github-advanced-security[bot] commented on code in PR #10522:
URL: https://github.com/apache/nifi/pull/10522#discussion_r2520049874
##########
nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/util/SiteToSiteRestApiClient.java:
##########
@@ -1432,50 +665,80 @@
urlBuilder.append("&checksum=").append(checksum);
}
- final HttpDelete delete = createDelete(urlBuilder.toString());
- delete.setHeader("Accept", "application/json");
- delete.setHeader(HttpHeaders.PROTOCOL_VERSION,
String.valueOf(transportProtocolVersionNegotiator.getVersion()));
-
- setHandshakeProperties(delete);
-
- try (CloseableHttpResponse response = getHttpClient().execute(delete))
{
- final int responseCode = response.getStatusLine().getStatusCode();
- logger.debug("commitReceivingFlowFiles responseCode={}",
responseCode);
+ final HttpRequest.Builder requestBuilder =
HttpRequest.newBuilder(getUri(urlBuilder.toString())).DELETE();
+ requestBuilder.setHeader(ACCEPT_HEADER, APPLICATION_JSON);
- try (InputStream content = response.getEntity().getContent()) {
- return switch (responseCode) {
- case RESPONSE_CODE_OK -> readResponse(content);
- case RESPONSE_CODE_BAD_REQUEST -> readResponse(content);
- default -> throw handleErrResponse(responseCode, content);
- };
- }
+ final HttpResponse<InputStream> response = sendRequest(requestBuilder);
+ final int responseCode = response.statusCode();
+ try (InputStream content = response.body()) {
+ return switch (responseCode) {
+ case HTTP_OK, HTTP_BAD_REQUEST -> readResponse(content);
+ default -> throw handleErrResponse(responseCode, content);
+ };
}
-
}
public TransactionResultEntity commitTransferFlowFiles(final String
transactionUrl, final ResponseCode clientResponse) throws IOException {
final String requestUrl = transactionUrl + "?responseCode=" +
clientResponse.getCode();
logger.debug("Sending commitTransferFlowFiles request to
transactionUrl: {}", requestUrl);
- final HttpDelete delete = createDelete(requestUrl);
- delete.setHeader("Accept", "application/json");
- delete.setHeader(HttpHeaders.PROTOCOL_VERSION,
String.valueOf(transportProtocolVersionNegotiator.getVersion()));
+ final HttpRequest.Builder requestBuilder =
HttpRequest.newBuilder(getUri(requestUrl)).DELETE();
+ requestBuilder.setHeader(ACCEPT_HEADER, APPLICATION_JSON);
- setHandshakeProperties(delete);
+ final HttpResponse<InputStream> response = sendRequest(requestBuilder);
+ final int responseCode = response.statusCode();
+ try (InputStream content = response.body()) {
+ return switch (responseCode) {
+ case HTTP_OK, HTTP_BAD_REQUEST -> readResponse(content);
+ default -> throw handleErrResponse(responseCode, content);
+ };
+ }
+ }
- try (CloseableHttpResponse response = getHttpClient().execute(delete))
{
- final int responseCode = response.getStatusLine().getStatusCode();
- logger.debug("commitTransferFlowFiles responseCode={}",
responseCode);
+ private <T> T send(final HttpRequest.Builder requestBuilder, final
Class<T> responseClass) throws IOException {
+ requestBuilder.setHeader(ACCEPT_HEADER, APPLICATION_JSON);
+ final HttpResponse<InputStream> response = sendRequest(requestBuilder);
+ final int statusCode = response.statusCode();
- try (InputStream content = response.getEntity().getContent()) {
- return switch (responseCode) {
- case RESPONSE_CODE_OK -> readResponse(content);
- case RESPONSE_CODE_BAD_REQUEST -> readResponse(content);
- default -> throw handleErrResponse(responseCode, content);
- };
+ try (InputStream inputStream = response.body()) {
+ if (HTTP_OK == statusCode) {
+ return objectMapper.readValue(inputStream, responseClass);
+ } else {
+ throw new IOException("Request URI [%s] HTTP
%d".formatted(response.uri(), statusCode));
}
}
+ }
+
+ private HttpResponse<InputStream> sendRequest(final HttpRequest.Builder
requestBuilder) throws IOException {
+ setRequestHeaders(requestBuilder);
+
+ requestBuilder.setHeader(HttpHeaders.PROTOCOL_VERSION,
String.valueOf(transportProtocolVersionNegotiator.getVersion()));
+ requestBuilder.timeout(Duration.ofMillis(readTimeoutMillis));
+
+ final HttpRequest request = requestBuilder.build();
+
+ try {
+ final HttpResponse<InputStream> response =
httpClient.send(request, HttpResponse.BodyHandlers.ofInputStream());
Review Comment:
## Server-side request forgery
Potential server-side request forgery due to a [user-provided value](1).
[Show more details](https://github.com/apache/nifi/security/code-scanning/85)
##########
nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/util/SiteToSiteRestApiClient.java:
##########
@@ -436,234 +279,61 @@
}
}
- private HttpGet createGetControllerRequest() {
- final HttpGet get = createGet("/site-to-site");
- get.setHeader(HttpHeaders.PROTOCOL_VERSION,
String.valueOf(transportProtocolVersionNegotiator.getVersion()));
- return get;
- }
-
public Collection<PeerDTO> getPeers() throws IOException {
- final HttpGet get = createGet("/site-to-site/peers");
- get.setHeader(HttpHeaders.PROTOCOL_VERSION,
String.valueOf(transportProtocolVersionNegotiator.getVersion()));
- return execute(get, PeersEntity.class).getPeers();
+ final HttpRequest.Builder requestBuilder =
HttpRequest.newBuilder(getUri("/site-to-site/peers"));
Review Comment:
## Server-side request forgery
Potential server-side request forgery due to a [user-provided value](1).
[Show more details](https://github.com/apache/nifi/security/code-scanning/84)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
