This is an automated email from the ASF dual-hosted git repository.
exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new a51f1d4802 NIFI-14282 Enforced that pasted property descriptor is
sensitive before applying a sensitive property value (#9734)
a51f1d4802 is described below
commit a51f1d4802c37bde0efeb390d621b21091a3c179
Author: Matt Gilman <[email protected]>
AuthorDate: Thu Feb 20 15:27:30 2025 -0500
NIFI-14282 Enforced that pasted property descriptor is sensitive before
applying a sensitive property value (#9734)
Signed-off-by: David Handermann <[email protected]>
---
.../java/org/apache/nifi/web/StandardNiFiServiceFacade.java | 10 ++++++++--
.../org/apache/nifi/web/StandardNiFiServiceFacadeTest.java | 8 ++++++++
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
index 01cd350e66..8b645c5ed0 100644
---
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
+++
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
@@ -6170,7 +6170,10 @@ public class StandardNiFiServiceFacade implements
NiFiServiceFacade {
copiedInstance.getProperties().keySet().stream()
.filter(PropertyDescriptor::isSensitive)
.forEach(pd -> {
- p.getProperties().put(pd.getName(),
copiedInstance.getRawPropertyValue(pd));
+ final VersionedPropertyDescriptor vpd =
p.getPropertyDescriptors().get(pd.getName());
+ if (vpd != null && vpd.isSensitive()) {
+ p.getProperties().put(pd.getName(),
copiedInstance.getRawPropertyValue(pd));
+ }
});
}
}
@@ -6193,7 +6196,10 @@ public class StandardNiFiServiceFacade implements
NiFiServiceFacade {
copiedInstance.getProperties().keySet().stream()
.filter(PropertyDescriptor::isSensitive)
.forEach(pd -> {
- s.getProperties().put(pd.getName(),
copiedInstance.getRawPropertyValue(pd));
+ final VersionedPropertyDescriptor vpd =
s.getPropertyDescriptors().get(pd.getName());
+ if (vpd != null && vpd.isSensitive()) {
+ s.getProperties().put(pd.getName(),
copiedInstance.getRawPropertyValue(pd));
+ }
});
}
}
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/StandardNiFiServiceFacadeTest.java
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/StandardNiFiServiceFacadeTest.java
index d641176ae4..11a03223d9 100644
---
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/StandardNiFiServiceFacadeTest.java
+++
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/StandardNiFiServiceFacadeTest.java
@@ -497,6 +497,13 @@ public class StandardNiFiServiceFacadeTest {
final RevisionManager revisionManager = new NaiveRevisionManager();
serviceFacade.setRevisionManager(revisionManager);
+ final VersionedPropertyDescriptor versionedPropertyDescriptor = new
VersionedPropertyDescriptor();
+ versionedPropertyDescriptor.setName(sensitiveProperty);
+ versionedPropertyDescriptor.setSensitive(true);
+
+ final Map<String, VersionedPropertyDescriptor> propertyDescriptors =
new HashMap<>();
+ propertyDescriptors.put(sensitiveProperty,
versionedPropertyDescriptor);
+
final Map<String, String> properties = new HashMap<>();
properties.put(sensitiveProperty, null);
@@ -504,6 +511,7 @@ public class StandardNiFiServiceFacadeTest {
final VersionedProcessor versionedProcessor = new VersionedProcessor();
versionedProcessor.setIdentifier("12345");
versionedProcessor.setInstanceIdentifier(instanceId);
+ versionedProcessor.setPropertyDescriptors(propertyDescriptors);
versionedProcessor.setProperties(properties);
final PropertyDescriptor propertyDescriptor =
mock(PropertyDescriptor.class);
