exceptionfactory commented on a change in pull request #5324:
URL: https://github.com/apache/nifi/pull/5324#discussion_r737823607
##########
File path:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ValidateXml.java
##########
@@ -134,32 +157,74 @@ public void onTrigger(final ProcessContext context, final
ProcessSession session
}
final Schema schema = schemaRef.get();
- final Validator validator = schema.newValidator();
+ final Validator validator = schema == null ? null :
schema.newValidator();
final ComponentLog logger = getLogger();
+ final boolean attributeContainsXML =
context.getProperty(XML_SOURCE_ATTRIBUTE).isSet();
for (FlowFile flowFile : flowFiles) {
final AtomicBoolean valid = new AtomicBoolean(true);
- final AtomicReference<Exception> exception = new
AtomicReference<Exception>(null);
-
- session.read(flowFile, new InputStreamCallback() {
- @Override
- public void process(final InputStream in) throws IOException {
- try {
- validator.validate(new StreamSource(in));
- } catch (final IllegalArgumentException | SAXException e) {
- valid.set(false);
- exception.set(e);
+ final AtomicReference<Exception> exception = new
AtomicReference<>(null);
+ final DocumentBuilderFactory factory =
DocumentBuilderFactory.newInstance();
+ factory.setValidating(false);
+ factory.setNamespaceAware(true);
Review comment:
This configuration creates a potential security vulnerability related to
allowing resolution of external entities. This should be replaced with
`SafeXMLConfiguration.createDocumentBuilder()`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
