Matt Hite created NIFI-8256:
-------------------------------
Summary: getEndpoint in PutSplunkHTTP creates invalid path when
queryParameters are required
Key: NIFI-8256
URL: https://issues.apache.org/jira/browse/NIFI-8256
Project: Apache NiFi
Issue Type: Bug
Affects Versions: 1.13.0
Environment: $ lsb_release -a output:
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Codename: focal
Reporter: Matt Hite
While performing manual testing and troubleshooting of PutSplunkHTTP, I noticed
that invocations which required inclusion of URL parameters ended up corrupting
the HTTP path in the POST request.
Here is an example of a listener receiving a raw Splunk event message from Nifi
PutSplunkHTTP where an indexer has been specified (and hence requires inclusion
in the query parameter).
{{$ nc -l -p 8000}}
{{POST /services/%2Fservices%2Fcollector%2Fraw%3Findex%3Dmhite-quarantine
HTTP/1.1}}
{{Authorization: Splunk <REDACTED>}}
{{X-Splunk-Request-Channel: 94d13f9e-36e6-4d9b-9d66-3ccf5b7e2b4d}}
{{Accept: */*}}
{{User-Agent: splunk-sdk-java/1.6.5}}
{{Cookie:}}
{{Cache-Control: no-cache}}
{{Pragma: no-cache}}
{{Host: 127.0.0.1:8000}}
{{Connection: keep-alive}}
{{Content-type: application/x-www-form-urlencoded}}
{{Content-Length: 14}}{{asdf}}
{{sadfadfs}}
Notice the extra prefix of "/services" which is then followed by an URL-encoded
version of the path (/services/collector/raw) followed by URL-encoded query
parameters.
This POST will be rejected with an HTTP 404 by Splunk.
In comparison, if the index parameter is omitted, and hence [the code path for
URL-encoding of parameters is
skipped|https://github.com/apache/nifi/blob/main/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-processors/src/main/java/org/apache/nifi/processors/splunk/PutSplunkHTTP.java#L195],
the URL is properly formatted (/services/collector/raw). Splunk will not
reject the POST request in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
