[GitHub] [nifi] exceptionfactory commented on a change in pull request #5028: NIFI-8325: Complete SNMP refactor: SNMP GET and SET processors rework, unit tests added

GitBox Tue, 27 Apr 2021 08:37:51 -0700


exceptionfactory commented on a change in pull request #5028:
URL: https://github.com/apache/nifi/pull/5028#discussion_r621327503




##########
File path: 
nifi-nar-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/AbstractSNMPProcessor.java
##########
@@ -16,413 +16,248 @@
  */
 package org.apache.nifi.snmp.processors;
 
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
+import org.apache.nifi.annotation.lifecycle.OnScheduled;
 import org.apache.nifi.annotation.lifecycle.OnStopped;
+import org.apache.nifi.components.AllowableValue;
 import org.apache.nifi.components.PropertyDescriptor;
-import org.apache.nifi.components.ValidationContext;
-import org.apache.nifi.components.ValidationResult;
+import org.apache.nifi.flowfile.FlowFile;
 import org.apache.nifi.processor.AbstractProcessor;
 import org.apache.nifi.processor.ProcessContext;
 import org.apache.nifi.processor.ProcessSession;
-import org.apache.nifi.processor.Processor;
-import org.apache.nifi.processor.exception.ProcessException;
 import org.apache.nifi.processor.util.StandardValidators;
-import org.snmp4j.AbstractTarget;
-import org.snmp4j.CommunityTarget;
-import org.snmp4j.Snmp;
-import org.snmp4j.TransportMapping;
-import org.snmp4j.UserTarget;
-import org.snmp4j.mp.MPv3;
-import org.snmp4j.mp.SnmpConstants;
-import org.snmp4j.security.SecurityModels;
-import org.snmp4j.security.SecurityProtocols;
-import org.snmp4j.security.USM;
-import org.snmp4j.security.UsmUser;
-import org.snmp4j.smi.OctetString;
-import org.snmp4j.smi.UdpAddress;
-import org.snmp4j.transport.DefaultUdpTransportMapping;
+import org.apache.nifi.reporting.InitializationException;
+import org.apache.nifi.snmp.configuration.SNMPConfiguration;
+import org.apache.nifi.snmp.configuration.SNMPConfigurationBuilder;
+import org.apache.nifi.snmp.logging.SLF4JLogFactory;
+import org.apache.nifi.snmp.operations.SNMPRequestHandler;
+import org.apache.nifi.snmp.operations.SNMPRequestHandlerFactory;
+import org.apache.nifi.snmp.utils.SNMPUtils;
+import org.snmp4j.log.LogFactory;
+
+import java.util.HashMap;
+import java.util.Map;
 
 /**
- * Base processor that uses SNMP4J client API
+ * Base processor that uses SNMP4J client API.
  * (http://www.snmp4j.org/)
- *
- * @param <T> the type of {@link SNMPWorker}. Please see {@link SNMPSetter}
- *            and {@link SNMPGetter}
  */
-abstract class AbstractSNMPProcessor<T extends SNMPWorker> extends 
AbstractProcessor {
+abstract class AbstractSNMPProcessor extends AbstractProcessor {
+
+    static {
+        LogFactory.setLogFactory(new SLF4JLogFactory());
+    }
 
-    /** property to define host of the SNMP agent */
-    public static final PropertyDescriptor HOST = new 
PropertyDescriptor.Builder()
+    // SNMP versions
+    public static final AllowableValue SNMP_V1 = new AllowableValue("SNMPv1", 
"v1", "SNMP version 1");
+    public static final AllowableValue SNMP_V2C = new 
AllowableValue("SNMPv2c", "v2c", "SNMP version 2c");
+    public static final AllowableValue SNMP_V3 = new AllowableValue("SNMPv3", 
"v3", "SNMP version 3 with improved security");
+
+    // SNMPv3 privacy protocols
+    public static final AllowableValue NO_AUTH_NO_PRIV = new 
AllowableValue("noAuthNoPriv", "No authentication or encryption",
+            "No authentication or encryption.");
+    public static final AllowableValue AUTH_NO_PRIV = new 
AllowableValue("authNoPriv", "Authentication without encryption",
+            "Authentication without encryption.");
+    public static final AllowableValue AUTH_PRIV = new 
AllowableValue("authPriv", "Authentication and encryption",
+            "Authentication and encryption.");
+
+    // SNMPv3 authentication protocols
+    public static final AllowableValue MD5 = new AllowableValue("MD5", "MD5 
based authentication",
+            "Provides authentication based on the HMAC-MD5 algorithm.");
+    public static final AllowableValue SHA = new AllowableValue("SHA", "SHA 
based authentication",
+            "Provides authentication based on the HMAC-SHA algorithm.");
+    public static final AllowableValue NO_AUTHENTICATION = new 
AllowableValue("", "None",
+            "Sends SNMP requests without authentication.");
+
+    // SNMPv3 encryption
+    public static final AllowableValue DES = new AllowableValue("DES", "DES",

Review comment:
       DES is not considered secure due to the ease of brute-force and other 
attacks.  Is there a compelling reason to provide it as an allowable option?

