You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2019/06/11 01:39:58 UTC

[GitHub] [nifi] alopresto commented on issue #3507: NIFI-6301 - Added a SafeXMLConfiguration which disables XML DTDs whic…

alopresto commented on issue #3507: NIFI-6301 - Added a SafeXMLConfiguration which disables XML DTDs whic…
URL: https://github.com/apache/nifi/pull/3507#issuecomment-500653042

I built the PR successfully and ran a local instance.

* Using `local_xxe_file.xml` the controller service validation correctly returned "Invalid" and explained the reason with the XXE error message
* Using `whitespace_xxe_file.xml` the controller service validation correctly returned "Invalid" and explained the reason with the XXE error message
* Using `multiline_xxe_file.xml` the controller service validated and shows "Disabled". When the "Enable" action is taken, the controller service stays in "Enabling" mode. The dialog processes as it would in a successful operation. Disabling the controller service takes ~15-30 seconds. This is not ideal for user experience

I'm going to see if I can enforce the same expected behavior from the regular and whitespace XXE file on the multiline XXE file. I am also going to suppress the stacktrace unless `DEBUG` is enabled, as the stacktrace doesn't add valuable information to the provided error message.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

With regards,
Apache Git Services