szaszm commented on code in PR #1708: URL: https://github.com/apache/nifi-minifi-cpp/pull/1708#discussion_r1426968034
########## libminifi/src/core/FlowConfiguration.cpp: ########## @@ -174,4 +180,21 @@ std::shared_ptr<core::controller::ControllerServiceNode> FlowConfiguration::crea return controllerServicesNode; } +std::string FlowConfiguration::decryptProperty(const std::string& encrypted_value) const { + static constexpr std::string_view WrapperBegin = "enc{"; + static constexpr std::string_view WrapperEnd = "}"; + + if (!(encrypted_value.starts_with(WrapperBegin) && encrypted_value.ends_with(WrapperEnd))) { + // this is normal: sensitive properties come from the C2 server in cleartext over TLS + return encrypted_value; + } + + const std::string unwrapped_value = encrypted_value.substr(WrapperBegin.size(), encrypted_value.length() - (WrapperBegin.size() + WrapperEnd.size())); + return sensitive_properties_encryptor_.decrypt(unwrapped_value); Review Comment: I think it would be better to change this snippet and the encryption providers to pass the data as `std::string_view` instead of `const std::string&`. If you think this change has its place in this PR, consider changing it. If not, maybe just this `decryptProperty` function can be changed to take `std::string_view`, it makes a copy of the value (substring) anyway. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org