You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2020/05/04 18:50:34 UTC

[nifi] branch master updated: NIFI-7414: Escape user-defined values that contain invalid XML characters before writing flow.xml.gz

This is an automated email from the ASF dual-hosted git repository.

mcgilman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/master by this push:
     new 0448e23  NIFI-7414: Escape user-defined values that contain invalid XML characters before writing flow.xml.gz
0448e23 is described below

commit 0448e23a963a4f34f12cfa96e13d81675eb2b33b
Author: Mark Payne <ma...@hotmail.com>
AuthorDate: Thu Apr 30 13:22:45 2020 -0400

    NIFI-7414: Escape user-defined values that contain invalid XML characters before writing flow.xml.gz
    
    NIFI-7414: Updated StandardFlowSerializerTest to include testing for variable names and values being filtered
    
    This closes #4244
---
 .../controller/serialization/StandardFlowSerializer.java     | 12 ++++++------
 .../controller/serialization/StandardFlowSerializerTest.java | 12 ++++++++++++
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/serialization/StandardFlowSerializer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/serialization/StandardFlowSerializer.java
index adedf3c..a9b203e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/serialization/StandardFlowSerializer.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/serialization/StandardFlowSerializer.java
@@ -203,7 +203,7 @@ public class StandardFlowSerializer implements FlowSerializer<Document> {
 
     private void addStringElement(final Element parentElement, final String elementName, final String value) {
         final Element childElement = parentElement.getOwnerDocument().createElement(elementName);
-        childElement.setTextContent(value);
+        childElement.setTextContent(CharacterFilterUtils.filterInvalidXmlCharacters(value));
         parentElement.appendChild(childElement);
     }
 
@@ -309,23 +309,23 @@ public class StandardFlowSerializer implements FlowSerializer<Document> {
 
     private static void addVariable(final Element parentElement, final String variableName, final String variableValue) {
         final Element variableElement = parentElement.getOwnerDocument().createElement("variable");
-        variableElement.setAttribute("name", variableName);
-        variableElement.setAttribute("value", variableValue);
+        variableElement.setAttribute("name", CharacterFilterUtils.filterInvalidXmlCharacters(variableName));
+        variableElement.setAttribute("value", CharacterFilterUtils.filterInvalidXmlCharacters(variableValue));
         parentElement.appendChild(variableElement);
     }
 
     private static void addBundle(final Element parentElement, final BundleCoordinate coordinate) {
         // group
         final Element groupElement = parentElement.getOwnerDocument().createElement("group");
-        groupElement.setTextContent(coordinate.getGroup());
+        groupElement.setTextContent(CharacterFilterUtils.filterInvalidXmlCharacters(coordinate.getGroup()));
 
         // artifact
         final Element artifactElement = parentElement.getOwnerDocument().createElement("artifact");
-        artifactElement.setTextContent(coordinate.getId());
+        artifactElement.setTextContent(CharacterFilterUtils.filterInvalidXmlCharacters(coordinate.getId()));
 
         // version
         final Element versionElement = parentElement.getOwnerDocument().createElement("version");
-        versionElement.setTextContent(coordinate.getVersion());
+        versionElement.setTextContent(CharacterFilterUtils.filterInvalidXmlCharacters(coordinate.getVersion()));
 
         // bundle
         final Element bundleElement = parentElement.getOwnerDocument().createElement("bundle");
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/serialization/StandardFlowSerializerTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/serialization/StandardFlowSerializerTest.java
index 196e10e..eaa4e86 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/serialization/StandardFlowSerializerTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/serialization/StandardFlowSerializerTest.java
@@ -58,6 +58,11 @@ public class StandardFlowSerializerTest {
             = "<tagName> \"This\" is an ' example with many characters that need to be filtered and escaped \u0002 in it. \u007f \u0086 " + Character.MIN_SURROGATE;
     private static final String SERIALIZED_COMMENTS
             = "&lt;tagName&gt; \"This\" is an ' example with many characters that need to be filtered and escaped  in it. &#127; &#134; ";
+    private static final String RAW_VARIABLE_NAME = "Name with \u0001 escape needed";
+    private static final String SERIALIZED_VARIABLE_NAME = "Name with  escape needed";
+    private static final String RAW_VARIABLE_VALUE = "Value with \u0001 escape needed";
+    private static final String SERIALIZED_VARIABLE_VALUE = "Value with  escape needed";
+
     private volatile String propsFile = StandardFlowSerializerTest.class.getResource("/standardflowserializertest.nifi.properties").getFile();
 
     private FlowController controller;
@@ -108,6 +113,8 @@ public class StandardFlowSerializerTest {
         dummy.setComments(RAW_COMMENTS);
         controller.getFlowManager().getRootGroup().addProcessor(dummy);
 
+        controller.getFlowManager().getRootGroup().setVariables(Collections.singletonMap(RAW_VARIABLE_NAME, RAW_VARIABLE_VALUE));
+
         // serialize the controller
         final ByteArrayOutputStream os = new ByteArrayOutputStream();
         final Document doc = serializer.transform(controller, ScheduledStateLookup.IDENTITY_LOOKUP);
@@ -117,5 +124,10 @@ public class StandardFlowSerializerTest {
         final String serializedFlow = os.toString(StandardCharsets.UTF_8.name());
         assertTrue(serializedFlow.contains(SERIALIZED_COMMENTS));
         assertFalse(serializedFlow.contains(RAW_COMMENTS));
+        assertTrue(serializedFlow.contains(SERIALIZED_VARIABLE_NAME));
+        assertFalse(serializedFlow.contains(RAW_VARIABLE_NAME));
+        assertTrue(serializedFlow.contains(SERIALIZED_VARIABLE_VALUE));
+        assertFalse(serializedFlow.contains(RAW_VARIABLE_VALUE));
+        assertFalse(serializedFlow.contains("\u0001"));
     }
 }