##########
File path: 
nifi-nar-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/log4j.properties
##########
@@ -13,8 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 log4j.rootLogger=INFO, CONSOLE

Review comment:
       Is this file necessary?  Log4j calls should be routed to SLF4J and this 
configuration file should be removed.

##########
File path: 
nifi-nar-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/AbstractSNMPProcessor.java
##########
@@ -16,413 +16,248 @@
  */
 package org.apache.nifi.snmp.processors;
 
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
+import org.apache.nifi.annotation.lifecycle.OnScheduled;
 import org.apache.nifi.annotation.lifecycle.OnStopped;
+import org.apache.nifi.components.AllowableValue;
 import org.apache.nifi.components.PropertyDescriptor;
-import org.apache.nifi.components.ValidationContext;
-import org.apache.nifi.components.ValidationResult;
+import org.apache.nifi.flowfile.FlowFile;
 import org.apache.nifi.processor.AbstractProcessor;
 import org.apache.nifi.processor.ProcessContext;
 import org.apache.nifi.processor.ProcessSession;
-import org.apache.nifi.processor.Processor;
-import org.apache.nifi.processor.exception.ProcessException;
 import org.apache.nifi.processor.util.StandardValidators;
-import org.snmp4j.AbstractTarget;
-import org.snmp4j.CommunityTarget;
-import org.snmp4j.Snmp;
-import org.snmp4j.TransportMapping;
-import org.snmp4j.UserTarget;
-import org.snmp4j.mp.MPv3;
-import org.snmp4j.mp.SnmpConstants;
-import org.snmp4j.security.SecurityModels;
-import org.snmp4j.security.SecurityProtocols;
-import org.snmp4j.security.USM;
-import org.snmp4j.security.UsmUser;
-import org.snmp4j.smi.OctetString;
-import org.snmp4j.smi.UdpAddress;
-import org.snmp4j.transport.DefaultUdpTransportMapping;
+import org.apache.nifi.reporting.InitializationException;
+import org.apache.nifi.snmp.configuration.SNMPConfiguration;
+import org.apache.nifi.snmp.configuration.SNMPConfigurationBuilder;
+import org.apache.nifi.snmp.logging.SLF4JLogFactory;
+import org.apache.nifi.snmp.operations.SNMPRequestHandler;
+import org.apache.nifi.snmp.operations.SNMPRequestHandlerFactory;
+import org.apache.nifi.snmp.utils.SNMPUtils;
+import org.snmp4j.log.LogFactory;
+
+import java.util.HashMap;
+import java.util.Map;
 
 /**
- * Base processor that uses SNMP4J client API
+ * Base processor that uses SNMP4J client API.
  * (http://www.snmp4j.org/)
- *
- * @param <T> the type of {@link SNMPWorker}. Please see {@link SNMPSetter}
- *            and {@link SNMPGetter}
  */
-abstract class AbstractSNMPProcessor<T extends SNMPWorker> extends 
AbstractProcessor {
+abstract class AbstractSNMPProcessor extends AbstractProcessor {
+
+    static {
+        LogFactory.setLogFactory(new SLF4JLogFactory());
+    }
 
