[
https://issues.apache.org/jira/browse/NIFI-10674?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620628#comment-17620628
]
Joe Witt commented on NIFI-10674:
---------------------------------
Hello. If this were a security issues or a suspected one please follow the
guidance here https://nifi.apache.org/security.html.
For this case this is an authorized user using the system as intended/designed.
A parameter in a given parameter context or even component properties which
are sensitive does not mean the sensitive value is not accessible to authorized
users and executed code. It simply means we will not return/expose the
sensitive value in how we handle the data/present it in the UI/CLI/etc. and in
all cases we store it/etc.. we will do so in a manner which protects the
sensitive values. However, an authorized user can certainly choose to extract
and expose that value in another mechanism as you're showing with the EL
statement here. It could also be done by an authorized user deploying a
processor with custom Java code that accesses these values and writes them out
to the log or puts in the flowfile or otherwise. It could also be done
deploying one of the scripted processors and accessing the API provided to pull
the values. The sensitivity means we'll keep it safe in the context of the
application but authorized users doing their thing is another matter. They too
have to be aware of how they expose the values just like code they can readily
deploy. We audit what those authorized users do/change to help track such
cases as well.
Thanks
> Sensitive parameter reveal in evaluateELString
> ----------------------------------------------
>
> Key: NIFI-10674
> URL: https://issues.apache.org/jira/browse/NIFI-10674
> Project: Apache NiFi
> Issue Type: Bug
> Components: Security, Variable Registry
> Affects Versions: 1.18.0
> Reporter: Gogolev Sergey
> Priority: Minor
> Labels: security
> Attachments: image-2022-10-20-00-06-19-498.png,
> image-2022-10-20-00-07-20-476.png, image-2022-10-20-00-08-52-510.png,
> image-2022-10-20-00-09-57-913.png
>
>
> Not sure it's bug, but security breach. With expression language i can view
> content of sensitive parameter from parameter context. For example:
> # Create parameter context with sensitive parameter
> !image-2022-10-20-00-06-19-498.png!
> # Create variable with name of this sensitive parameter #\{sample}
> !image-2022-10-20-00-07-20-476.png!
> # Create simple flow with EL expression: ${secret:evaluateELString()}
> !image-2022-10-20-00-08-52-510.png!
> # Content of this flowfile will contain sensitive value from parameter
> !image-2022-10-20-00-09-57-913.png!
> I suppose evaluateELString shouldn't access to sensitive parameters.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
