[
https://issues.apache.org/jira/browse/NIFI-12599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17806118#comment-17806118
]
Pierre Villard commented on NIFI-12599:
---------------------------------------
A processor or controller service that requires to read a specific
configuration file on the filesystem for its proper usage is totally fine. The
problem here is really that the configured file could end up as the content of
a flow file. If you do see a component for which a malicious user could use its
configuration with a file to load the content of that file in the content of a
flow file, please let us know.
> Add proper restrictions on some lookup controller services
> ----------------------------------------------------------
>
> Key: NIFI-12599
> URL: https://issues.apache.org/jira/browse/NIFI-12599
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Reporter: Pierre Villard
> Assignee: Pierre Villard
> Priority: Major
> Fix For: 1.25.0, 2.0.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Some lookup controller services requires to have the proper restrictions as
> they access the local file system for reading some files:
> * XMLFileLookupService
> * SimpleCsvFileLookupService
> * PropertiesFileLookupService
> * CSVRecordLookupService
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
