Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-3050

Restrict dangerous processors to special permission

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments


    • New Feature
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 1.0.0
    • 1.1.0
    • Core Framework


      As evidenced by NIFI-3045 and other discoveries (e.g. using an ExecuteScript processor to iterate over a NiFiProperties instance after the application has already decrypted the sensitive properties from the nifi.properties file on disk, using a GetFile processor to retrieve /etc/passwd, etc.) NiFi is a powerful tool which can allow unauthorized users to perform malicious actions. While no tool as versatile as NiFi will ever be completely immune to insider threat, to further restrict the potential for abuse, certain processors should be designated as restricted, and these processors can only be added to the canvas or modified by users who, along with the proper permission to modify the canvas, have a special permission to interact with these "dangerous" processors.

      From the Security Feature Roadmap:

      Dangerous Processors

      • Processors which can directly affect behavior/configuration of NiFi/other services
      • GetFile
      • PutFile
      • ListFile
      • FetchFile
      • ExecuteScript
      • InvokeScriptedProcessor
      • ExecuteProcess
      • ExecuteStreamCommand
      • These processors should only be creatable/editable by users with special access control policy
      • Marked by @Restricted annotation on processor class
      • All flowfiles originating/passing through these processors have special attribute/protection
      • Perhaps *File processors can access a certain location by default but cannot access the root filesystem without special user permission?

      Matt Gilman and I should have a PR for this tomorrow.



          This comment will be Viewable by All Users Viewable by All Users


            mcgilman Matt Gilman
            alopresto Andy LoPresto
            1 Vote for this issue
            8 Start watching this issue




                Issue deployment