diff --git a/CHANGELOG.md b/CHANGELOG.md index cc67bac..d79d9be 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +v2.2 +- Limit the valid characters that can be used for store paths to protect against command injection. + v2.1 - Add support for SCP protocol for transferring files as an alternative to SFTP diff --git a/PEMStoreSSH/PEMStore.cs b/PEMStoreSSH/PEMStore.cs index c6e6ac3..2918fc0 100644 --- a/PEMStoreSSH/PEMStore.cs +++ b/PEMStoreSSH/PEMStore.cs @@ -10,6 +10,7 @@ using System; using System.Collections.Generic; using System.Text; +using System.Text.RegularExpressions; using System.Linq; using System.Security.Cryptography.X509Certificates; using System.Threading; @@ -66,6 +67,18 @@ internal PEMStore(string server, string serverId, string serverPassword, string { SSH = new WinRMHandler(Server, ServerId, ServerPassword); } + + if (!IsStorePathValid(StorePath)) + { + string partialMessage = ServerType == ServerTypeEnum.Windows ? @"'\', ':', " : string.Empty; + throw new PEMException($"Store {StorePath} is invalid. Only alphanumeric, '.', '/', {partialMessage}'-', and '_' characters are allowed in the store path."); + } + + if (!String.IsNullOrEmpty(PrivateKeyPath) && !IsStorePathValid(PrivateKeyPath)) + { + string partialMessage = ServerType == ServerTypeEnum.Windows ? @"'\', ':', " : string.Empty; + throw new PEMException($"Private key path {PrivateKeyPath} is invalid. Only alphanumeric, '.', '/', {partialMessage}'-', and '_' characters are allowed in the private key path."); + } } internal PEMStore(string server, string serverId, string serverPassword, ServerTypeEnum serverType, FormatTypeEnum formatType) @@ -188,6 +201,12 @@ internal void CreateEmptyStoreFile(string path) SSH.CreateEmptyStoreFile(path); } + internal bool IsStorePathValid(string path) + { + Regex regex = new Regex(ServerType == ServerTypeEnum.Linux ? $@"^[\d\s\w-_/.]*$" : $@"^[\d\s\w-_/.:\\\\]*$"); + return regex.IsMatch(path); + } + private List FindStoresLinux(string[] paths, string[] extensions, string[] fileNames) { diff --git a/README.md b/README.md index a3361d7..182daf2 100644 --- a/README.md +++ b/README.md @@ -101,7 +101,7 @@ If you choose to manually create a PEM_PKCS12 store In Keyfactor Command rather - PAM provider information to pass the UserId/Password or UserId/SSH private key credentials When setting up a Windows server, the format of the machine name must be – [http://_ServerName_:5985](http://ServerName:5985/), where "5985" is the WinRM port number. 5985 is the standard, but if your organization uses a different, use that. The credentials used will be the Keyfactor Command service account. Because of this, for Windows orchestrated servers, setting an additional set of credentials is not necessary. **However, it is required that the *Change Credentials* link still be clicked on and the resulting dialog closed by clicking OK.** -- **Store Path** – Required. The FULL PATH and file name of the PEM/PKCS12 store being managed. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:\\". +- **Store Path** – Required. The FULL PATH and file name of the PEM/PKCS12 store being managed. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:\\". Valid characters for Linux store paths include any alphanumeric character, space, forward slash, hyphen, underscore, and period. For Windows servers, the aforementioned characters as well as a colon and backslash. - **Type** – Select either PEM or PKCS12 - **Separate Private Key File** – Check if the store has a separate private key file. - **Path to Private Key File** – If Separate Private Key File is checked, enter the FULL PATH to the private key file. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:". diff --git a/README.md.tpl b/README.md.tpl index b1b70f5..aec0cde 100644 --- a/README.md.tpl +++ b/README.md.tpl @@ -101,7 +101,7 @@ If you choose to manually create a PEM_PKCS12 store In Keyfactor Command rather - PAM provider information to pass the UserId/Password or UserId/SSH private key credentials When setting up a Windows server, the format of the machine name must be – [http://_ServerName_:5985](http://ServerName:5985/), where "5985" is the WinRM port number. 5985 is the standard, but if your organization uses a different, use that. The credentials used will be the Keyfactor Command service account. Because of this, for Windows orchestrated servers, setting an additional set of credentials is not necessary. **However, it is required that the *Change Credentials* link still be clicked on and the resulting dialog closed by clicking OK.** -- **Store Path** – Required. The FULL PATH and file name of the PEM/PKCS12 store being managed. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:\\". +- **Store Path** – Required. The FULL PATH and file name of the PEM/PKCS12 store being managed. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:\\". Valid characters for Linux store paths include any alphanumeric character, space, forward slash, hyphen, underscore, and period. For Windows servers, the aforementioned characters as well as a colon and backslash. - **Type** – Select either PEM or PKCS12 - **Separate Private Key File** – Check if the store has a separate private key file. - **Path to Private Key File** – If Separate Private Key File is checked, enter the FULL PATH to the private key file. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:".