NIFI-7049 : SFTP processors shouldn't silently try to access known hosts file of the user

Signed-off-by: Arpad Boda <aboda@apache.org>

This closes #4014

nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/util/SFTPTransfer.java

@@ -94,7 +94,10 @@ public class SFTPTransfer implements FileTransfer {
         .build();
     public static final PropertyDescriptor HOST_KEY_FILE = new PropertyDescriptor.Builder()
         .name("Host Key File")
-        .description("If supplied, the given file will be used as the Host Key; otherwise, no use host key file will be used")
+        .description("If supplied, the given file will be used as the Host Key;" +
+                " otherwise, if 'Strict Host Key Checking' property is applied (set to true)" +
+                " then uses the 'known_hosts' and 'known_hosts2' files from ~/.ssh directory" +
+                " else no host key file will be used")
         .addValidator(StandardValidators.FILE_EXISTS_VALIDATOR)
         .required(false)
         .build();
@@ -548,20 +551,21 @@ public class SFTPTransfer implements FileTransfer {
             });
         }
 
-        // Load known hosts file if specified, otherwise load default
-        final String hostKeyVal = ctx.getProperty(HOST_KEY_FILE).getValue();
-        if (hostKeyVal != null) {
-            sshClient.loadKnownHosts(new File(hostKeyVal));
-        } else {
-            sshClient.loadKnownHosts();
-        }
-
         // If strict host key checking is false, add a HostKeyVerifier that always returns true
         final boolean strictHostKeyChecking = ctx.getProperty(STRICT_HOST_KEY_CHECKING).asBoolean();
         if (!strictHostKeyChecking) {
             sshClient.addHostKeyVerifier(new PromiscuousVerifier());
         }
 
+        // Load known hosts file if specified, otherwise load default
+        final String hostKeyVal = ctx.getProperty(HOST_KEY_FILE).getValue();
+        if (hostKeyVal != null) {
+            sshClient.loadKnownHosts(new File(hostKeyVal));
+            // Load default known_hosts file only when 'Strict Host Key Checking' property is enabled
+        } else if (strictHostKeyChecking) {
+            sshClient.loadKnownHosts();
+        }
+
         // Enable compression on the client if specified in properties
         final PropertyValue compressionValue = ctx.getProperty(FileTransfer.USE_COMPRESSION);
         if (compressionValue != null && "true".equalsIgnoreCase(compressionValue.getValue())) {

nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetSFTP.java

@@ -96,6 +96,35 @@ public class TestGetSFTP {
         getSFTPRunner.clearTransferState();
     }
 
+    @Test
+    public void testGetSFTPShouldNotThrowIOExceptionIfUserHomeDirNotExixts() throws IOException {
+        emptyTestDirectory();
+
+        String userHome = System.getProperty("user.home");
+        try {
+            // Set 'user.home' system property value to not_existdir
+            System.setProperty("user.home", "/not_existdir");
+            touchFile(sshTestServer.getVirtualFileSystemPath() + "testFile1.txt");
+            touchFile(sshTestServer.getVirtualFileSystemPath() + "testFile2.txt");
+
+            getSFTPRunner.run();
+
+            getSFTPRunner.assertTransferCount(GetSFTP.REL_SUCCESS, 2);
+
+            // Verify files deleted
+            for (int i = 1; i < 3; i++) {
+                Path file1 = Paths.get(sshTestServer.getVirtualFileSystemPath() + "/testFile" + i + ".txt");
+                Assert.assertTrue("File not deleted.", !file1.toAbsolutePath().toFile().exists());
+            }
+
+            getSFTPRunner.clearTransferState();
+
+        } finally {
+            // set back the original value for 'user.home' system property
+            System.setProperty("user.home", userHome);
+        }
+    }
+
     @Test
     public void testGetSFTPIgnoreDottedFiles() throws IOException {
         emptyTestDirectory();