greyp9 commented on code in PR #5986: URL: https://github.com/apache/nifi/pull/5986#discussion_r855293739
########## nifi-commons/nifi-xml-processing/src/main/java/org/apache/nifi/xml/processing/ProcessingAttribute.java: ########## @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.xml.processing; + +import javax.xml.XMLConstants; + +/** + * XML Processing Attributes + */ +public enum ProcessingAttribute { + /** Access External Document Type Declaration with all protocols disabled */ + ACCESS_EXTERNAL_DTD(XMLConstants.ACCESS_EXTERNAL_DTD, ""), + + /** Access External Stylesheet with all protocols disabled */ Review Comment: ```suggestion /** Access External Stylesheet with an empty string to deny all access to external references */ ``` same thing here ########## nifi-commons/nifi-xml-processing/src/main/java/org/apache/nifi/xml/processing/ProcessingAttribute.java: ########## @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.xml.processing; + +import javax.xml.XMLConstants; + +/** + * XML Processing Attributes + */ +public enum ProcessingAttribute { + /** Access External Document Type Declaration with all protocols disabled */ Review Comment: ```suggestion /** Access External Document Type Declaration with an empty string to deny all access to external references */ ``` - https://docs.oracle.com/javase/8/docs/api/javax/xml/XMLConstants.html#ACCESS_EXTERNAL_DTD I think it is clearer. ########## nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/EvaluateXPath.java: ########## @@ -381,48 +380,6 @@ public void onTrigger(final ProcessContext context, final ProcessSession session } } - private void doTransform(final Source sourceNode, OutputStream out) throws TransformerFactoryConfigurationError, TransformerException { - final Transformer transformer; - try { - transformer = TransformerFactory.newInstance().newTransformer(); - } catch (final Exception e) { - throw new ProcessException(e); - } - - final Properties props = new Properties(); - props.setProperty(OutputKeys.METHOD, "xml"); - props.setProperty(OutputKeys.INDENT, "no"); - props.setProperty(OutputKeys.OMIT_XML_DECLARATION, "no"); - transformer.setOutputProperties(props); - - final ComponentLog logger = getLogger(); - - final AtomicReference<TransformerException> error = new AtomicReference<>(null); Review Comment: Maybe also a test case exercising in StandardTransformProviderTest. ########## nifi-commons/nifi-xml-processing/src/main/java/org/apache/nifi/xml/processing/transform/StandardTransformProvider.java: ########## @@ -0,0 +1,118 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.xml.processing.transform; + +import org.apache.nifi.xml.processing.ProcessingAttribute; +import org.apache.nifi.xml.processing.ProcessingException; + +import javax.xml.XMLConstants; +import javax.xml.transform.OutputKeys; +import javax.xml.transform.Result; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerConfigurationException; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import java.util.Objects; + +/** + * Standard implementation of Transform Provider with secure processing enabled + */ +public class StandardTransformProvider implements TransformProvider { + private static final boolean SECURE_PROCESSING_ENABLED = true; + + private static final String ENABLED_PROPERTY = "yes"; + + private static final String INDENT_AMOUNT_OUTPUT_KEY = "{http://xml.apache.org/xslt}indent-amount";; + + private static final String INDENT_AMOUNT = "2"; + + private boolean indent; + + private boolean omitXmlDeclaration; + + private String method; + + /** + * Set Indent Status + * + * @param indent Indent Status + */ + public void setIndent(final boolean indent) { + this.indent = indent; + } + + /** + * Set Output Method + * + * @param method Method or null when default configuration should be used + */ + public void setMethod(final String method) { + this.method = method; + } + + /** + * Set Omit XML Declaration + * + * @param omitXmlDeclaration Omit XML Declaration + */ + public void setOmitXmlDeclaration(final boolean omitXmlDeclaration) { + this.omitXmlDeclaration = omitXmlDeclaration; + } + + /** + * Transform Source to Result + * + * @param source Source to be transformed + * @param result Result containing transformed information + */ + @Override + public void transform(final Source source, final Result result) { + Objects.requireNonNull(source, "Source required"); + Objects.requireNonNull(result, "Result required"); + + final TransformerFactory transformerFactory = TransformerFactory.newInstance(); + final Transformer transformer; + try { + transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ProcessingAttribute.ACCESS_EXTERNAL_DTD.getValue()); + transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ProcessingAttribute.ACCESS_EXTERNAL_STYLESHEET.getValue()); + transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, SECURE_PROCESSING_ENABLED); Review Comment: I've created a JIRA to capture the potential refactor of this module to use something like `trySet` and `quietSet`. I find that a neat solution to this specific problem. Thanks for sharing! For this PR, I think the current solution fits in well with the other work recently done to consolidate XML processing, and doesn't preclude potential improvements in the future. ########## nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/util/FlowParser.java: ########## @@ -278,13 +278,14 @@ private List<PortDTO> getPorts(final Element element, final String type) { * @param flowDocument flowDocument of the associated XML content to write to disk * @param flowXmlPath path on disk to write the flow * @throws IOException if there are issues in accessing the target destination for the flow - * @throws TransformerException if there are issues in the xml transformation process */ - public void writeFlow(final Document flowDocument, final Path flowXmlPath) throws IOException, TransformerException { + public void writeFlow(final Document flowDocument, final Path flowXmlPath) throws IOException { Review Comment: I was going to ask about caller handling of the unchecked exception, but it doesn't look like this is in use? ########## nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/EvaluateXPath.java: ########## @@ -381,48 +380,6 @@ public void onTrigger(final ProcessContext context, final ProcessSession session } } - private void doTransform(final Source sourceNode, OutputStream out) throws TransformerFactoryConfigurationError, TransformerException { - final Transformer transformer; - try { - transformer = TransformerFactory.newInstance().newTransformer(); - } catch (final Exception e) { - throw new ProcessException(e); - } - - final Properties props = new Properties(); - props.setProperty(OutputKeys.METHOD, "xml"); - props.setProperty(OutputKeys.INDENT, "no"); - props.setProperty(OutputKeys.OMIT_XML_DECLARATION, "no"); - transformer.setOutputProperties(props); - - final ComponentLog logger = getLogger(); - - final AtomicReference<TransformerException> error = new AtomicReference<>(null); Review Comment: Should StandardTransformProvider support the specification of an error listener? I don't think we need to worry about a default implementation. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