-    /** property to define host of the SNMP agent */
-    public static final PropertyDescriptor HOST = new 
PropertyDescriptor.Builder()
+    // SNMP versions
+    public static final AllowableValue SNMP_V1 = new AllowableValue("SNMPv1", 
"v1", "SNMP version 1");
+    public static final AllowableValue SNMP_V2C = new 
AllowableValue("SNMPv2c", "v2c", "SNMP version 2c");
+    public static final AllowableValue SNMP_V3 = new AllowableValue("SNMPv3", 
"v3", "SNMP version 3 with improved security");
+
+    // SNMPv3 privacy protocols
+    public static final AllowableValue NO_AUTH_NO_PRIV = new 
AllowableValue("noAuthNoPriv", "No authentication or encryption",
+            "No authentication or encryption.");
+    public static final AllowableValue AUTH_NO_PRIV = new 
AllowableValue("authNoPriv", "Authentication without encryption",
+            "Authentication without encryption.");
+    public static final AllowableValue AUTH_PRIV = new 
AllowableValue("authPriv", "Authentication and encryption",
+            "Authentication and encryption.");
+
+    // SNMPv3 authentication protocols
+    public static final AllowableValue MD5 = new AllowableValue("MD5", "MD5 
based authentication",
+            "Provides authentication based on the HMAC-MD5 algorithm.");
+    public static final AllowableValue SHA = new AllowableValue("SHA", "SHA 
based authentication",
+            "Provides authentication based on the HMAC-SHA algorithm.");
+    public static final AllowableValue NO_AUTHENTICATION = new 
AllowableValue("", "None",
+            "Sends SNMP requests without authentication.");
+
+    // SNMPv3 encryption
+    public static final AllowableValue DES = new AllowableValue("DES", "DES",
+            "Symmetric-key algorithm for the encryption of digital data.");
+    public static final AllowableValue DES3 = new AllowableValue("3DES", 
"3DES",

Review comment:
       Although 3DES provides a much greater level of security than DES, it is 
no longer recommend for use, is there a reason it should be allowed?

##########
File path: 
nifi-nar-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/AbstractSNMPProcessor.java
##########
@@ -16,413 +16,248 @@
  */
 package org.apache.nifi.snmp.processors;
 
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
+import org.apache.nifi.annotation.lifecycle.OnScheduled;
 import org.apache.nifi.annotation.lifecycle.OnStopped;
+import org.apache.nifi.components.AllowableValue;
 import org.apache.nifi.components.PropertyDescriptor;
-import org.apache.nifi.components.ValidationContext;
-import org.apache.nifi.components.ValidationResult;
+import org.apache.nifi.flowfile.FlowFile;
 import org.apache.nifi.processor.AbstractProcessor;
 import org.apache.nifi.processor.ProcessContext;
 import org.apache.nifi.processor.ProcessSession;
-import org.apache.nifi.processor.Processor;
-import org.apache.nifi.processor.exception.ProcessException;
 import org.apache.nifi.processor.util.StandardValidators;
-import org.snmp4j.AbstractTarget;
-import org.snmp4j.CommunityTarget;
-import org.snmp4j.Snmp;
-import org.snmp4j.TransportMapping;
-import org.snmp4j.UserTarget;
-import org.snmp4j.mp.MPv3;
-import org.snmp4j.mp.SnmpConstants;
-import org.snmp4j.security.SecurityModels;
-import org.snmp4j.security.SecurityProtocols;
-import org.snmp4j.security.USM;
-import org.snmp4j.security.UsmUser;
-import org.snmp4j.smi.OctetString;
-import org.snmp4j.smi.UdpAddress;
-import org.snmp4j.transport.DefaultUdpTransportMapping;
+import org.apache.nifi.reporting.InitializationException;
+import org.apache.nifi.snmp.configuration.SNMPConfiguration;
+import org.apache.nifi.snmp.configuration.SNMPConfigurationBuilder;
+import org.apache.nifi.snmp.logging.SLF4JLogFactory;
+import org.apache.nifi.snmp.operations.SNMPRequestHandler;
+import org.apache.nifi.snmp.operations.SNMPRequestHandlerFactory;
+import org.apache.nifi.snmp.utils.SNMPUtils;
+import org.snmp4j.log.LogFactory;
+
+import java.util.HashMap;
+import java.util.Map;
 
 /**
- * Base processor that uses SNMP4J client API
+ * Base processor that uses SNMP4J client API.
  * (http://www.snmp4j.org/)
- *
- * @param <T> the type of {@link SNMPWorker}. Please see {@link SNMPSetter}
- *            and {@link SNMPGetter}
  */
-abstract class AbstractSNMPProcessor<T extends SNMPWorker> extends 
AbstractProcessor {
+abstract class AbstractSNMPProcessor extends AbstractProcessor {
+
+    static {
+        LogFactory.setLogFactory(new SLF4JLogFactory());
+    }
 
