[jira] [Commented] (NIFI-5147) Improve HashAttribute processor

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/NIFI-5147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16529057#comment-16529057
 ] 

ASF GitHub Bot commented on NIFI-5147:
--------------------------------------

Github user MikeThomsen commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2802#discussion_r199346966
  
    --- Diff: 
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestCalculateAttributeHash.java
 ---
    @@ -0,0 +1,93 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one or more
    + * contributor license agreements.  See the NOTICE file distributed with
    + * this work for additional information regarding copyright ownership.
    + * The ASF licenses this file to You under the Apache License, Version 2.0
    + * (the "License"); you may not use this file except in compliance with
    + * the License.  You may obtain a copy of the License at
    + *
    + *     http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.nifi.processors.standard;
    +
    +import org.apache.commons.codec.binary.Hex;
    +import org.apache.commons.codec.digest.DigestUtils;
    +import org.apache.nifi.util.MockFlowFile;
    +import org.apache.nifi.util.TestRunner;
    +import org.apache.nifi.util.TestRunners;
    +import org.junit.Assert;
    +import org.junit.Test;
    +
    +import java.util.HashMap;
    +import java.util.List;
    +import java.util.Map;
    +
    +public class TestCalculateAttributeHash {
    +
    +    @Test
    +    public void testMD2() throws Exception {
    +        testAlgorithm("MD2");
    +    }
    +
    +    @Test
    +    public void testMD5() throws Exception {
    +        testAlgorithm("MD5");
    +    }
    +
    +    @Test
    +    public void testSHA1() throws Exception {
    +        testAlgorithm("SHA-1");
    +    }
    +
    +    @Test
    +    public void testSHA256() throws Exception {
    +        testAlgorithm("SHA-256");
    +    }
    +
    +    @Test
    +    public void testSHA384() throws Exception {
    +        testAlgorithm("SHA-384");
    +    }
    +
    +    @Test
    +    public void testSHA512() throws Exception {
    +        testAlgorithm("SHA-512");
    +    }
    +
    +    public void testAlgorithm(String algorithm) {
    +        final TestRunner runner = TestRunners.newTestRunner(new 
CalculateAttributeHash());
    +        
runner.setProperty(CalculateAttributeHash.HASH_ALGORITHM.getName(), algorithm);
    +        runner.setProperty("name", String.format("%s_%s", "name", 
algorithm));
    +        runner.setProperty("value", String.format("%s_%s", "value", 
algorithm));
    +
    +        final Map<String, String> attributeMap = new HashMap<>();
    +        attributeMap.put("name", "abcdefg");
    +        attributeMap.put("value", "hijklmnop");
    +        runner.enqueue(new byte[0], attributeMap);
    +
    +        final Map<String, String> missingAttributeMap = new HashMap<>();
    +        missingAttributeMap.put("name", "foo");
    +        runner.enqueue(new byte[0], missingAttributeMap);
    +        runner.run(2);
    +
    +        runner.assertTransferCount(HashAttribute.REL_FAILURE, 1);
    +        runner.assertTransferCount(HashAttribute.REL_SUCCESS, 1);
    +
    +        final List<MockFlowFile> success = 
runner.getFlowFilesForRelationship(HashAttribute.REL_SUCCESS);
    +        final Map<String, Integer> correlationCount = new HashMap<>();
    +
    +        for (final MockFlowFile flowFile : success) {
    +            
Assert.assertEquals(flowFile.getAttribute(String.format("%s_%s", "name", 
algorithm)),
    +                    
Hex.encodeHexString(DigestUtils.getDigest(algorithm).digest("abcdefg".getBytes(CalculateAttributeHash.UTF8))));
    +            
Assert.assertEquals(flowFile.getAttribute(String.format("%s_%s", "value", 
algorithm)),
    --- End diff --
    
    I think this backwards in the parameter order.


> Improve HashAttribute processor
> -------------------------------
>
>                 Key: NIFI-5147
>                 URL: https://issues.apache.org/jira/browse/NIFI-5147
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>    Affects Versions: 1.6.0
>            Reporter: Andy LoPresto
>            Assignee: Otto Fowler
>            Priority: Major
>              Labels: hash, security
>
> The {{HashAttribute}} processor currently has surprising behavior. Barring 
> familiarity with the processor, a user would expect {{HashAttribute}} to 
> generate a hash value over one or more attributes. Instead, the processor as 
> it is implemented "groups" incoming flowfiles into groups based on regular 
> expressions which match attribute values, and then generates a 
> (non-configurable) MD5 hash over the concatenation of the matching attribute 
> keys and values. 
> In addition:
> * the processor throws an error and routes to failure any incoming flowfile 
> which does not have all attributes specified in the processor
> * the use of MD5 is vastly deprecated
> * no other hash algorithms are available
> I am unaware of community use of this processor, but I do not want to break 
> backward compatibility. I propose the following steps:
> * Implement a new {{CalculateAttributeHash}} processor (awkward name, but 
> this processor already has the desired name)
> ** This processor will perform the "standard" use case -- identify an 
> attribute, calculate the specified hash over the value, and write it to an 
> output attribute
> ** This processor will have a required property descriptor allowing a 
> dropdown menu of valid hash algorithms
> ** This processor will accept arbitrary dynamic properties identifying the 
> attributes to be hashed as a key, and the resulting attribute name as a value
> ** Example: I want to generate a SHA-512 hash on the attribute {{username}}, 
> and a flowfile enters the processor with {{username}} value {{alopresto}}. I 
> configure {{algorithm}} with {{SHA-512}} and add a dynamic property 
> {{username}} -- {{username_SHA512}}. The resulting flowfile will have 
> attribute {{username_SHA512}} with value 
> {{739b4f6722fb5de20125751c7a1a358b2a7eb8f07e530e4bf18561fbff93234908aa9d2577770c876bca9ede5ba784d5ce6081dbbdfe5ddd446678f223b8d632}}
> * Improve the documentation of this processor to explain the goal/expected 
> use case (?)
> * Link in processor documentation to new processor for standard use cases
> * Remove the error alert when an incoming flowfile does not contain all 
> expected attributes. I propose changing the severity to INFO and still 
> routing to failure



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)