bug(slm): remote shell execution denylist is trivially bypassed — arbitrary command injection possible

## Discovered During
Code review of PR #3417.

## Problem
The remote shell execution API (`POST /nodes/{node_id}/execute`) uses a denylist to block dangerous commands. `&&`, newlines, `python3 -c`, `eval`, `;` (not followed by `rm`) and many other patterns reach `bash -c` unblocked. Authenticated users can run arbitrary destructive commands.

Additionally:
- Every SSH connection uses `StrictHostKeyChecking=no` — vulnerable to MITM on internal network
- `_audit_execute_event` does not log the command itself or acting user identity, making forensic investigation impossible

## Fix
1. Replace denylist with a strict allowlist of permitted command patterns, or document that the endpoint is unrestricted and require elevated auth
2. Use SSH known_hosts verification instead of `StrictHostKeyChecking=no`
3. Log the full command and `current_user` identity in the audit event

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

bug(slm): remote shell execution denylist is trivially bypassed — arbitrary command injection possible #3421

Discovered During

Problem

Fix

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

bug(slm): remote shell execution denylist is trivially bypassed — arbitrary command injection possible #3421

Description

Discovered During

Problem

Fix

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions