From 850869c6d212324e1aad96878f5b142797667c45 Mon Sep 17 00:00:00 2001 From: mdayakar Date: Thu, 23 Jan 2020 23:45:21 +0530 Subject: [PATCH] NIFI-7049 : SFTP processors shouldn't silently try to access known hosts file of the user Signed-off-by: Arpad Boda This closes #4014 --- .../standard/util/SFTPTransfer.java | 22 ++++++++------ .../nifi/processors/standard/TestGetSFTP.java | 29 +++++++++++++++++++ 2 files changed, 42 insertions(+), 9 deletions(-) diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/util/SFTPTransfer.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/util/SFTPTransfer.java index dda14569da..465bdde191 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/util/SFTPTransfer.java +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/util/SFTPTransfer.java @@ -94,7 +94,10 @@ public class SFTPTransfer implements FileTransfer { .build(); public static final PropertyDescriptor HOST_KEY_FILE = new PropertyDescriptor.Builder() .name("Host Key File") - .description("If supplied, the given file will be used as the Host Key; otherwise, no use host key file will be used") + .description("If supplied, the given file will be used as the Host Key;" + + " otherwise, if 'Strict Host Key Checking' property is applied (set to true)" + + " then uses the 'known_hosts' and 'known_hosts2' files from ~/.ssh directory" + + " else no host key file will be used") .addValidator(StandardValidators.FILE_EXISTS_VALIDATOR) .required(false) .build(); @@ -548,20 +551,21 @@ public class SFTPTransfer implements FileTransfer { }); } - // Load known hosts file if specified, otherwise load default - final String hostKeyVal = ctx.getProperty(HOST_KEY_FILE).getValue(); - if (hostKeyVal != null) { - sshClient.loadKnownHosts(new File(hostKeyVal)); - } else { - sshClient.loadKnownHosts(); - } - // If strict host key checking is false, add a HostKeyVerifier that always returns true final boolean strictHostKeyChecking = ctx.getProperty(STRICT_HOST_KEY_CHECKING).asBoolean(); if (!strictHostKeyChecking) { sshClient.addHostKeyVerifier(new PromiscuousVerifier()); } + // Load known hosts file if specified, otherwise load default + final String hostKeyVal = ctx.getProperty(HOST_KEY_FILE).getValue(); + if (hostKeyVal != null) { + sshClient.loadKnownHosts(new File(hostKeyVal)); + // Load default known_hosts file only when 'Strict Host Key Checking' property is enabled + } else if (strictHostKeyChecking) { + sshClient.loadKnownHosts(); + } + // Enable compression on the client if specified in properties final PropertyValue compressionValue = ctx.getProperty(FileTransfer.USE_COMPRESSION); if (compressionValue != null && "true".equalsIgnoreCase(compressionValue.getValue())) { diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetSFTP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetSFTP.java index a4f532ae8e..5d063c75cc 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetSFTP.java +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetSFTP.java @@ -96,6 +96,35 @@ public class TestGetSFTP { getSFTPRunner.clearTransferState(); } + @Test + public void testGetSFTPShouldNotThrowIOExceptionIfUserHomeDirNotExixts() throws IOException { + emptyTestDirectory(); + + String userHome = System.getProperty("user.home"); + try { + // Set 'user.home' system property value to not_existdir + System.setProperty("user.home", "/not_existdir"); + touchFile(sshTestServer.getVirtualFileSystemPath() + "testFile1.txt"); + touchFile(sshTestServer.getVirtualFileSystemPath() + "testFile2.txt"); + + getSFTPRunner.run(); + + getSFTPRunner.assertTransferCount(GetSFTP.REL_SUCCESS, 2); + + // Verify files deleted + for (int i = 1; i < 3; i++) { + Path file1 = Paths.get(sshTestServer.getVirtualFileSystemPath() + "/testFile" + i + ".txt"); + Assert.assertTrue("File not deleted.", !file1.toAbsolutePath().toFile().exists()); + } + + getSFTPRunner.clearTransferState(); + + } finally { + // set back the original value for 'user.home' system property + System.setProperty("user.home", userHome); + } + } + @Test public void testGetSFTPIgnoreDottedFiles() throws IOException { emptyTestDirectory();