[ https://issues.apache.org/jira/browse/NIFI-7119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17057456#comment-17057456 ]
ASF subversion and git services commented on NIFI-7119: ------------------------------------------------------- Commit 290bd378d5e219dabac8f3ecf2bf9c69451f1c3c in nifi's branch refs/heads/master from M Tien [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=290bd37 ] NIFI-7119 Implement boundary checking for Argon2 cost parameters (#4111) * NIFI-7119 Implemented parameter boundary enforcement for Argon2SecureHasher constructor. Added unit tests for validating each parameter check. * NIFI-7119 Refactored parameter validations. Added more test sizes to boundary checkers. Changed logger severity to error and added bounds to messages. * NIFI-7119 Refactored Argon2 parameter data types to handle unsigned integer boundary values. Updated unit tests. Co-authored-by: Andy LoPresto <alopre...@apache.org> Signed-off-by: Andy LoPresto <alopre...@apache.org> > Implement boundary checking for Argon2 cost parameters > ------------------------------------------------------ > > Key: NIFI-7119 > URL: https://issues.apache.org/jira/browse/NIFI-7119 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework > Affects Versions: 1.11.1 > Reporter: Andy LoPresto > Assignee: M Tien > Priority: Major > Labels: beginner, boundary, hashing, security, validation > Time Spent: 1h 20m > Remaining Estimate: 0h > > The {{Argon2}} secure hasher added for the flow fingerprint fix does not > enforce boundaries around the cost parameters provided to the various > constructors. It should restrict provided values to valid entries as noted in > the Javadoc. -- This message was sent by Atlassian Jira (v8.3.4#803005)