You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "exceptionfactory (via GitHub)" <gi...@apache.org> on 2023/11/01 16:39:18 UTC

[PR] NIFI-12297 Standardize File Path resolution in Persistence Providers [nifi]

exceptionfactory opened a new pull request, #7968:
URL: https://github.com/apache/nifi/pull/7968

   # Summary
   
   [NIFI-12297](https://issues.apache.org/jira/browse/NIFI-12297) Standardizes file path resolution in the NiFi Registry File System Bundle and Flow Persistence Providers, as well as the file-backed client for system tests. These changes replace string concatenation and related strategies with a standard approach using Java NIO Paths. Using Paths ensures consistent directory separator handling and path normalization.
   
   Additional changes include updating related unit tests to reuse shared identifier values.
   
   # Tracking
   
   Please complete the following tracking steps prior to pull request creation.
   
   ### Issue Tracking
   
   - [X] [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue created
   
   ### Pull Request Tracking
   
   - [X] Pull Request title starts with Apache NiFi Jira issue number, such as `NIFI-00000`
   - [X] Pull Request commit message starts with Apache NiFi Jira issue number, as such `NIFI-00000`
   
   ### Pull Request Formatting
   
   - [X] Pull Request based on current revision of the `main` branch
   - [X] Pull Request refers to a feature branch with one commit containing changes
   
   # Verification
   
   Please indicate the verification steps performed prior to pull request creation.
   
   ### Build
   
   - [X] Build completed using `mvn clean install -P contrib-check`
     - [X] JDK 21
   
   ### Licensing
   
   - [ ] New dependencies are compatible with the [Apache License 2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License Policy](https://www.apache.org/legal/resolved.html)
   - [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` files
   
   ### Documentation
   
   - [ ] Documentation formatting appears as expected in rendered files
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] NIFI-12297 Standardize File Path resolution in Persistence Providers [nifi]

Posted by "github-advanced-security[bot] (via GitHub)" <gi...@apache.org>.

github-advanced-security[bot] commented on code in PR #7968:
URL: https://github.com/apache/nifi/pull/7968#discussion_r1379146462


##########
nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/provider/extension/FileSystemBundlePersistenceProvider.java:
##########
@@ -227,7 +231,11 @@
 
         final String bundleFileExtension = getBundleFileExtension(bundleType);
         final String bundleFilename = sanitize(artifactId) + "-" + sanitize(version) + bundleFileExtension;
-        return new File(parentDir, bundleFilename);
+        return getChildLocation(parentDir, Paths.get(bundleFilename));
+    }
+
+    static Path getArtifactPath(final String bucketId, final String groupId, final String artifactId) {
+        return Paths.get(sanitize(bucketId), sanitize(groupId), sanitize(artifactId)).normalize();

Review Comment:
   ## Uncontrolled data used in path expression
   
   This path depends on a [user-provided value](1).
   
   [Show more details](https://github.com/apache/nifi/security/code-scanning/60)



##########
nifi-system-tests/nifi-system-test-extensions-bundle/nifi-system-test-extensions/src/main/java/org/apache/nifi/flow/registry/FileSystemFlowRegistryClient.java:
##########
@@ -393,4 +380,24 @@
             .max();
         return greatestValue.orElse(-1);
     }
+
+    private File getFlowDirectory(final FlowRegistryClientConfigurationContext context, final String bucketId, final String flowId) {
+        final File rootDir = getRootDirectory(context);
+        final File bucketDir = getChildLocation(rootDir, getNormalizedIdPath(bucketId));
+        return getChildLocation(bucketDir, getNormalizedIdPath(flowId));
+    }
+
+    private Path getNormalizedIdPath(final String id) {
+        final String normalizedId = id.replaceAll("\\.", "").replaceAll("/", "").trim();
+        return Paths.get(normalizedId).normalize();

Review Comment:
   ## Uncontrolled data used in path expression
   
   This path depends on a [user-provided value](1).
   This path depends on a [user-provided value](2).
   This path depends on a [user-provided value](3).
   This path depends on a [user-provided value](4).
   This path depends on a [user-provided value](5).
   This path depends on a [user-provided value](6).
   This path depends on a [user-provided value](7).
   This path depends on a [user-provided value](8).
   This path depends on a [user-provided value](9).
   
