Tamas Palfy created NIFI-12862:
----------------------------------
Summary: FlowAnalysisResults should leak anauthorized component
details
Key: NIFI-12862
URL: https://issues.apache.org/jira/browse/NIFI-12862
Project: Apache NiFi
Issue Type: Bug
Reporter: Tamas Palfy
The FlowAnalysisResultEntity hold FlowAnalysisRuleViolationDTO that contain the
name of a violating component as a message describing the violation. This
usually contains details about the violating component.
A user can see these even if they don't have read permission for that
particular component.
In clustered environment the request merger filters out such violations but in
a non-clustered environment there is no such filtering phase.
The FlowAnalysisRuleViolationDTO itself should be built accordingly and leave
certain details blank when the user lacks read permissions.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
