[GitHub] [nifi] exceptionfactory commented on a diff in pull request #6230: NIFI-10260 Improve the display name and description of Validate DTD property

GitBox Thu, 21 Jul 2022 10:14:53 -0700


exceptionfactory commented on code in PR #6230:
URL: https://github.com/apache/nifi/pull/6230#discussion_r926913425



##########
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/EvaluateXPath.java:
##########
@@ -129,8 +129,10 @@ public class EvaluateXPath extends AbstractProcessor {
             .build();
 
     public static final PropertyDescriptor VALIDATE_DTD = new 
PropertyDescriptor.Builder()
+            .displayName("Allow Document Type Declaration")

Review Comment:
   Recommend naming this `Allow DTD` to keep it similar to the previous name.
   ```suggestion
               .displayName("Allow DTD")
   ```



##########
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/EvaluateXPath.java:
##########
@@ -129,8 +129,10 @@ public class EvaluateXPath extends AbstractProcessor {
             .build();
 
     public static final PropertyDescriptor VALIDATE_DTD = new 
PropertyDescriptor.Builder()
+            .displayName("Allow Document Type Declaration")
             .name("Validate DTD")
-            .description("Specifies whether or not the XML content should be 
validated against the DTD.")
+            .description("When enabled, Embedded Document Type Declaration 
will be allowed and it will be used for the XML content validation. "
+                    + "Because of security reasons it is advised to disable 
this feature.")

Review Comment:
   Recommend adjusting the wording to clarify the security implications.
   ```suggestion
               .description("Allow embedded Document Type Declaration in XML. "
                       + "This feature should be disabled to avoid XML entity 
expansion vulnerabilities.")
   ```



##########
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/EvaluateXQuery.java:
##########
@@ -144,8 +144,10 @@ public class EvaluateXQuery extends AbstractProcessor {
             .build();
 
     public static final PropertyDescriptor VALIDATE_DTD = new 
PropertyDescriptor.Builder()
+            .displayName("Allow Document Type Declaration")

Review Comment:
   ```suggestion
               .displayName("Allow DTD")
   ```



##########
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/EvaluateXQuery.java:
##########
@@ -144,8 +144,10 @@ public class EvaluateXQuery extends AbstractProcessor {
             .build();
 
     public static final PropertyDescriptor VALIDATE_DTD = new 
PropertyDescriptor.Builder()
+            .displayName("Allow Document Type Declaration")
             .name("Validate DTD")
-            .description("Specifies whether or not the XML content should be 
validated against the DTD.")
+            .description("When enabled, Embedded Document Type Declaration 
will be allowed and it will be used for the XML content validation. "
+                    + "Because of security reasons it is advised to disable 
this feature.")

Review Comment:
   ```suggestion
               .description("Allow embedded Document Type Declaration in XML. "
                       + "This feature should be disabled to avoid XML entity 
expansion vulnerabilities.")
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [nifi] exceptionfactory commented on a diff in pull request #6230: NIFI-10260 Improve the display name and description of Validate DTD property

Reply via email to