   [Show more details](https://github.com/apache/nifi/security/code-scanning/62)



##########
nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/provider/flow/FileSystemFlowPersistenceProvider.java:
##########
@@ -174,13 +180,32 @@
         }
 
         if (LOGGER.isDebugEnabled()) {
-            LOGGER.debug("Deleted snapshot at {}", new Object[] {snapshotFile.getAbsolutePath()});
+            LOGGER.debug("Deleted snapshot at {}", snapshotFile.getAbsolutePath());
         }
     }
 
     protected File getSnapshotFile(final String bucketId, final String flowId, final int version) {
-        final String snapshotFilename = bucketId + "/" + flowId + "/" + version + "/" + version + SNAPSHOT_EXTENSION;
-        return new File(flowStorageDir, snapshotFilename);
+        final String versionExtension = version + SNAPSHOT_EXTENSION;
+        final Path snapshotLocation = Paths.get(getNormalizedId(bucketId), getNormalizedId(flowId), Integer.toString(version), versionExtension);
+        return getChildLocation(flowStorageDir, snapshotLocation);
     }
 
+    private File getChildLocation(final File parentDir, final Path childLocation) {
+        final Path parentPath = parentDir.toPath().normalize();
+        final Path childPathNormalized = childLocation.normalize();
+        final Path childPath = parentPath.resolve(childPathNormalized);
+        if (childPath.startsWith(parentPath)) {
+            return childPath.toFile();
+        }
+        throw new IllegalArgumentException(String.format("Child location not valid [%s]", childLocation));
+    }
+
+    private Path getNormalizedIdPath(final String id) {
+        final String normalizedId = getNormalizedId(id);
+        return Paths.get(normalizedId).normalize();

Review Comment:
   ## Uncontrolled data used in path expression
   
   This path depends on a [user-provided value](1).
   This path depends on a [user-provided value](2).
   This path depends on a [user-provided value](3).
   This path depends on a [user-provided value](4).
   This path depends on a [user-provided value](5).
   
   [Show more details](https://github.com/apache/nifi/security/code-scanning/61)



##########
nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/provider/flow/FileSystemFlowPersistenceProvider.java:
##########
@@ -174,13 +180,32 @@
         }
 
         if (LOGGER.isDebugEnabled()) {
-            LOGGER.debug("Deleted snapshot at {}", new Object[] {snapshotFile.getAbsolutePath()});
+            LOGGER.debug("Deleted snapshot at {}", snapshotFile.getAbsolutePath());
         }
     }
 
     protected File getSnapshotFile(final String bucketId, final String flowId, final int version) {
-        final String snapshotFilename = bucketId + "/" + flowId + "/" + version + "/" + version + SNAPSHOT_EXTENSION;
-        return new File(flowStorageDir, snapshotFilename);
+        final String versionExtension = version + SNAPSHOT_EXTENSION;
+        final Path snapshotLocation = Paths.get(getNormalizedId(bucketId), getNormalizedId(flowId), Integer.toString(version), versionExtension);

Review Comment:
   ## Uncontrolled data used in path expression
   
   This path depends on a [user-provided value](1).
   This path depends on a [user-provided value](2).
   
   [Show more details](https://github.com/apache/nifi/security/code-scanning/59)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] NIFI-12297 Standardize File Path resolution in Persistence Providers [nifi]

Posted by "exceptionfactory (via GitHub)" <gi...@apache.org>.

exceptionfactory closed pull request #7968: NIFI-12297 Standardize File Path resolution in Persistence Providers
URL: https://github.com/apache/nifi/pull/7968


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org