Andy LoPresto created NIFI-4274:

             Summary: SSLContextService keystore and truststore location 
property descriptors incorrectly attempt to evaluate EL
                 Key: NIFI-4274
             Project: Apache NiFi
          Issue Type: Bug
          Components: Core Framework
    Affects Versions: 1.3.0
            Reporter: Andy LoPresto

As reported on [Stack Overflow|], the 
{{StandardSSLContextService}} truststore location property descriptor would not 
evaluate an environment variable containing the location of the truststore 
file. The reporter said that by adding a space prior to the EL expression, it 
would evaluate, but result in an invalid path because it started with a space. 

Bryan Bende pointed out that this field does not support Expression Language. 

While I could not reproduce this behavior, I did verify using a remote debugger 
that while the field does not support EL, the [custom file validator 
incorrectly attempts to evaluate 
 which is counter-indicated by the documentation and will cause issues. This 
line follows immediately after comments explaining the existence of the custom 
validator is because the default evaluates EL, which is not desired here. 

While personally, I do not believe these fields should support EL (security 
risk of the sensitive location being changed outside of NiFi with no 
visibility), the documentation and actual behavior should at least agree. 

The custom validator should not evaluate EL. Follow on discussion on this 
ticket or the mailing list may lead to new requirements to handle EL, but this 
can be implemented correctly and consistently at such time. 

This message was sent by Atlassian JIRA

Reply via email to