Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-14103 Corrected thread safety for Proxied Entity Encoder (#9591) 

- Created new CharsetEncoder for each method invocation
This commit is contained in:
David Handermann 2024-12-20 12:32:17 -06:00 committed by GitHub
parent 8ab4ae0d18
commit 5c3499a008
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nifi-commons/nifi-security-proxied-entity/src/main/java/org/apache/nifi/security/proxied/entity/StandardProxiedEntityEncoder.java
View File

@ -16,6 +16,7 @@
*/
package org.apache.nifi.security.proxied.entity;
import java.nio.charset.Charset;
import java.nio.charset.CharsetEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
@ -34,7 +35,7 @@ public class StandardProxiedEntityEncoder implements ProxiedEntityEncoder {
private static final String ESCAPED_LT = "\\\\<";
private static final CharsetEncoder headerValueCharsetEncoder = StandardCharsets.US_ASCII.newEncoder();
private static final Charset headerValueCharset = StandardCharsets.US_ASCII;
private static final Base64.Encoder headerValueEncoder = Base64.getEncoder();
@ -73,7 +74,9 @@ public class StandardProxiedEntityEncoder implements ProxiedEntityEncoder {
} else {
final String escaped = identity.replaceAll(LT, ESCAPED_LT).replaceAll(GT, ESCAPED_GT);
if (headerValueCharsetEncoder.canEncode(escaped)) {
// Create method-local CharsetEncoder for thread-safe state handling
final CharsetEncoder charsetEncoder = headerValueCharset.newEncoder();
if (charsetEncoder.canEncode(escaped)) {
// Strings limited to US-ASCII characters can be transmitted as HTTP header values without encoding
sanitized = escaped;
} else {