joewitt commented on code in PR #8853:
URL: https://github.com/apache/nifi/pull/8853#discussion_r1607193613
##########
nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java:
##########
@@ -4116,7 +4117,16 @@ private List<ThreadDumpDTO> createThreadDumpDtos(final
ProcessorNode procNode) {
return threadDumps;
}
- /**
+ // Pattern to match a parameter reference i.e. "#{anything}"
+ private static final Pattern PARAMETER_REFERENCE =
Pattern.compile("^#\\{.*}$");
Review Comment:
This seems like a fairly dangerous direction as-is. What we're trying to
assess isn't simply a string pattern which tells us the value is safe. What we
want to know is if a user specifically set a given property to be a parameter
reference and only a parameter reference. If it was then we can show the
parameter reference. If it was not a parameter reference or not meant to be
then we should not show it.
String comparison seems like a problematic path here.
It is extremely important a feature like this is done carefully. We should
be able to improve the user experience but we cannot do so at the expense of
exposing anything unintentionally.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
