You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2021/09/28 16:20:00 UTC

[jira] [Resolved] (NIFI-7001) Guard against loading/operating on/serializing large files in EC toolkit

     [ https://issues.apache.org/jira/browse/NIFI-7001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Handermann resolved NIFI-7001.
------------------------------------
    Fix Version/s: 1.13.0
       Resolution: Fixed

> Guard against loading/operating on/serializing large files in EC toolkit
> ------------------------------------------------------------------------
>
>                 Key: NIFI-7001
>                 URL: https://issues.apache.org/jira/browse/NIFI-7001
>             Project: Apache NiFi
>          Issue Type: Sub-task
>          Components: Tools and Build
>    Affects Versions: 1.10.0
>            Reporter: Andy LoPresto
>            Priority: Major
>              Labels: documentation, security, toolkit, validation
>             Fix For: 1.13.0
>
>
> The EC toolkit did not anticipate the possibility of a {{flow.xml.gz}} on the order of magnitude of 700 MB. Many serialization/deserialization and string manipulation operations occur assuming that the content is of manageable size. Users have demonstrated that this is not a safe assumption. 
> We should introduce the following protections:
> # log debug/info statements at file load, encrypt replacement and file write for the size of the content for visibility
> # simple conditional checks at file load to ensure the heap is properly sized and the file content size is reasonable
> # if the size is too large, print a helpful message and direct users to the Toolkit Guide for further information



--
This message was sent by Atlassian Jira
(v8.3.4#803005)