[jira] [Commented] (NIFI-5193) Improve ConfigEncryptionTool handling of complex user search mapping values

Mon, 21 May 2018 10:18:21 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-5193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16482747#comment-16482747
 ] 

Andy LoPresto commented on NIFI-5193:
-------------------------------------

I think the solution to this is to filter out the user search mapping and other 
element values that might contain complex expressions before performing the 
regex operations. These could be replaced by temporary tokens and stored in a 
hash map, then re-inserted after the regex operations. 

> Improve ConfigEncryptionTool handling of complex user search mapping values
> ---------------------------------------------------------------------------
>
>                 Key: NIFI-5193
>                 URL: https://issues.apache.org/jira/browse/NIFI-5193
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Tools and Build
>    Affects Versions: 1.6.0
>            Reporter: Andy LoPresto
>            Priority: Major
>              Labels: regex, security, toolkit
>
> The {{ConfigEncryptionTool}} can fail to encrypt 
> {{login-identity-providers.xml}} or {{authorizers.xml}} if the XML contains a 
> User Search Mapping value which is interpreted as having regular expression 
> capture groups. 
> {code}
> <property name="User Search Filter">(& 
> (objectCategory=Person)(sAMAccountName=*)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(!(sAMAccountName=$*)))</property>
> {code}
> Results in:
> {code}
> 2018/05/14 15:05:22 ERROR [main] 
> org.apache.nifi.properties.ConfigEncryptionTool: Encountered an error
> java.lang.IllegalArgumentException: Illegal group reference
>             at java.util.regex.Matcher.appendReplacement(Matcher.java:857)
>             at java.util.regex.Matcher.replaceFirst(Matcher.java:1004)
>             at java.lang.String.replaceFirst(String.java:2178)
>             at java_lang_String$replaceFirst$6.call(Unknown Source)
>             at 
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
>             at 
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
>             at 
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
>             at 
> org.apache.nifi.properties.ConfigEncryptionTool.serializeAuthorizersAndPreserveFormat(ConfigEncryptionTool.groovy:1246)
>             at 
> org.apache.nifi.properties.ConfigEncryptionTool$serializeAuthorizersAndPreserveFormat$6.callStatic(Unknown
>  Source)
>             at 
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)
>             at 
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)
>             at 
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:214)
>             at 
> org.apache.nifi.properties.ConfigEncryptionTool.writeAuthorizers(ConfigEncryptionTool.groovy:1118)
>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>             at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>             at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>             at java.lang.reflect.Method.invoke(Method.java:498)
>             at 
> org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSiteNoUnwrapNoCoerce.invoke(PogoMetaMethodSite.java:210)
>             at 
> org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.call(PogoMetaMethodSite.java:71)
>             at 
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
>             at 
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
>             at 
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:117)
>             at 
> org.apache.nifi.properties.ConfigEncryptionTool.main(ConfigEncryptionTool.groovy:1485)
>             at 
> org.apache.nifi.properties.ConfigEncryptionTool$main.call(Unknown Source)
>             at 
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
>             at 
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
>             at 
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
>             at 
> org.apache.nifi.toolkit.encryptconfig.LegacyMode.run(LegacyMode.groovy:30)
>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>             at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>             at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>             at java.lang.reflect.Method.invoke(Method.java:498)
>             at 
> org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSite.invoke(PogoMetaMethodSite.java:169)
>             at 
> org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.call(PogoMetaMethodSite.java:71)
>             at 
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
>             at 
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
>             at 
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
>             at 
> org.apache.nifi.toolkit.encryptconfig.EncryptConfigMain.main(EncryptConfigMain.groovy:109)
> Encountered an error writing the master key to the bootstrap.conf file and 
> the encrypted properties to nifi.properties
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to