You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2020/11/23 17:37:53 UTC

[GitHub] [nifi] alfprado opened a new pull request #4683: NIFI-8029 Adding StringEscapeUtils.escapeJava() to correct value with…

alfprado opened a new pull request #4683:
URL: https://github.com/apache/nifi/pull/4683


   Thank you for submitting a contribution to Apache NiFi.
   
   Please provide a short description of the PR here:
   
   NIFI-8029 Provides update on InvokeHTTP.class it was throwing illegalArgumentException when dynamic property has accent in value. My solution is to use StringEscapeUtils.escapeJava() function in the get value.
   
   In order to streamline the review of the contribution we ask you
   to ensure the following steps have been taken:
   
   ### For all changes:
   - [X ] Is there a JIRA ticket associated with this PR? Is it referenced 
        in the commit message?
   
   - [X ] Does your PR title start with **NIFI-XXXX** where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
   
   - [X ] Has your PR been rebased against the latest commit within the target branch (typically `main`)?
   
   - [ ] Is your initial contribution a single, squashed commit? _Additional commits in response to PR reviewer feedback should be made on this branch and pushed to allow change tracking. Do not `squash` or use `--force` when pushing to allow for clean monitoring of changes._
   
   ### For code changes:
   - [ ] Have you ensured that the full suite of tests is executed via `mvn -Pcontrib-check clean install` at the root `nifi` folder?
   - [ ] Have you written or updated unit tests to verify your changes?
   - [ ] Have you verified that the full build is successful on JDK 8?
   - [ ] Have you verified that the full build is successful on JDK 11?
   - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? 
   - [ ] If applicable, have you updated the `LICENSE` file, including the main `LICENSE` file under `nifi-assembly`?
   - [ ] If applicable, have you updated the `NOTICE` file, including the main `NOTICE` file found under `nifi-assembly`?
   - [ ] If adding new Properties, have you added `.displayName` in addition to .name (programmatic access) for each of the new properties?
   
   ### For documentation related changes:
   - [ ] Have you ensured that format looks appropriate for the output in which it is rendered?
   
   ### Note:
   Please ensure that once the PR is submitted, you check GitHub Actions CI for build issues and submit an update to your PR as soon as possible.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [nifi] alfprado commented on a change in pull request #4683: NIFI-8029 Adding StringEscapeUtils.escapeJava() to correct value with…

Posted by GitBox <gi...@apache.org>.

alfprado commented on a change in pull request #4683:
URL: https://github.com/apache/nifi/pull/4683#discussion_r529496229



##########
File path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
##########
@@ -1122,7 +1123,7 @@ public long contentLength() {
 
         final ComponentLog logger = getLogger();
         for (String headerKey : dynamicPropertyNames) {
-            String headerValue = context.getProperty(headerKey).evaluateAttributeExpressions(requestFlowFile).getValue();
+            String headerValue = StringEscapeUtils.escapeJava(context.getProperty(headerKey).evaluateAttributeExpressions(requestFlowFile).getValue());

Review comment:
       @exceptionfactory thank you for the explanation too.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [nifi] mattyb149 commented on a change in pull request #4683: NIFI-8029 Adding StringEscapeUtils.escapeJava() to correct value with…

Posted by GitBox <gi...@apache.org>.

mattyb149 commented on a change in pull request #4683:
URL: https://github.com/apache/nifi/pull/4683#discussion_r528931706



##########
File path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
##########
@@ -1122,7 +1123,7 @@ public long contentLength() {
 
         final ComponentLog logger = getLogger();
         for (String headerKey : dynamicPropertyNames) {
-            String headerValue = context.getProperty(headerKey).evaluateAttributeExpressions(requestFlowFile).getValue();
+            String headerValue = StringEscapeUtils.escapeJava(context.getProperty(headerKey).evaluateAttributeExpressions(requestFlowFile).getValue());

Review comment:
       Doesn't this assume that the server side has to unescape it? I'd rather use OkHttp's mechanism for not validating header values, but that assumes a later version and there are a whole set of Jira cases around the upgrade path, due to security issues, breaking changes, etc.
   
   Maybe instead we could add (un)escapeJava methods to Expression Language, then the user can use those functions in EL to escape the values as they choose.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [nifi] alfprado commented on a change in pull request #4683: NIFI-8029 Adding StringEscapeUtils.escapeJava() to correct value with…

Posted by GitBox <gi...@apache.org>.

alfprado commented on a change in pull request #4683:
URL: https://github.com/apache/nifi/pull/4683#discussion_r528963481



##########
File path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
##########
@@ -1122,7 +1123,7 @@ public long contentLength() {
 
         final ComponentLog logger = getLogger();
         for (String headerKey : dynamicPropertyNames) {
-            String headerValue = context.getProperty(headerKey).evaluateAttributeExpressions(requestFlowFile).getValue();
+            String headerValue = StringEscapeUtils.escapeJava(context.getProperty(headerKey).evaluateAttributeExpressions(requestFlowFile).getValue());

Review comment:
        I'm new in NIFI and I don't know it very well, I just open it because I'm developing a new custom processor for my personal purpose that use invokehttp as base and in my context I thought it was the best solution. I was thought it was a bug but you are right. Thank you for the explanation




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [nifi] alfprado closed pull request #4683: NIFI-8029 Adding StringEscapeUtils.escapeJava() to correct value with…

Posted by GitBox <gi...@apache.org>.

alfprado closed pull request #4683:
URL: https://github.com/apache/nifi/pull/4683


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [nifi] exceptionfactory commented on a change in pull request #4683: NIFI-8029 Adding StringEscapeUtils.escapeJava() to correct value with…

Posted by GitBox <gi...@apache.org>.

exceptionfactory commented on a change in pull request #4683:
URL: https://github.com/apache/nifi/pull/4683#discussion_r529011729



##########
File path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
##########
@@ -1122,7 +1123,7 @@ public long contentLength() {
 
         final ComponentLog logger = getLogger();
         for (String headerKey : dynamicPropertyNames) {
-            String headerValue = context.getProperty(headerKey).evaluateAttributeExpressions(requestFlowFile).getValue();
+            String headerValue = StringEscapeUtils.escapeJava(context.getProperty(headerKey).evaluateAttributeExpressions(requestFlowFile).getValue());

Review comment:
       [RFC 2616 Section 2.2](https://tools.ietf.org/html/rfc2616#section-2.2) indicates that text values, used in HTTP headers, may contain characters other than ISO-8859-1 only when encoding according to [RFC 2047](https://tools.ietf.org/html/rfc2047).  Support for encoded values would depend on the receiving server implementation as @mattyb149 noted.  Implementing a solution inside the Expression Language context would provide greater flexibility for use cases where supporting characters outside of ISO-8859-1 in HTTP headers is required.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org