mirror of https://github.com/apache/nifi.git
NIFI-7049 : SFTP processors shouldn't silently try to access known hosts file of the user
Signed-off-by: Arpad Boda <aboda@apache.org> This closes #4014
This commit is contained in:
parent
04fae9cb5f
commit
850869c6d2
|
@ -94,7 +94,10 @@ public class SFTPTransfer implements FileTransfer {
|
||||||
.build();
|
.build();
|
||||||
public static final PropertyDescriptor HOST_KEY_FILE = new PropertyDescriptor.Builder()
|
public static final PropertyDescriptor HOST_KEY_FILE = new PropertyDescriptor.Builder()
|
||||||
.name("Host Key File")
|
.name("Host Key File")
|
||||||
.description("If supplied, the given file will be used as the Host Key; otherwise, no use host key file will be used")
|
.description("If supplied, the given file will be used as the Host Key;" +
|
||||||
|
" otherwise, if 'Strict Host Key Checking' property is applied (set to true)" +
|
||||||
|
" then uses the 'known_hosts' and 'known_hosts2' files from ~/.ssh directory" +
|
||||||
|
" else no host key file will be used")
|
||||||
.addValidator(StandardValidators.FILE_EXISTS_VALIDATOR)
|
.addValidator(StandardValidators.FILE_EXISTS_VALIDATOR)
|
||||||
.required(false)
|
.required(false)
|
||||||
.build();
|
.build();
|
||||||
|
@ -548,20 +551,21 @@ public class SFTPTransfer implements FileTransfer {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
// Load known hosts file if specified, otherwise load default
|
|
||||||
final String hostKeyVal = ctx.getProperty(HOST_KEY_FILE).getValue();
|
|
||||||
if (hostKeyVal != null) {
|
|
||||||
sshClient.loadKnownHosts(new File(hostKeyVal));
|
|
||||||
} else {
|
|
||||||
sshClient.loadKnownHosts();
|
|
||||||
}
|
|
||||||
|
|
||||||
// If strict host key checking is false, add a HostKeyVerifier that always returns true
|
// If strict host key checking is false, add a HostKeyVerifier that always returns true
|
||||||
final boolean strictHostKeyChecking = ctx.getProperty(STRICT_HOST_KEY_CHECKING).asBoolean();
|
final boolean strictHostKeyChecking = ctx.getProperty(STRICT_HOST_KEY_CHECKING).asBoolean();
|
||||||
if (!strictHostKeyChecking) {
|
if (!strictHostKeyChecking) {
|
||||||
sshClient.addHostKeyVerifier(new PromiscuousVerifier());
|
sshClient.addHostKeyVerifier(new PromiscuousVerifier());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Load known hosts file if specified, otherwise load default
|
||||||
|
final String hostKeyVal = ctx.getProperty(HOST_KEY_FILE).getValue();
|
||||||
|
if (hostKeyVal != null) {
|
||||||
|
sshClient.loadKnownHosts(new File(hostKeyVal));
|
||||||
|
// Load default known_hosts file only when 'Strict Host Key Checking' property is enabled
|
||||||
|
} else if (strictHostKeyChecking) {
|
||||||
|
sshClient.loadKnownHosts();
|
||||||
|
}
|
||||||
|
|
||||||
// Enable compression on the client if specified in properties
|
// Enable compression on the client if specified in properties
|
||||||
final PropertyValue compressionValue = ctx.getProperty(FileTransfer.USE_COMPRESSION);
|
final PropertyValue compressionValue = ctx.getProperty(FileTransfer.USE_COMPRESSION);
|
||||||
if (compressionValue != null && "true".equalsIgnoreCase(compressionValue.getValue())) {
|
if (compressionValue != null && "true".equalsIgnoreCase(compressionValue.getValue())) {
|
||||||
|
|
|
@ -96,6 +96,35 @@ public class TestGetSFTP {
|
||||||
getSFTPRunner.clearTransferState();
|
getSFTPRunner.clearTransferState();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testGetSFTPShouldNotThrowIOExceptionIfUserHomeDirNotExixts() throws IOException {
|
||||||
|
emptyTestDirectory();
|
||||||
|
|
||||||
|
String userHome = System.getProperty("user.home");
|
||||||
|
try {
|
||||||
|
// Set 'user.home' system property value to not_existdir
|
||||||
|
System.setProperty("user.home", "/not_existdir");
|
||||||
|
touchFile(sshTestServer.getVirtualFileSystemPath() + "testFile1.txt");
|
||||||
|
touchFile(sshTestServer.getVirtualFileSystemPath() + "testFile2.txt");
|
||||||
|
|
||||||
|
getSFTPRunner.run();
|
||||||
|
|
||||||
|
getSFTPRunner.assertTransferCount(GetSFTP.REL_SUCCESS, 2);
|
||||||
|
|
||||||
|
// Verify files deleted
|
||||||
|
for (int i = 1; i < 3; i++) {
|
||||||
|
Path file1 = Paths.get(sshTestServer.getVirtualFileSystemPath() + "/testFile" + i + ".txt");
|
||||||
|
Assert.assertTrue("File not deleted.", !file1.toAbsolutePath().toFile().exists());
|
||||||
|
}
|
||||||
|
|
||||||
|
getSFTPRunner.clearTransferState();
|
||||||
|
|
||||||
|
} finally {
|
||||||
|
// set back the original value for 'user.home' system property
|
||||||
|
System.setProperty("user.home", userHome);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testGetSFTPIgnoreDottedFiles() throws IOException {
|
public void testGetSFTPIgnoreDottedFiles() throws IOException {
|
||||||
emptyTestDirectory();
|
emptyTestDirectory();
|
||||||
|
|
Loading…
Reference in New Issue