szaszm commented on code in PR #1708:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1708#discussion_r1426968034
##########
libminifi/src/core/FlowConfiguration.cpp:
##########
@@ -174,4 +180,21 @@ std::shared_ptr<core::controller::ControllerServiceNode>
FlowConfiguration::crea
return controllerServicesNode;
}
+std::string FlowConfiguration::decryptProperty(const std::string&
encrypted_value) const {
+ static constexpr std::string_view WrapperBegin = "enc{";
+ static constexpr std::string_view WrapperEnd = "}";
+
+ if (!(encrypted_value.starts_with(WrapperBegin) &&
encrypted_value.ends_with(WrapperEnd))) {
+ // this is normal: sensitive properties come from the C2 server in
cleartext over TLS
+ return encrypted_value;
+ }
+
+ const std::string unwrapped_value =
encrypted_value.substr(WrapperBegin.size(), encrypted_value.length() -
(WrapperBegin.size() + WrapperEnd.size()));
+ return sensitive_properties_encryptor_.decrypt(unwrapped_value);
Review Comment:
I think it would be better to change this snippet and the encryption
providers to pass the data as `std::string_view` instead of `const
std::string&`. If you think this change has its place in this PR, consider
changing it. If not, maybe just this `decryptProperty` function can be changed
to take `std::string_view`, it makes a copy of the value (substring) anyway.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
