[
https://issues.apache.org/jira/browse/NIFI-7001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann resolved NIFI-7001.
------------------------------------
Fix Version/s: 1.13.0
Resolution: Fixed
> Guard against loading/operating on/serializing large files in EC toolkit
> ------------------------------------------------------------------------
>
> Key: NIFI-7001
> URL: https://issues.apache.org/jira/browse/NIFI-7001
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Tools and Build
> Affects Versions: 1.10.0
> Reporter: Andy LoPresto
> Priority: Major
> Labels: documentation, security, toolkit, validation
> Fix For: 1.13.0
>
>
> The EC toolkit did not anticipate the possibility of a {{flow.xml.gz}} on the
> order of magnitude of 700 MB. Many serialization/deserialization and string
> manipulation operations occur assuming that the content is of manageable
> size. Users have demonstrated that this is not a safe assumption.
> We should introduce the following protections:
> # log debug/info statements at file load, encrypt replacement and file write
> for the size of the content for visibility
> # simple conditional checks at file load to ensure the heap is properly sized
> and the file content size is reasonable
> # if the size is too large, print a helpful message and direct users to the
> Toolkit Guide for further information
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
