Andy LoPresto created NIFI-4274:
-----------------------------------
Summary: SSLContextService keystore and truststore location
property descriptors incorrectly attempt to evaluate EL
Key: NIFI-4274
URL: https://issues.apache.org/jira/browse/NIFI-4274
Project: Apache NiFi
Issue Type: Bug
Components: Core Framework
Affects Versions: 1.3.0
Reporter: Andy LoPresto
As reported on [Stack Overflow|https://stackoverflow.com/q/45561985/70465], the
{{StandardSSLContextService}} truststore location property descriptor would not
evaluate an environment variable containing the location of the truststore
file. The reporter said that by adding a space prior to the EL expression, it
would evaluate, but result in an invalid path because it started with a space.
Bryan Bende pointed out that this field does not support Expression Language.
While I could not reproduce this behavior, I did verify using a remote debugger
that while the field does not support EL, the [custom file validator
incorrectly attempts to evaluate
EL|https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardSSLContextService.java#L183-L183],
which is counter-indicated by the documentation and will cause issues. This
line follows immediately after comments explaining the existence of the custom
validator is because the default evaluates EL, which is not desired here.
While personally, I do not believe these fields should support EL (security
risk of the sensitive location being changed outside of NiFi with no
visibility), the documentation and actual behavior should at least agree.
The custom validator should not evaluate EL. Follow on discussion on this
ticket or the mailing list may lead to new requirements to handle EL, but this
can be implemented correctly and consistently at such time.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
