This is an automated email from the ASF dual-hosted git repository. mcgilman pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push: new 0448e23 NIFI-7414: Escape user-defined values that contain invalid XML characters before writing flow.xml.gz 0448e23 is described below commit 0448e23a963a4f34f12cfa96e13d81675eb2b33b Author: Mark Payne <marka...@hotmail.com> AuthorDate: Thu Apr 30 13:22:45 2020 -0400 NIFI-7414: Escape user-defined values that contain invalid XML characters before writing flow.xml.gz NIFI-7414: Updated StandardFlowSerializerTest to include testing for variable names and values being filtered This closes #4244 --- .../controller/serialization/StandardFlowSerializer.java | 12 ++++++------ .../controller/serialization/StandardFlowSerializerTest.java | 12 ++++++++++++ 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/serialization/StandardFlowSerializer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/serialization/StandardFlowSerializer.java index adedf3c..a9b203e 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/serialization/StandardFlowSerializer.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/serialization/StandardFlowSerializer.java @@ -203,7 +203,7 @@ public class StandardFlowSerializer implements FlowSerializer<Document> { private void addStringElement(final Element parentElement, final String elementName, final String value) { final Element childElement = parentElement.getOwnerDocument().createElement(elementName); - childElement.setTextContent(value); + childElement.setTextContent(CharacterFilterUtils.filterInvalidXmlCharacters(value)); parentElement.appendChild(childElement); } @@ -309,23 +309,23 @@ public class StandardFlowSerializer implements FlowSerializer<Document> { private static void addVariable(final Element parentElement, final String variableName, final String variableValue) { final Element variableElement = parentElement.getOwnerDocument().createElement("variable"); - variableElement.setAttribute("name", variableName); - variableElement.setAttribute("value", variableValue); + variableElement.setAttribute("name", CharacterFilterUtils.filterInvalidXmlCharacters(variableName)); + variableElement.setAttribute("value", CharacterFilterUtils.filterInvalidXmlCharacters(variableValue)); parentElement.appendChild(variableElement); } private static void addBundle(final Element parentElement, final BundleCoordinate coordinate) { // group final Element groupElement = parentElement.getOwnerDocument().createElement("group"); - groupElement.setTextContent(coordinate.getGroup()); + groupElement.setTextContent(CharacterFilterUtils.filterInvalidXmlCharacters(coordinate.getGroup())); // artifact final Element artifactElement = parentElement.getOwnerDocument().createElement("artifact"); - artifactElement.setTextContent(coordinate.getId()); + artifactElement.setTextContent(CharacterFilterUtils.filterInvalidXmlCharacters(coordinate.getId())); // version final Element versionElement = parentElement.getOwnerDocument().createElement("version"); - versionElement.setTextContent(coordinate.getVersion()); + versionElement.setTextContent(CharacterFilterUtils.filterInvalidXmlCharacters(coordinate.getVersion())); // bundle final Element bundleElement = parentElement.getOwnerDocument().createElement("bundle"); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/serialization/StandardFlowSerializerTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/serialization/StandardFlowSerializerTest.java index 196e10e..eaa4e86 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/serialization/StandardFlowSerializerTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/serialization/StandardFlowSerializerTest.java @@ -58,6 +58,11 @@ public class StandardFlowSerializerTest { = "<tagName> \"This\" is an ' example with many characters that need to be filtered and escaped \u0002 in it. \u007f \u0086 " + Character.MIN_SURROGATE; private static final String SERIALIZED_COMMENTS = "<tagName> \"This\" is an ' example with many characters that need to be filtered and escaped in it.  † "; + private static final String RAW_VARIABLE_NAME = "Name with \u0001 escape needed"; + private static final String SERIALIZED_VARIABLE_NAME = "Name with escape needed"; + private static final String RAW_VARIABLE_VALUE = "Value with \u0001 escape needed"; + private static final String SERIALIZED_VARIABLE_VALUE = "Value with escape needed"; + private volatile String propsFile = StandardFlowSerializerTest.class.getResource("/standardflowserializertest.nifi.properties").getFile(); private FlowController controller; @@ -108,6 +113,8 @@ public class StandardFlowSerializerTest { dummy.setComments(RAW_COMMENTS); controller.getFlowManager().getRootGroup().addProcessor(dummy); + controller.getFlowManager().getRootGroup().setVariables(Collections.singletonMap(RAW_VARIABLE_NAME, RAW_VARIABLE_VALUE)); + // serialize the controller final ByteArrayOutputStream os = new ByteArrayOutputStream(); final Document doc = serializer.transform(controller, ScheduledStateLookup.IDENTITY_LOOKUP); @@ -117,5 +124,10 @@ public class StandardFlowSerializerTest { final String serializedFlow = os.toString(StandardCharsets.UTF_8.name()); assertTrue(serializedFlow.contains(SERIALIZED_COMMENTS)); assertFalse(serializedFlow.contains(RAW_COMMENTS)); + assertTrue(serializedFlow.contains(SERIALIZED_VARIABLE_NAME)); + assertFalse(serializedFlow.contains(RAW_VARIABLE_NAME)); + assertTrue(serializedFlow.contains(SERIALIZED_VARIABLE_VALUE)); + assertFalse(serializedFlow.contains(RAW_VARIABLE_VALUE)); + assertFalse(serializedFlow.contains("\u0001")); } }