-    /** property to define host of the SNMP agent */
-    public static final PropertyDescriptor HOST = new 
PropertyDescriptor.Builder()
+    // SNMP versions
+    public static final AllowableValue SNMP_V1 = new AllowableValue("SNMPv1", 
"v1", "SNMP version 1");
+    public static final AllowableValue SNMP_V2C = new 
AllowableValue("SNMPv2c", "v2c", "SNMP version 2c");
+    public static final AllowableValue SNMP_V3 = new AllowableValue("SNMPv3", 
"v3", "SNMP version 3 with improved security");
+
+    // SNMPv3 privacy protocols
+    public static final AllowableValue NO_AUTH_NO_PRIV = new 
AllowableValue("noAuthNoPriv", "No authentication or encryption",
+            "No authentication or encryption.");
+    public static final AllowableValue AUTH_NO_PRIV = new 
AllowableValue("authNoPriv", "Authentication without encryption",
+            "Authentication without encryption.");
+    public static final AllowableValue AUTH_PRIV = new 
AllowableValue("authPriv", "Authentication and encryption",
+            "Authentication and encryption.");
+
+    // SNMPv3 authentication protocols
+    public static final AllowableValue MD5 = new AllowableValue("MD5", "MD5 
based authentication",
+            "Provides authentication based on the HMAC-MD5 algorithm.");
+    public static final AllowableValue SHA = new AllowableValue("SHA", "SHA 
based authentication",
+            "Provides authentication based on the HMAC-SHA algorithm.");
+    public static final AllowableValue NO_AUTHENTICATION = new 
AllowableValue("", "None",
+            "Sends SNMP requests without authentication.");
+
+    // SNMPv3 encryption
+    public static final AllowableValue DES = new AllowableValue("DES", "DES",
+            "Symmetric-key algorithm for the encryption of digital data.");
+    public static final AllowableValue DES3 = new AllowableValue("3DES", 
"3DES",
+            "Symmetric-key block cipher, which applies the DES cipher 
algorithm three times to each data block.");
+
+    private static final String AES_DESCRIPTION = "AES is a symmetric 
algorithm which uses the same 128, 192, or 256 bit" +
+            " key for both encryption and decryption (the security of an AES 
system increases exponentially with key length).";
+
+    public static final AllowableValue AES128 = new AllowableValue("AES128", 
"AES128", AES_DESCRIPTION);
+    public static final AllowableValue AES192 = new AllowableValue("AES192", 
"AES192", AES_DESCRIPTION);
+    public static final AllowableValue AES256 = new AllowableValue("AES256", 
"AES256", AES_DESCRIPTION);
+    public static final AllowableValue NO_ENCRYPTION = new AllowableValue("", 
"None",
+            "Sends SNMP requests without encryption.");
+
+
+    public static final PropertyDescriptor AGENT_HOST = new 
PropertyDescriptor.Builder()
             .name("snmp-hostname")
-            .displayName("Host Name")
-            .description("Network address of SNMP Agent (e.g., localhost)")
+            .displayName("SNMP Agent Hostname")
+            .description("Network address of the SNMP Agent.")
             .required(true)
             .defaultValue("localhost")
-            .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
+            .addValidator(StandardValidators.NETWORK_ADDRESS_VALIDATOR)
             .build();
 
-    /** property to define port of the SNMP agent */
-    public static final PropertyDescriptor PORT = new 
PropertyDescriptor.Builder()
+    public static final PropertyDescriptor AGENT_PORT = new 
PropertyDescriptor.Builder()
             .name("snmp-port")
-            .displayName("Port")
-            .description("Numeric value identifying Port of SNMP Agent (e.g., 
161)")
+            .displayName("SNMP Agent Port")
+            .description("Numeric value identifying the port of SNMP Agent.")
             .required(true)
             .defaultValue("161")
             .addValidator(StandardValidators.PORT_VALIDATOR)
             .build();
 
-    /** property to define SNMP version to use */
     public static final PropertyDescriptor SNMP_VERSION = new 
PropertyDescriptor.Builder()
             .name("snmp-version")
             .displayName("SNMP Version")
-            .description("SNMP Version to use")
+            .description("Three significant versions of SNMP have been 
developed and deployed. " +
+                    "SNMPv1 is the original version of the protocol. More 
recent versions, " +
+                    "SNMPv2c and SNMPv3, feature improvements in performance, 
flexibility and security.")
             .required(true)
-            .allowableValues("SNMPv1", "SNMPv2c", "SNMPv3")
-            .defaultValue("SNMPv1")
+            .allowableValues(SNMP_V1, SNMP_V2C, SNMP_V3)
+            .defaultValue(SNMP_V1.getValue())
             .build();
 
-    /** property to define SNMP community to use */
     public static final PropertyDescriptor SNMP_COMMUNITY = new 
PropertyDescriptor.Builder()

Review comment:
       SNMP Community should be marked as a sensitive property since it serves 
authentication purposes.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [nifi] exceptionfactory commented on a change in pull request #5028: NIFI-8325: Complete SNMP refactor: SNMP GET and SET processors rework, unit tests added

Reply via email to