Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-4274

SSLContextService keystore and truststore location property descriptors incorrectly attempt to evaluate EL




      As reported on Stack Overflow, the StandardSSLContextService truststore location property descriptor would not evaluate an environment variable containing the location of the truststore file. The reporter said that by adding a space prior to the EL expression, it would evaluate, but result in an invalid path because it started with a space.

      Bryan Bende pointed out that this field does not support Expression Language.

      While I could not reproduce this behavior, I did verify using a remote debugger that while the field does not support EL, the custom file validator incorrectly attempts to evaluate EL, which is counter-indicated by the documentation and will cause issues. This line follows immediately after comments explaining the existence of the custom validator is because the default evaluates EL, which is not desired here.

      While personally, I do not believe these fields should support EL (security risk of the sensitive location being changed outside of NiFi with no visibility), the documentation and actual behavior should at least agree.

      The custom validator should not evaluate EL. Follow on discussion on this ticket or the mailing list may lead to new requirements to handle EL, but this can be implemented correctly and consistently at such time.


        Issue Links



              alopresto Andy LoPresto
              alopresto Andy LoPresto
              0 Vote for this issue
              4 Start watching this issue