingerprint

alanzirek force-pushed the import-contacts-sftp branch from 67ec57b to 5799cd3 Compare February 28, 2025 12:55

alanzirek added 2 commits February 28, 2025 14:29

ajout typing + modif noms variables

948997f

Test avec testcontainer[sftp]

30f6791

github-advanced-security bot found potential problems Feb 28, 2025

View reviewed changes

core/tests/test_fetch_export_agricoll_contacts_file.py Fixed Show fixed Hide fixed

Ajout variables env SFTP dans fichier CI

c593a4b

alanzirek force-pushed the import-contacts-sftp branch from 060ad2a to 26b50ea Compare February 28, 2025 15:41

Ajout variables env SFTP dans fichier de conf pytest

fb866ef

alanzirek force-pushed the import-contacts-sftp branch from 26b50ea to fb866ef Compare February 28, 2025 15:42

WIP Test

62049f9

github-advanced-security bot found potential problems Feb 28, 2025

View reviewed changes

@@ -17,5 +17,7 @@
                     client = paramiko.SSHClient()
-                    client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+                    client.set_missing_host_key_policy(paramiko.RejectPolicy())
+                    client.load_system_host_keys()
                     client.connect(settings.SFTP_HOST, settings.SFTP_PORT, settings.SFTP_USERNAME, settings.SFTP_PASSWORD)
                     fingerprint = client.get_transport().get_remote_server_key().fingerprint
+                    client.get_host_keys().add(settings.SFTP_HOST, client.get_transport().get_remote_server_key().get_name(), client.get_transport().get_remote_server_key())
                     original_fingerprints = CleverCloudSftpVerifier.CLEVER_CLOUD_FINGERPRINTS.copy()

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Import contacts via SFTP #765

Import contacts via SFTP #765

alanzirek commented Feb 27, 2025 •

edited

Loading

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Import contacts via SFTP #765

Are you sure you want to change the base?

Import contacts via SFTP #765

Conversation

alanzirek commented Feb 27, 2025 • edited Loading

alanzirek commented Feb 27, 2025 •

edited

Loading