Merge pull request #1 from genexuslabs/issue#80271_extWhitelisting

Adds Sftp Whitelisting

Author: sgrampone

GeneXusSftp/src/main/java/com/genexus/sftp/SftpClient.java

@@ -1,6 +1,7 @@
 package com.genexus.sftp;
 
 import com.genexus.commons.sftp.SftpClientObject;
+import com.genexus.securityapicommons.utils.ExtensionsWhiteList;
 import com.genexus.securityapicommons.utils.SecurityUtils;
 import com.jcraft.jsch.ChannelSftp;
 import com.jcraft.jsch.JSch;
@@ -12,6 +13,7 @@ public class SftpClient extends SftpClientObject {
 
 	private ChannelSftp channel;
 	private Session session;
+	private ExtensionsWhiteList whiteList;
 
 	public SftpClient() {
 		super();
@@ -54,10 +56,17 @@ public boolean connect(SftpOptions options) {
 			this.error.setError("SF004", e.getMessage() + e.getStackTrace());
 			return false;
 		}
+		this.whiteList = options.getWhiteList();
 		return true;
 	}
 
 	public boolean put(String localPath, String remoteDir) {
+		if (this.whiteList != null) {
+			if (!this.whiteList.isValid(localPath)) {
+				this.error.setError("WL001", "Invalid file extension");
+				return false;
+			}
+		}
 		if (this.channel == null) {
 			this.error.setError("SF005", "The channel is invalid, reconect");
 			return false;
@@ -72,6 +81,12 @@ public boolean put(String localPath, String remoteDir) {
 	}
 
 	public boolean get(String remoteFilePath, String localDir) {
+		if (this.whiteList != null) {
+			if (!this.whiteList.isValid(remoteFilePath)) {
+				this.error.setError("WL002", "Invalid file extension");
+				return false;
+			}
+		}
 		if (this.channel == null) {
 			this.error.setError("SF007", "The channel is invalid, reconect");
 			return false;

GeneXusSftp/src/main/java/com/genexus/sftp/SftpOptions.java

@@ -1,6 +1,7 @@
 package com.genexus.sftp;
 
 import com.genexus.securityapicommons.commons.SecurityAPIObject;
+import com.genexus.securityapicommons.utils.ExtensionsWhiteList;
 import com.genexus.securityapicommons.utils.SecurityUtils;
 
 public class SftpOptions extends SecurityAPIObject {
@@ -13,6 +14,7 @@ public class SftpOptions extends SecurityAPIObject {
 	private String keyPassword;
 	private boolean allowHostKeyChecking;
 	private String knownHostsPath;
+	private ExtensionsWhiteList whiteList;
 
 	public SftpOptions() {
 		this.host = "";
@@ -23,6 +25,7 @@ public SftpOptions() {
 		this.keyPassword = "";
 		this.allowHostKeyChecking = true;
 		this.knownHostsPath = "";
+		this.whiteList = null;
 	}
 
 	public void setUser(String value) {
@@ -100,4 +103,12 @@ public void setKnownHostsPath(String value) {
 			this.knownHostsPath = value.trim();
 		}
 	}
+	
+	public void setWhiteList(ExtensionsWhiteList value) {
+		this.whiteList = value;
+	}
+
+	public ExtensionsWhiteList getWhiteList() {
+		return this.whiteList;
+	}
 }

SecurityAPICommons/src/main/java/com/genexus/securityapicommons/utils/ExtensionsWhiteList.java

@@ -0,0 +1,55 @@
+package com.genexus.securityapicommons.utils;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class ExtensionsWhiteList {
+
+	private List<String> whitelist;
+
+	public ExtensionsWhiteList() {
+		this.whitelist = new ArrayList<String>();
+	}
+
+	public void setExtension(String value) {
+		if (value.charAt(0) != '.') {
+			value = "." + value;
+		}
+		this.whitelist.add(value);
+	}
+
+	public boolean isValid(String path) {
+		if (!isValidName(path)) {
+			return false;
+		}
+		String ext = SecurityUtils.getFileExtension(path);
+		for (int i = 0; i <= this.whitelist.size(); i++) {
+			if (SecurityUtils.compareStrings(ext, this.whitelist.get(i))) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+	public boolean isEmpty() {
+		if (this.whitelist.size() == 0) {
+			return true;
+		}
+		return false;
+	}
+
+	private boolean isValidName(String path) {
+		int counter = 0;
+		int i = 0;
+		while (i < path.length() && counter <= 2) {
+			if (path.charAt(i) == '.') {
+				counter++;
+			}
+			i++;
+		}
+		if (counter >= 2) {
+			return false;
+		}
+		return true;
+	}
+}