This is an automated email from the ASF dual-hosted git repository.
mattyb149 pushed a commit to branch support/nifi-1.13
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/support/nifi-1.13 by this push:
new 745485a NIFI-8274 - add EL consideration in XXEValidator
745485a is described below
commit 745485a16b4f3b530fba8e7e0cdfe3f282c62b95
Author: Pierre Villard <[email protected]>
AuthorDate: Mon Mar 1 22:51:41 2021 +0400
NIFI-8274 - add EL consideration in XXEValidator
Signed-off-by: Matthew Burgess <[email protected]>
This closes #4859
---
.../org/apache/nifi/security/xml/XXEValidator.java | 4 +++
.../lookup/TestPropertiesFileLookupService.java | 29 ++++++++++++++++++++++
2 files changed, 33 insertions(+)
diff --git
a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/XXEValidator.java
b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/XXEValidator.java
index 4d54b19..e9c54d5 100644
---
a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/XXEValidator.java
+++
b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/XXEValidator.java
@@ -43,6 +43,10 @@ public class XXEValidator implements Validator {
String line;
boolean containsXXE = false;
+ if (validationContext.isExpressionLanguageSupported(subject) &&
validationContext.isExpressionLanguagePresent(input)) {
+ return new
ValidationResult.Builder().subject(subject).input(input).explanation("Expression
Language Present").valid(true).build();
+ }
+
final String xmlFilePathString = xmlFilePath.toString();
logger.info("Validating {} for XXE attack", xmlFilePathString);
diff --git
a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/test/java/org/apache/nifi/lookup/TestPropertiesFileLookupService.java
b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/test/java/org/apache/nifi/lookup/TestPropertiesFileLookupService.java
index 3301302..0113d0d 100644
---
a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/test/java/org/apache/nifi/lookup/TestPropertiesFileLookupService.java
+++
b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/test/java/org/apache/nifi/lookup/TestPropertiesFileLookupService.java
@@ -60,4 +60,33 @@ public class TestPropertiesFileLookupService {
assertEquals(EMPTY_STRING, property3);
}
+ @Test
+ public void testPropertiesFileLookupServiceVariable() throws
InitializationException, LookupFailureException {
+ final TestRunner runner =
TestRunners.newTestRunner(TestProcessor.class);
+ final PropertiesFileLookupService service = new
PropertiesFileLookupService();
+
+ runner.setVariable("myFile", "src/test/resources/test.properties");
+
+ runner.addControllerService("properties-file-lookup-service", service);
+ runner.setProperty(service,
PropertiesFileLookupService.CONFIGURATION_FILE, "${myFile}");
+ runner.enableControllerService(service);
+ runner.assertValid(service);
+
+ final PropertiesFileLookupService lookupService =
+ (PropertiesFileLookupService) runner.getProcessContext()
+ .getControllerServiceLookup()
+ .getControllerService("properties-file-lookup-service");
+
+ assertThat(lookupService, instanceOf(LookupService.class));
+
+ final Optional<String> property1 =
lookupService.lookup(Collections.singletonMap("key", "property.1"));
+ assertEquals(Optional.of("this is property 1"), property1);
+
+ final Optional<String> property2 =
lookupService.lookup(Collections.singletonMap("key", "property.2"));
+ assertEquals(Optional.of("this is property 2"), property2);
+
+ final Optional<String> property3 =
lookupService.lookup(Collections.singletonMap("key", "property.3"));
+ assertEquals(EMPTY_STRING, property3);
+ }
+
}
