You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ma...@apache.org on 2021/03/01 21:36:43 UTC
[nifi] branch support/nifi-1.13 updated: NIFI-8274 - add EL
consideration in XXEValidator
This is an automated email from the ASF dual-hosted git repository.
mattyb149 pushed a commit to branch support/nifi-1.13
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/support/nifi-1.13 by this push:
new 745485a NIFI-8274 - add EL consideration in XXEValidator
745485a is described below
commit 745485a16b4f3b530fba8e7e0cdfe3f282c62b95
Author: Pierre Villard <pi...@gmail.com>
AuthorDate: Mon Mar 1 22:51:41 2021 +0400
NIFI-8274 - add EL consideration in XXEValidator
Signed-off-by: Matthew Burgess <ma...@apache.org>
This closes #4859
---
.../org/apache/nifi/security/xml/XXEValidator.java | 4 +++
.../lookup/TestPropertiesFileLookupService.java | 29 ++++++++++++++++++++++
2 files changed, 33 insertions(+)
diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/XXEValidator.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/XXEValidator.java
index 4d54b19..e9c54d5 100644
--- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/XXEValidator.java
+++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/XXEValidator.java
@@ -43,6 +43,10 @@ public class XXEValidator implements Validator {
String line;
boolean containsXXE = false;
+ if (validationContext.isExpressionLanguageSupported(subject) && validationContext.isExpressionLanguagePresent(input)) {
+ return new ValidationResult.Builder().subject(subject).input(input).explanation("Expression Language Present").valid(true).build();
+ }
+
final String xmlFilePathString = xmlFilePath.toString();
logger.info("Validating {} for XXE attack", xmlFilePathString);
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/test/java/org/apache/nifi/lookup/TestPropertiesFileLookupService.java b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/test/java/org/apache/nifi/lookup/TestPropertiesFileLookupService.java
index 3301302..0113d0d 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/test/java/org/apache/nifi/lookup/TestPropertiesFileLookupService.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/test/java/org/apache/nifi/lookup/TestPropertiesFileLookupService.java
@@ -60,4 +60,33 @@ public class TestPropertiesFileLookupService {
assertEquals(EMPTY_STRING, property3);
}
+ @Test
+ public void testPropertiesFileLookupServiceVariable() throws InitializationException, LookupFailureException {
+ final TestRunner runner = TestRunners.newTestRunner(TestProcessor.class);
+ final PropertiesFileLookupService service = new PropertiesFileLookupService();
+
+ runner.setVariable("myFile", "src/test/resources/test.properties");
+
+ runner.addControllerService("properties-file-lookup-service", service);
+ runner.setProperty(service, PropertiesFileLookupService.CONFIGURATION_FILE, "${myFile}");
+ runner.enableControllerService(service);
+ runner.assertValid(service);
+
+ final PropertiesFileLookupService lookupService =
+ (PropertiesFileLookupService) runner.getProcessContext()
+ .getControllerServiceLookup()
+ .getControllerService("properties-file-lookup-service");
+
+ assertThat(lookupService, instanceOf(LookupService.class));
+
+ final Optional<String> property1 = lookupService.lookup(Collections.singletonMap("key", "property.1"));
+ assertEquals(Optional.of("this is property 1"), property1);
+
+ final Optional<String> property2 = lookupService.lookup(Collections.singletonMap("key", "property.2"));
+ assertEquals(Optional.of("this is property 2"), property2);
+
+ final Optional<String> property3 = lookupService.lookup(Collections.singletonMap("key", "property.3"));
+ assertEquals(EMPTY_STRING, property3);
+ }
+
}