CodeQL: Exclude go/insecure-hostkeycallback

norio-nomura · norio-nomura · commit 332dbbad7ee8 · 2025-11-17T18:23:22.000+09:00
Split `ssh.InsecureIgnoreHostKey()` usage into pkg/sshutil/sshutil_use_insecure_hostkeycallback.go and
exclude go/insecure-hostkeycallback on that file.

We already ignore host key verification when executing SSH commands in Lima,
by using UserKnownHostsFile=/dev/null and StrictHostKeyChecking=no in the SSH command arguments.

Signed-off-by: Norio Nomura &lt;norio.nomura@gmail.com&gt;
diff --git a/.github/codeql-config.yml b/.github/codeql-config.yml
@@ -0,0 +1,6 @@
+name: "CodeQL config"
+query-filters:
+- exclude:
+    id: go/insecure-hostkeycallback
+    paths:
+    - "pkg/sshutil/sshutil_use_insecure_hostkeycallback.go"
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
@@ -45,6 +45,7 @@ jobs:
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
+        config-file: ./.github/codeql-config.yml
 
     - if: matrix.build-mode == 'manual'
       shell: bash
diff --git a/pkg/sshutil/sshutil.go b/pkg/sshutil/sshutil.go
@@ -526,12 +526,7 @@ func WaitSSHReady(ctx context.Context, dialContext func(context.Context) (net.Co
 		return err
 	}
 	// Prepare ssh client config
-	sshConfig := &ssh.ClientConfig{
-		User:            user,
-		Auth:            []ssh.AuthMethod{ssh.PublicKeys(signer)},
-		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
-		Timeout:         10 * time.Second,
-	}
+	sshConfig := sshClientConfigWithInsecureHostKeyCallback(user, timeoutSeconds, signer)
 	// Wait until the SSH server is available.
 	for {
 		conn, err := dialContext(ctx)
diff --git a/pkg/sshutil/sshutil_use_insecure_hostkeycallback.go b/pkg/sshutil/sshutil_use_insecure_hostkeycallback.go
@@ -0,0 +1,27 @@
+// SPDX-FileCopyrightText: Copyright The Lima Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package sshutil
+
+import (
+	"time"
+
+	"golang.org/x/crypto/ssh"
+)
+
+// This file exists to exclude the use of ssh.InsecureIgnoreHostKey()
+// from the main sshutil.go file, so that we can suppress
+// the CodeQL warning about it in .github/codeql-config.yml.
+
+// sshClientConfigWithInsecureHostKeyCallback returns an ssh.ClientConfig
+// that uses ssh.InsecureIgnoreHostKey() as the HostKeyCallback.
+// We already ignore host key verification when executing SSH commands in Lima,
+// by using UserKnownHostsFile=/dev/null and StrictHostKeyChecking=no in the SSH command arguments.
+func sshClientConfigWithInsecureHostKeyCallback(user string, timeoutSeconds int, signers ...ssh.Signer) *ssh.ClientConfig {
+	return &ssh.ClientConfig{
+		User:            user,
+		Auth:            []ssh.AuthMethod{ssh.PublicKeys(signers...)},
+		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
+		Timeout:         time.Duration(timeoutSeconds) * time.Second,
+	}
+}
