Skip to content

Commit

Permalink
Add exception to catch single line private keys (#23043)
Browse files Browse the repository at this point in the history
(cherry picked from commit e63dbdc)
  • Loading branch information
nsAstro authored and ephraimbuddy committed May 28, 2022
1 parent 37a5696 commit 48efec1
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 0 deletions.
3 changes: 3 additions & 0 deletions airflow/providers/ssh/hooks/ssh.py
Original file line number Diff line number Diff line change
Expand Up @@ -415,6 +415,9 @@ def _pkey_from_private_key(self, private_key: str, passphrase: Optional[str] = N
:return: ``paramiko.PKey`` appropriate for given key
:raises AirflowException: if key cannot be read
"""
if len(private_key.split("\n", 2)) < 2:
raise AirflowException('Key must have BEGIN and END header/footer on separate lines.')

for pkey_class in self._pkey_loaders:
try:
key = pkey_class.from_private_key(StringIO(private_key), password=passphrase)
Expand Down
18 changes: 18 additions & 0 deletions tests/providers/ssh/hooks/test_ssh.py
Original file line number Diff line number Diff line change
Expand Up @@ -740,6 +740,24 @@ def test_openssh_private_key(self):
session.delete(conn)
session.commit()

def test_oneline_key(self):
with pytest.raises(Exception):
TEST_ONELINE_KEY = "-----BEGIN OPENSSH" + "PRIVATE KEY-----asdfg-----END OPENSSH PRIVATE KEY-----"
session = settings.Session()
try:
conn = Connection(
conn_id='openssh_pkey',
host='localhost',
conn_type='ssh',
extra={"private_key": TEST_ONELINE_KEY},
)
session.add(conn)
session.flush()
SSHHook(ssh_conn_id=conn.conn_id)
finally:
session.delete(conn)
session.commit()

@pytest.mark.flaky(max_runs=5, min_passes=1)
def test_exec_ssh_client_command(self):
hook = SSHHook(
Expand Down

0 comments on commit 48efec1

Please sign in to comment.