You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ma...@apache.org on 2021/03/01 21:36:43 UTC

[nifi] branch support/nifi-1.13 updated: NIFI-8274 - add EL consideration in XXEValidator

This is an automated email from the ASF dual-hosted git repository.

mattyb149 pushed a commit to branch support/nifi-1.13
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/support/nifi-1.13 by this push:
     new 745485a  NIFI-8274 - add EL consideration in XXEValidator
745485a is described below

commit 745485a16b4f3b530fba8e7e0cdfe3f282c62b95
Author: Pierre Villard <pi...@gmail.com>
AuthorDate: Mon Mar 1 22:51:41 2021 +0400

    NIFI-8274 - add EL consideration in XXEValidator
    
    Signed-off-by: Matthew Burgess <ma...@apache.org>
    
    This closes #4859
---
 .../org/apache/nifi/security/xml/XXEValidator.java |  4 +++
 .../lookup/TestPropertiesFileLookupService.java    | 29 ++++++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/XXEValidator.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/XXEValidator.java
index 4d54b19..e9c54d5 100644
--- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/XXEValidator.java
+++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/XXEValidator.java
@@ -43,6 +43,10 @@ public class XXEValidator implements Validator {
         String line;
         boolean containsXXE = false;
 
+        if (validationContext.isExpressionLanguageSupported(subject) && validationContext.isExpressionLanguagePresent(input)) {
+            return new ValidationResult.Builder().subject(subject).input(input).explanation("Expression Language Present").valid(true).build();
+        }
+
         final String xmlFilePathString = xmlFilePath.toString();
         logger.info("Validating {} for XXE attack", xmlFilePathString);
 
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/test/java/org/apache/nifi/lookup/TestPropertiesFileLookupService.java b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/test/java/org/apache/nifi/lookup/TestPropertiesFileLookupService.java
index 3301302..0113d0d 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/test/java/org/apache/nifi/lookup/TestPropertiesFileLookupService.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/test/java/org/apache/nifi/lookup/TestPropertiesFileLookupService.java
@@ -60,4 +60,33 @@ public class TestPropertiesFileLookupService {
         assertEquals(EMPTY_STRING, property3);
     }
 
+    @Test
+    public void testPropertiesFileLookupServiceVariable() throws InitializationException, LookupFailureException {
+        final TestRunner runner = TestRunners.newTestRunner(TestProcessor.class);
+        final PropertiesFileLookupService service = new PropertiesFileLookupService();
+
+        runner.setVariable("myFile", "src/test/resources/test.properties");
+
+        runner.addControllerService("properties-file-lookup-service", service);
+        runner.setProperty(service, PropertiesFileLookupService.CONFIGURATION_FILE, "${myFile}");
+        runner.enableControllerService(service);
+        runner.assertValid(service);
+
+        final PropertiesFileLookupService lookupService =
+            (PropertiesFileLookupService) runner.getProcessContext()
+                .getControllerServiceLookup()
+                .getControllerService("properties-file-lookup-service");
+
+        assertThat(lookupService, instanceOf(LookupService.class));
+
+        final Optional<String> property1 = lookupService.lookup(Collections.singletonMap("key", "property.1"));
+        assertEquals(Optional.of("this is property 1"), property1);
+
+        final Optional<String> property2 = lookupService.lookup(Collections.singletonMap("key", "property.2"));
+        assertEquals(Optional.of("this is property 2"), property2);
+
+        final Optional<String> property3 = lookupService.lookup(Collections.singletonMap("key", "property.3"));
+        assertEquals(EMPTY_STRING, property3);
+    }
+
 }