Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
NIFI-6301 - Added a SafeXMLConfiguration which disables XML DTDs whic… #3507
…h may call external entities.
NIFI-6301 - Fixed unit test. Added comments.
Thank you for submitting a contribution to Apache NiFi.
Please provide a short description of the PR here:
Description of PR
Enables X functionality; fixes bug NIFI-YYYY.
In order to streamline the review of the contribution we ask you
For all changes:
For code changes:
For documentation related changes:
Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.
I built the PR successfully and ran a local instance.
I'm going to see if I can enforce the same expected behavior from the regular and whitespace XXE file on the multiline XXE file. I am also going to suppress the stacktrace unless
I was able to modify some code to allow multiline XXE attacks to be caught during validation. I updated the unit tests to accurately reflect this.
I discovered another issue -- the
Continuing to investigate. Not sure which timer/thread is triggering the validation, but you can see from the log it continues with cached data even after the controller service is deleted.
Was testing and had no problem verifying the new behavior in the XMLFileLookupService as a Reporting Task Controller Service:
But when I tried to create the controller service on the Process Group level, the UI would hang.
…h may call external entities. NIFI-6301 - Fixed unit test. Added comments. NIFI-6301 - Removed unused rule from test. NIFI-6301 - Changed read() methods to use a boolean instead. Updated comments. NIFI-6301 - Fixing checkstyle errors.
@alopresto I've verified the issue you had with the validator still running even after the controller service is deleted. It occurs for 'controller level' controller services, and not for process-group scoped controller services. It appears to occur for all validators, as I have tested it with another validator other than the XXE one I have added. I have opened a new Jira to track this issue: https://issues.apache.org/jira/browse/NIFI-6371