[
https://issues.apache.org/jira/browse/NIFI-4761?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16331679#comment-16331679
]
ASF GitHub Bot commented on NIFI-4761:
--------------------------------------
Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2415#discussion_r162529104
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/groovy/org/apache/nifi/properties/StandardNiFiPropertiesGroovyTest.groovy
---
@@ -433,4 +433,134 @@ class StandardNiFiPropertiesGroovyTest extends
GroovyTestCase {
// Assert
assert normalizedContextPath == empty
}
+
+ @Test
+ void testShouldNormalizeProxyHostProperty() {
+ // Arrange
+ String extraSpaceHostname = "somehost.com "
+ Properties rawProps = new Properties(["nifi.web.proxy.host":
extraSpaceHostname])
+ NiFiProperties props = new StandardNiFiProperties(rawProps)
+ logger.info("Created a NiFiProperties instance with raw proxy host
property [${extraSpaceHostname}]")
+
+ // Act
+ String normalizedHostname = props.getWhitelistedHosts()
+ logger.info("Read from NiFiProperties instance:
${normalizedHostname}")
+
+ // Assert
+ assert extraSpaceHostname.startsWith(normalizedHostname)
+ assert extraSpaceHostname.length() == normalizedHostname.length()
+ 2
+ }
+
+ @Test
+ void testShouldHandleNormalizedProxyHostProperty() {
+ // Arrange
+ String hostname = "somehost.com"
+ Properties rawProps = new Properties(["nifi.web.proxy.host":
hostname])
+ NiFiProperties props = new StandardNiFiProperties(rawProps)
+ logger.info("Created a NiFiProperties instance with raw proxy host
property [${hostname}]")
+
+ // Act
+ String normalizedHostname = props.getWhitelistedHosts()
+ logger.info("Read from NiFiProperties instance:
${normalizedHostname}")
+
+ // Assert
+ assert hostname == normalizedHostname
+ }
+
+ @Test
+ void testShouldNormalizeMultipleProxyHostsInProperty() {
+ // Arrange
+ String extraSpaceHostname = "somehost.com "
+ String normalHostname = "someotherhost.com"
+ String hostnameWithPort = "otherhost.com:1234"
+ String extraSpaceHostnameWithPort = " anotherhost.com:9999"
+ List<String> hosts = [extraSpaceHostname, normalHostname,
hostnameWithPort, extraSpaceHostnameWithPort]
+ String combinedHosts = hosts.join(",")
+ Properties rawProps = new Properties(["nifi.web.proxy.host":
combinedHosts])
+ NiFiProperties props = new StandardNiFiProperties(rawProps)
+ logger.info("Created a NiFiProperties instance with raw proxy host
property [${combinedHosts}]")
+
+ // Act
+ String normalizedHostname = props.getWhitelistedHosts()
+ logger.info("Read from NiFiProperties instance:
${normalizedHostname}")
+
+ // Assert
+ def splitHosts = normalizedHostname.split(",")
+ def expectedValues = hosts*.trim()
+ splitHosts.every {
+ assert it.trim() == it
+ expectedValues.contains(it)
--- End diff --
Should be `assert expectedValues.contains(it)`.
> Allow whitelisting expected Host values
> ---------------------------------------
>
> Key: NIFI-4761
> URL: https://issues.apache.org/jira/browse/NIFI-4761
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Reporter: Matt Gilman
> Assignee: Andy LoPresto
> Priority: Major
>
> NiFi has been updated to only accept requests where the Host header contains
> an expected value. Currently, the expected values are driven by the .host
> properties in nifi.properties. When running behind a proxy, the value may be
> the proxy host if the headers simply pass through. In this scenario, we
> should offer the ability to whitelist values in case updating the proxy
> configuration isn't possible.
> Also, the proxy documentation in the admin guide should be updated to include
> details regarding the Host name whitelisting. Also, should verify the context
> path whitelisting is documented there.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
