[nifi] 04/14: NIFI-7049 : SFTP processors shouldn't silently try to access known hosts file of the user

Fri, 21 Feb 2020 13:19:24 -0800 

This is an automated email from the ASF dual-hosted git repository.

joewitt pushed a commit to branch support/nifi-1.11.x
in repository https://gitbox.apache.org/repos/asf/nifi.git

commit fc89f9861d7e7988737ddad9d1646f67391402d3
Author: mdayakar <[email protected]>
AuthorDate: Thu Jan 23 23:45:21 2020 +0530

    NIFI-7049 : SFTP processors shouldn't silently try to access known hosts 
file of the user
    
    Signed-off-by: Arpad Boda <[email protected]>
    
    This closes #4014
---
 .../processors/standard/util/SFTPTransfer.java     | 20 +++++++++------
 .../nifi/processors/standard/TestGetSFTP.java      | 29 ++++++++++++++++++++++
 2 files changed, 41 insertions(+), 8 deletions(-)

diff --git 
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/util/SFTPTransfer.java
 
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/util/SFTPTransfer.java
index dda1456..465bdde 100644
--- 
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/util/SFTPTransfer.java
+++ 
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/util/SFTPTransfer.java
@@ -94,7 +94,10 @@ public class SFTPTransfer implements FileTransfer {
         .build();
     public static final PropertyDescriptor HOST_KEY_FILE = new 
PropertyDescriptor.Builder()
         .name("Host Key File")
-        .description("If supplied, the given file will be used as the Host 
Key; otherwise, no use host key file will be used")
+        .description("If supplied, the given file will be used as the Host 
Key;" +
+                " otherwise, if 'Strict Host Key Checking' property is applied 
(set to true)" +
+                " then uses the 'known_hosts' and 'known_hosts2' files from 
~/.ssh directory" +
+                " else no host key file will be used")
         .addValidator(StandardValidators.FILE_EXISTS_VALIDATOR)
         .required(false)
         .build();
@@ -548,20 +551,21 @@ public class SFTPTransfer implements FileTransfer {
             });
         }
 
+        // If strict host key checking is false, add a HostKeyVerifier that 
always returns true
+        final boolean strictHostKeyChecking = 
ctx.getProperty(STRICT_HOST_KEY_CHECKING).asBoolean();
+        if (!strictHostKeyChecking) {
+            sshClient.addHostKeyVerifier(new PromiscuousVerifier());
+        }
+
         // Load known hosts file if specified, otherwise load default
         final String hostKeyVal = ctx.getProperty(HOST_KEY_FILE).getValue();
         if (hostKeyVal != null) {
             sshClient.loadKnownHosts(new File(hostKeyVal));
-        } else {
+            // Load default known_hosts file only when 'Strict Host Key 
Checking' property is enabled
+        } else if (strictHostKeyChecking) {
             sshClient.loadKnownHosts();
         }
 
-        // If strict host key checking is false, add a HostKeyVerifier that 
always returns true
-        final boolean strictHostKeyChecking = 
ctx.getProperty(STRICT_HOST_KEY_CHECKING).asBoolean();
-        if (!strictHostKeyChecking) {
-            sshClient.addHostKeyVerifier(new PromiscuousVerifier());
-        }
-
         // Enable compression on the client if specified in properties
         final PropertyValue compressionValue = 
ctx.getProperty(FileTransfer.USE_COMPRESSION);
         if (compressionValue != null && 
"true".equalsIgnoreCase(compressionValue.getValue())) {
diff --git 
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetSFTP.java
 
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetSFTP.java
index a4f532a..5d063c7 100644
--- 
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetSFTP.java
+++ 
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetSFTP.java
@@ -97,6 +97,35 @@ public class TestGetSFTP {
     }
 
     @Test
+    public void testGetSFTPShouldNotThrowIOExceptionIfUserHomeDirNotExixts() 
throws IOException {
+        emptyTestDirectory();
+
+        String userHome = System.getProperty("user.home");
+        try {
+            // Set 'user.home' system property value to not_existdir
+            System.setProperty("user.home", "/not_existdir");
+            touchFile(sshTestServer.getVirtualFileSystemPath() + 
"testFile1.txt");
+            touchFile(sshTestServer.getVirtualFileSystemPath() + 
"testFile2.txt");
+
+            getSFTPRunner.run();
+
+            getSFTPRunner.assertTransferCount(GetSFTP.REL_SUCCESS, 2);
+
+            // Verify files deleted
+            for (int i = 1; i < 3; i++) {
+                Path file1 = 
Paths.get(sshTestServer.getVirtualFileSystemPath() + "/testFile" + i + ".txt");
+                Assert.assertTrue("File not deleted.", 
!file1.toAbsolutePath().toFile().exists());
+            }
+
+            getSFTPRunner.clearTransferState();
+
+        } finally {
+            // set back the original value for 'user.home' system property
+            System.setProperty("user.home", userHome);
+        }
+    }
+
+    @Test
     public void testGetSFTPIgnoreDottedFiles() throws IOException {
         emptyTestDirectory();

Reply via email to