Merge 0af40c4 into 97ffa6a

CHANGELOG.md

@@ -1,3 +1,6 @@
+v2.2
+- Limit the valid characters that can be used for store paths to protect against command injection.
+
 v2.1
 - Add support for SCP protocol for transferring files as an alternative to SFTP
 

PEMStoreSSH/PEMStore.cs

@@ -10,6 +10,7 @@
 using System;
 using System.Collections.Generic;
 using System.Text;
+using System.Text.RegularExpressions;
 using System.Linq;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading;
@@ -66,6 +67,18 @@ internal PEMStore(string server, string serverId, string serverPassword, string
             {
                 SSH = new WinRMHandler(Server, ServerId, ServerPassword);
             }
+
+            if (!IsStorePathValid(StorePath))
+            {
+                string partialMessage = ServerType == ServerTypeEnum.Windows ? @"'\', ':', " : string.Empty;
+                throw new PEMException($"Store {StorePath} is invalid.  Only alphanumeric, '.', '/', {partialMessage}'-', and '_' characters are allowed in the store path.");
+            }
+
+            if (!String.IsNullOrEmpty(PrivateKeyPath) && !IsStorePathValid(PrivateKeyPath))
+            {
+                string partialMessage = ServerType == ServerTypeEnum.Windows ? @"'\', ':', " : string.Empty;
+                throw new PEMException($"Private key path {PrivateKeyPath} is invalid.  Only alphanumeric, '.', '/', {partialMessage}'-', and '_' characters are allowed in the private key path.");
+            }
         }
 
         internal PEMStore(string server, string serverId, string serverPassword, ServerTypeEnum serverType, FormatTypeEnum formatType)
@@ -188,6 +201,12 @@ internal void CreateEmptyStoreFile(string path)
             SSH.CreateEmptyStoreFile(path);
         }
 
+        internal bool IsStorePathValid(string path)
+        {
+            Regex regex = new Regex(ServerType == ServerTypeEnum.Linux ? $@"^[\d\s\w-_/.]*$" : $@"^[\d\s\w-_/.:\\\\]*$");
+            return regex.IsMatch(path);
+        }
+
         private List<string> FindStoresLinux(string[] paths, string[] extensions, string[] fileNames)
         {
 

README.md

@@ -101,7 +101,7 @@ If you choose to manually create a PEM_PKCS12 store In Keyfactor Command rather
   - PAM provider information to pass the UserId/Password or UserId/SSH private key credentials
 
   When setting up a Windows server, the format of the machine name must be – [http://_ServerName_:5985](http://ServerName:5985/), where "5985" is the WinRM port number. 5985 is the standard, but if your organization uses a different, use that.  The credentials used will be the Keyfactor Command service account.  Because of this, for Windows orchestrated servers, setting an additional set of credentials is not necessary.  **However, it is required that the *Change Credentials* link still be clicked on and the resulting dialog closed by clicking OK.**
-- **Store Path** – Required. The FULL PATH and file name of the PEM/PKCS12 store being managed. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:\\".
+- **Store Path** – Required. The FULL PATH and file name of the PEM/PKCS12 store being managed. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:\\".  Valid characters for Linux store paths include any alphanumeric character, space, forward slash, hyphen, underscore, and period. For Windows servers, the aforementioned characters as well as a colon and backslash.
 - **Type** – Select either PEM or PKCS12
 - **Separate Private Key File** – Check if the store has a separate private key file.
 - **Path to Private Key File** – If Separate Private Key File is checked, enter the FULL PATH to the private key file. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:".

README.md.tpl

@@ -101,7 +101,7 @@ If you choose to manually create a PEM_PKCS12 store In Keyfactor Command rather
   - PAM provider information to pass the UserId/Password or UserId/SSH private key credentials
 
   When setting up a Windows server, the format of the machine name must be – [http://_ServerName_:5985](http://ServerName:5985/), where "5985" is the WinRM port number. 5985 is the standard, but if your organization uses a different, use that.  The credentials used will be the Keyfactor Command service account.  Because of this, for Windows orchestrated servers, setting an additional set of credentials is not necessary.  **However, it is required that the *Change Credentials* link still be clicked on and the resulting dialog closed by clicking OK.**
-- **Store Path** – Required. The FULL PATH and file name of the PEM/PKCS12 store being managed. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:\\".
+- **Store Path** – Required. The FULL PATH and file name of the PEM/PKCS12 store being managed. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:\\".  Valid characters for Linux store paths include any alphanumeric character, space, forward slash, hyphen, underscore, and period. For Windows servers, the aforementioned characters as well as a colon and backslash.
 - **Type** – Select either PEM or PKCS12
 - **Separate Private Key File** – Check if the store has a separate private key file.
 - **Path to Private Key File** – If Separate Private Key File is checked, enter the FULL PATH to the private key file. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:".