This is an automated email from the ASF dual-hosted git repository.

exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/main by this push:
     new a51f1d4802 NIFI-14282 Enforced that pasted property descriptor is 
sensitive before applying a sensitive property value (#9734)
a51f1d4802 is described below

commit a51f1d4802c37bde0efeb390d621b21091a3c179
Author: Matt Gilman <[email protected]>
AuthorDate: Thu Feb 20 15:27:30 2025 -0500

    NIFI-14282 Enforced that pasted property descriptor is sensitive before 
applying a sensitive property value (#9734)
    
    Signed-off-by: David Handermann <[email protected]>
---
 .../java/org/apache/nifi/web/StandardNiFiServiceFacade.java    | 10 ++++++++--
 .../org/apache/nifi/web/StandardNiFiServiceFacadeTest.java     |  8 ++++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git 
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
 
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
index 01cd350e66..8b645c5ed0 100644
--- 
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
+++ 
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
@@ -6170,7 +6170,10 @@ public class StandardNiFiServiceFacade implements 
NiFiServiceFacade {
                     copiedInstance.getProperties().keySet().stream()
                             .filter(PropertyDescriptor::isSensitive)
                             .forEach(pd -> {
-                                p.getProperties().put(pd.getName(), 
copiedInstance.getRawPropertyValue(pd));
+                                final VersionedPropertyDescriptor vpd = 
p.getPropertyDescriptors().get(pd.getName());
+                                if (vpd != null && vpd.isSensitive()) {
+                                    p.getProperties().put(pd.getName(), 
copiedInstance.getRawPropertyValue(pd));
+                                }
                             });
                 }
             }
@@ -6193,7 +6196,10 @@ public class StandardNiFiServiceFacade implements 
NiFiServiceFacade {
                     copiedInstance.getProperties().keySet().stream()
                             .filter(PropertyDescriptor::isSensitive)
                             .forEach(pd -> {
-                                s.getProperties().put(pd.getName(), 
copiedInstance.getRawPropertyValue(pd));
+                                final VersionedPropertyDescriptor vpd = 
s.getPropertyDescriptors().get(pd.getName());
+                                if (vpd != null && vpd.isSensitive()) {
+                                    s.getProperties().put(pd.getName(), 
copiedInstance.getRawPropertyValue(pd));
+                                }
                             });
                 }
             }
diff --git 
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/StandardNiFiServiceFacadeTest.java
 
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/StandardNiFiServiceFacadeTest.java
index d641176ae4..11a03223d9 100644
--- 
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/StandardNiFiServiceFacadeTest.java
+++ 
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/StandardNiFiServiceFacadeTest.java
@@ -497,6 +497,13 @@ public class StandardNiFiServiceFacadeTest {
         final RevisionManager revisionManager = new NaiveRevisionManager();
         serviceFacade.setRevisionManager(revisionManager);
 
+        final VersionedPropertyDescriptor versionedPropertyDescriptor = new 
VersionedPropertyDescriptor();
+        versionedPropertyDescriptor.setName(sensitiveProperty);
+        versionedPropertyDescriptor.setSensitive(true);
+
+        final Map<String, VersionedPropertyDescriptor> propertyDescriptors = 
new HashMap<>();
+        propertyDescriptors.put(sensitiveProperty, 
versionedPropertyDescriptor);
+
         final Map<String, String> properties = new HashMap<>();
         properties.put(sensitiveProperty, null);
 
@@ -504,6 +511,7 @@ public class StandardNiFiServiceFacadeTest {
         final VersionedProcessor versionedProcessor = new VersionedProcessor();
         versionedProcessor.setIdentifier("12345");
         versionedProcessor.setInstanceIdentifier(instanceId);
+        versionedProcessor.setPropertyDescriptors(propertyDescriptors);
         versionedProcessor.setProperties(properties);
 
         final PropertyDescriptor propertyDescriptor = 
mock(PropertyDescriptor.class);

Reply via email to