This is an automated email from the ASF dual-hosted git repository. mattyb149 pushed a commit to branch support/nifi-1.13 in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/support/nifi-1.13 by this push: new 745485a NIFI-8274 - add EL consideration in XXEValidator 745485a is described below commit 745485a16b4f3b530fba8e7e0cdfe3f282c62b95 Author: Pierre Villard <pierre.villard...@gmail.com> AuthorDate: Mon Mar 1 22:51:41 2021 +0400 NIFI-8274 - add EL consideration in XXEValidator Signed-off-by: Matthew Burgess <mattyb...@apache.org> This closes #4859 --- .../org/apache/nifi/security/xml/XXEValidator.java | 4 +++ .../lookup/TestPropertiesFileLookupService.java | 29 ++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/XXEValidator.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/XXEValidator.java index 4d54b19..e9c54d5 100644 --- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/XXEValidator.java +++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/XXEValidator.java @@ -43,6 +43,10 @@ public class XXEValidator implements Validator { String line; boolean containsXXE = false; + if (validationContext.isExpressionLanguageSupported(subject) && validationContext.isExpressionLanguagePresent(input)) { + return new ValidationResult.Builder().subject(subject).input(input).explanation("Expression Language Present").valid(true).build(); + } + final String xmlFilePathString = xmlFilePath.toString(); logger.info("Validating {} for XXE attack", xmlFilePathString); diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/test/java/org/apache/nifi/lookup/TestPropertiesFileLookupService.java b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/test/java/org/apache/nifi/lookup/TestPropertiesFileLookupService.java index 3301302..0113d0d 100644 --- a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/test/java/org/apache/nifi/lookup/TestPropertiesFileLookupService.java +++ b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/test/java/org/apache/nifi/lookup/TestPropertiesFileLookupService.java @@ -60,4 +60,33 @@ public class TestPropertiesFileLookupService { assertEquals(EMPTY_STRING, property3); } + @Test + public void testPropertiesFileLookupServiceVariable() throws InitializationException, LookupFailureException { + final TestRunner runner = TestRunners.newTestRunner(TestProcessor.class); + final PropertiesFileLookupService service = new PropertiesFileLookupService(); + + runner.setVariable("myFile", "src/test/resources/test.properties"); + + runner.addControllerService("properties-file-lookup-service", service); + runner.setProperty(service, PropertiesFileLookupService.CONFIGURATION_FILE, "${myFile}"); + runner.enableControllerService(service); + runner.assertValid(service); + + final PropertiesFileLookupService lookupService = + (PropertiesFileLookupService) runner.getProcessContext() + .getControllerServiceLookup() + .getControllerService("properties-file-lookup-service"); + + assertThat(lookupService, instanceOf(LookupService.class)); + + final Optional<String> property1 = lookupService.lookup(Collections.singletonMap("key", "property.1")); + assertEquals(Optional.of("this is property 1"), property1); + + final Optional<String> property2 = lookupService.lookup(Collections.singletonMap("key", "property.2")); + assertEquals(Optional.of("this is property 2"), property2); + + final Optional<String> property3 = lookupService.lookup(Collections.singletonMap("key", "property.3")); + assertEquals(EMPTY_STRING, property3); + } + }