From 591a65b6f4c5905195d712886e783aa2a7d3256c Mon Sep 17 00:00:00 2001
From: Lee Fine <lee.fine@keyfactor.com>
Date: Mon, 11 Apr 2022 16:10:59 -0400
Subject: [PATCH 1/4] changes

---
 PEMStoreSSH/PEMStore.cs | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/PEMStoreSSH/PEMStore.cs b/PEMStoreSSH/PEMStore.cs
index c6e6ac3..2918fc0 100644
--- a/PEMStoreSSH/PEMStore.cs
+++ b/PEMStoreSSH/PEMStore.cs
@@ -10,6 +10,7 @@
 using System;
 using System.Collections.Generic;
 using System.Text;
+using System.Text.RegularExpressions;
 using System.Linq;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading;
@@ -66,6 +67,18 @@ internal PEMStore(string server, string serverId, string serverPassword, string
             {
                 SSH = new WinRMHandler(Server, ServerId, ServerPassword);
             }
+
+            if (!IsStorePathValid(StorePath))
+            {
+                string partialMessage = ServerType == ServerTypeEnum.Windows ? @"'\', ':', " : string.Empty;
+                throw new PEMException($"Store {StorePath} is invalid.  Only alphanumeric, '.', '/', {partialMessage}'-', and '_' characters are allowed in the store path.");
+            }
+
+            if (!String.IsNullOrEmpty(PrivateKeyPath) && !IsStorePathValid(PrivateKeyPath))
+            {
+                string partialMessage = ServerType == ServerTypeEnum.Windows ? @"'\', ':', " : string.Empty;
+                throw new PEMException($"Private key path {PrivateKeyPath} is invalid.  Only alphanumeric, '.', '/', {partialMessage}'-', and '_' characters are allowed in the private key path.");
+            }
         }
 
         internal PEMStore(string server, string serverId, string serverPassword, ServerTypeEnum serverType, FormatTypeEnum formatType)
@@ -188,6 +201,12 @@ internal void CreateEmptyStoreFile(string path)
             SSH.CreateEmptyStoreFile(path);
         }
 
+        internal bool IsStorePathValid(string path)
+        {
+            Regex regex = new Regex(ServerType == ServerTypeEnum.Linux ? $@"^[\d\s\w-_/.]*$" : $@"^[\d\s\w-_/.:\\\\]*$");
+            return regex.IsMatch(path);
+        }
+
         private List<string> FindStoresLinux(string[] paths, string[] extensions, string[] fileNames)
         {
 

From 601aaa3706476d7e317bd33abf8acb888974a42e Mon Sep 17 00:00:00 2001
From: Lee Fine <50836957+leefine02@users.noreply.github.com>
Date: Tue, 12 Apr 2022 10:51:45 -0400
Subject: [PATCH 2/4] Update CHANGELOG.md

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cc67bac..d79d9be 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,6 @@
+v2.2
+- Limit the valid characters that can be used for store paths to protect against command injection.
+
 v2.1
 - Add support for SCP protocol for transferring files as an alternative to SFTP
 

From 7ad24aafcc770c1b51df809a2320c26b05d7da48 Mon Sep 17 00:00:00 2001
From: Lee Fine <50836957+leefine02@users.noreply.github.com>
Date: Tue, 12 Apr 2022 10:52:16 -0400
Subject: [PATCH 3/4] Update README.md.tpl

---
 README.md.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md.tpl b/README.md.tpl
index b1b70f5..aec0cde 100644
--- a/README.md.tpl
+++ b/README.md.tpl
@@ -101,7 +101,7 @@ If you choose to manually create a PEM_PKCS12 store In Keyfactor Command rather
   - PAM provider information to pass the UserId/Password or UserId/SSH private key credentials
 
   When setting up a Windows server, the format of the machine name must be – [http://_ServerName_:5985](http://ServerName:5985/), where "5985" is the WinRM port number. 5985 is the standard, but if your organization uses a different, use that.  The credentials used will be the Keyfactor Command service account.  Because of this, for Windows orchestrated servers, setting an additional set of credentials is not necessary.  **However, it is required that the *Change Credentials* link still be clicked on and the resulting dialog closed by clicking OK.**
-- **Store Path** – Required. The FULL PATH and file name of the PEM/PKCS12 store being managed. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:\\".
+- **Store Path** – Required. The FULL PATH and file name of the PEM/PKCS12 store being managed. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:\\".  Valid characters for Linux store paths include any alphanumeric character, space, forward slash, hyphen, underscore, and period. For Windows servers, the aforementioned characters as well as a colon and backslash.
 - **Type** – Select either PEM or PKCS12
 - **Separate Private Key File** – Check if the store has a separate private key file.
 - **Path to Private Key File** – If Separate Private Key File is checked, enter the FULL PATH to the private key file. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:".

From 0af40c42da1ba66803bf3cc02ad70fbfbe848032 Mon Sep 17 00:00:00 2001
From: Keyfactor <keyfactor@keyfactor.github.io>
Date: Tue, 12 Apr 2022 14:52:46 +0000
Subject: [PATCH 4/4] Update generated README

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index a3361d7..182daf2 100644
--- a/README.md
+++ b/README.md
@@ -101,7 +101,7 @@ If you choose to manually create a PEM_PKCS12 store In Keyfactor Command rather
   - PAM provider information to pass the UserId/Password or UserId/SSH private key credentials
 
   When setting up a Windows server, the format of the machine name must be – [http://_ServerName_:5985](http://ServerName:5985/), where "5985" is the WinRM port number. 5985 is the standard, but if your organization uses a different, use that.  The credentials used will be the Keyfactor Command service account.  Because of this, for Windows orchestrated servers, setting an additional set of credentials is not necessary.  **However, it is required that the *Change Credentials* link still be clicked on and the resulting dialog closed by clicking OK.**
-- **Store Path** – Required. The FULL PATH and file name of the PEM/PKCS12 store being managed. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:\\".
+- **Store Path** – Required. The FULL PATH and file name of the PEM/PKCS12 store being managed. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:\\".  Valid characters for Linux store paths include any alphanumeric character, space, forward slash, hyphen, underscore, and period. For Windows servers, the aforementioned characters as well as a colon and backslash.
 - **Type** – Select either PEM or PKCS12
 - **Separate Private Key File** – Check if the store has a separate private key file.
 - **Path to Private Key File** – If Separate Private Key File is checked, enter the FULL PATH to the private key file. File paths on Linux servers will always begin with a "/". Windows servers will always begin with the drive letter, colon, and backslash, such as "c:".