[GitHub] [nifi] exceptionfactory commented on a change in pull request #4572: NIFI-7777 Added Password property to UnpackContent for decrypting Zip archives

Mon, 05 Oct 2020 19:28:12 -0700 


exceptionfactory commented on a change in pull request #4572:
URL: https://github.com/apache/nifi/pull/4572#discussion_r499971345



##########
File path: 
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestUnpackContent.java
##########
@@ -450,4 +465,43 @@ public void testThreadSafetyUsingAutoDetect() throws 
IOException {
 
         runner.assertTransferCount(UnpackContent.REL_SUCCESS, numThreads*2);
     }
+
+    private void runZipEncryptionMethod(final EncryptionMethod 
encryptionMethod) throws IOException {
+        final TestRunner runner = TestRunners.newTestRunner(new 
UnpackContent());
+        runner.setProperty(UnpackContent.PACKAGING_FORMAT, 
UnpackContent.PackageFormat.ZIP_FORMAT.toString());
+
+        final String password = String.class.getSimpleName();
+        runner.setProperty(UnpackContent.PASSWORD, password);
+
+        final char[] streamPassword = password.toCharArray();

Review comment:
       Thanks for the thorough feedback.  In response to your questions:
   
   - When the processor does not have a password configured, or has the wrong 
password, the ZipInputStream will throw a ZipException with a message 
particular to the type of encryption.  The current processor behavior handles 
these exceptions and routes files to failure.  I added a unit test for this 
scenario.
   - The ZipInputStream does not use the provided password if the archive is 
not encrypted, so the processor will support unpacking unencrypted Zip archives 
without any problem regardless of whether a password is configured.
   - The AES and Standard decryption classes in Zip4j do not appear to enforce 
a maximum password length
   - The Zip4j library takes a password as a char[] so should there be some 
additional type of validation on the Password property?
   - Given that the ZipUnpacker.unpack() method is wrapped a in general 
try-catch block, any unsupported encryption format or malformed archive should 
throw an Exception and route the file to failure.  Zip4j detects supported 
encryption types, so specifying a particular method is not necessary.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to