jrsteinebrey commented on code in PR #8853:
URL: https://github.com/apache/nifi/pull/8853#discussion_r1607296117
##########
nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java:
##########
@@ -4116,7 +4117,16 @@ private List<ThreadDumpDTO> createThreadDumpDtos(final
ProcessorNode procNode) {
return threadDumps;
}
- /**
+ // Pattern to match a parameter reference i.e. "#{anything}"
+ private static final Pattern PARAMETER_REFERENCE =
Pattern.compile("^#\\{.*}$");
Review Comment:
Yes, this PR changes the results of one REST API call for all callers.
The code could add a query parameter which if omitted will work as before to
always return obfuscated. If the new query param is specified , then it would
use the new concept of returning parameter references in readable form instead
of obfuscated. Would that be a good interface?
I can change to use nifi-parameter functions to validate it is meant to be a
parameter. Earlier comments raises these questions:
1) Does a parameter reference need to match an existing parameter for us to
show it as the sensitive property value?
2) Does the logged in user have to have permission to read the associated
parameter for the associated parameter reference to be displayed as a sensitive
property value?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
