You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2021/09/28 16:20:00 UTC
[jira] [Resolved] (NIFI-7001) Guard against loading/operating
on/serializing large files in EC toolkit
[ https://issues.apache.org/jira/browse/NIFI-7001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Handermann resolved NIFI-7001.
------------------------------------
Fix Version/s: 1.13.0
Resolution: Fixed
> Guard against loading/operating on/serializing large files in EC toolkit
> ------------------------------------------------------------------------
>
> Key: NIFI-7001
> URL: https://issues.apache.org/jira/browse/NIFI-7001
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Tools and Build
> Affects Versions: 1.10.0
> Reporter: Andy LoPresto
> Priority: Major
> Labels: documentation, security, toolkit, validation
> Fix For: 1.13.0
>
>
> The EC toolkit did not anticipate the possibility of a {{flow.xml.gz}} on the order of magnitude of 700 MB. Many serialization/deserialization and string manipulation operations occur assuming that the content is of manageable size. Users have demonstrated that this is not a safe assumption.
> We should introduce the following protections:
> # log debug/info statements at file load, encrypt replacement and file write for the size of the content for visibility
> # simple conditional checks at file load to ensure the heap is properly sized and the file content size is reasonable
> # if the size is too large, print a helpful message and direct users to the Toolkit Guide for further information
--
This message was sent by Atlassian Jira
(v8.3.4#803005)