Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-11005 Added Illegal and Redundant Import Modules to Checkstyle 

- Updated impacted classes to remove redundant import lines
- Removed WebUtilsGroovyTest.groovy class due to use of internal sun.security classes

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #6804.
This commit is contained in:
exceptionfactory 2022-12-22 20:55:15 -06:00 committed by Pierre Villard
parent b65431564d
commit b556322749
No known key found for this signature in database
GPG Key ID: F92A93B30C07C6D5
9 changed files with 2 additions and 334 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
checkstyle.xml
View File

@ -37,6 +37,8 @@
</module>
<module name="OuterTypeFilename"/>
<module name="AvoidStarImport"/>
<module name="IllegalImport"/>
<module name="RedundantImport"/>
<module name="UnusedImports">
<property name="processJavadoc" value="true"/>
</module>

1
nifi-api/src/main/java/org/apache/nifi/flow/ParameterProviderReference.java
View File

@ -18,7 +18,6 @@ package org.apache.nifi.flow;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import org.apache.nifi.flow.Bundle;
@ApiModel
public class ParameterProviderReference {

2
nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/ClientTransactionCompletion.java
View File

@ -18,8 +18,6 @@ package org.apache.nifi.remote;
import java.util.concurrent.TimeUnit;
import org.apache.nifi.remote.TransactionCompletion;
public class ClientTransactionCompletion implements TransactionCompletion {
private final boolean backoff;

2
nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/cluster/NodeInformationAdapter.java
View File

@ -18,8 +18,6 @@ package org.apache.nifi.remote.cluster;
import javax.xml.bind.annotation.adapters.XmlAdapter;
import org.apache.nifi.remote.cluster.NodeInformation;
public class NodeInformationAdapter extends XmlAdapter<AdaptedNodeInformation, NodeInformation> {
@Override

322
nifi-commons/nifi-web-utils/src/test/groovy/org/apache/nifi/web/util/WebUtilsGroovyTest.groovy
View File

@ -1,322 +0,0 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.nifi.web.util
import org.apache.http.conn.ssl.DefaultHostnameVerifier
import org.glassfish.jersey.client.ClientConfig
import org.junit.jupiter.api.Test
import org.mockito.Mockito
import sun.security.tools.keytool.CertAndKeyGen
import sun.security.x509.X500Name
import javax.net.ssl.HostnameVerifier
import javax.net.ssl.SSLContext
import javax.net.ssl.SSLPeerUnverifiedException
import javax.servlet.http.HttpServletRequest
import javax.ws.rs.client.Client
import javax.ws.rs.core.UriBuilderException
import java.security.cert.X509Certificate
import static org.junit.jupiter.api.Assertions.assertThrows
import static org.junit.jupiter.api.Assertions.assertTrue
class WebUtilsGroovyTest {
static final String PCP_HEADER = "X-ProxyContextPath"
static final String FC_HEADER = "X-Forwarded-Context"
static final String FP_HEADER = "X-Forwarded-Prefix"
static final String ALLOWED_PATH = "/some/context/path"
HttpServletRequest mockRequest(Map keys) {
HttpServletRequest mockRequest = [
getContextPath: { ->
"default/path"
},
getHeader : { String k ->
switch (k) {
case PCP_HEADER:
return keys["proxy"]
break
case FC_HEADER:
return keys["forward"]
break
case FP_HEADER:
return keys["prefix"]
break
default:
return ""
}
}] as HttpServletRequest
mockRequest
}
@Test
void testShouldDetermineCorrectContextPathWhenPresent() throws Exception {
// Arrange
final String CORRECT_CONTEXT_PATH = ALLOWED_PATH
final String WRONG_CONTEXT_PATH = "this/is/a/bad/path"
// Variety of requests with different ordering of context paths (the correct one is always "some/context/path"
HttpServletRequest proxyRequest = mockRequest([proxy: CORRECT_CONTEXT_PATH])
HttpServletRequest forwardedRequest = mockRequest([forward: CORRECT_CONTEXT_PATH])
HttpServletRequest prefixRequest = mockRequest([prefix: CORRECT_CONTEXT_PATH])
HttpServletRequest proxyBeforeForwardedRequest = mockRequest([proxy: CORRECT_CONTEXT_PATH, forward: WRONG_CONTEXT_PATH])
HttpServletRequest proxyBeforePrefixRequest = mockRequest([proxy: CORRECT_CONTEXT_PATH, prefix: WRONG_CONTEXT_PATH])
HttpServletRequest forwardBeforePrefixRequest = mockRequest([forward: CORRECT_CONTEXT_PATH, prefix: WRONG_CONTEXT_PATH])
List<HttpServletRequest> requests = [proxyRequest, forwardedRequest, prefixRequest, proxyBeforeForwardedRequest,
proxyBeforePrefixRequest, forwardBeforePrefixRequest]
// Act
requests.each { HttpServletRequest request ->
String determinedContextPath = WebUtils.determineContextPath(request)
// Assert
assert determinedContextPath == CORRECT_CONTEXT_PATH
}
}
@Test
void testShouldDetermineCorrectContextPathWhenAbsent() throws Exception {
// Arrange
final String CORRECT_CONTEXT_PATH = ""
// Variety of requests with different ordering of non-existent context paths (the correct one is always ""
HttpServletRequest proxyRequest = mockRequest([proxy: ""])
HttpServletRequest proxySpacesRequest = mockRequest([proxy: " "])
HttpServletRequest forwardedRequest = mockRequest([forward: ""])
HttpServletRequest forwardedSpacesRequest = mockRequest([forward: " "])
HttpServletRequest prefixRequest = mockRequest([prefix: ""])
HttpServletRequest prefixSpacesRequest = mockRequest([prefix: " "])
HttpServletRequest proxyBeforeForwardedOrPrefixRequest = mockRequest([proxy: "", forward: "", prefix: ""])
HttpServletRequest proxyBeforeForwardedOrPrefixSpacesRequest = mockRequest([proxy: " ", forward: " ", prefix: " "])
List<HttpServletRequest> requests = [proxyRequest, proxySpacesRequest, forwardedRequest, forwardedSpacesRequest, prefixRequest, prefixSpacesRequest,
proxyBeforeForwardedOrPrefixRequest, proxyBeforeForwardedOrPrefixSpacesRequest]
// Act
requests.each { HttpServletRequest request ->
String determinedContextPath = WebUtils.determineContextPath(request)
// Assert
assert determinedContextPath == CORRECT_CONTEXT_PATH
}
}
@Test
void testShouldNormalizeContextPath() throws Exception {
// Arrange
final String CORRECT_CONTEXT_PATH = ALLOWED_PATH
final String TRIMMED_PATH = ALLOWED_PATH[1..-1] // Trims leading /
// Variety of different context paths (the correct one is always "/some/context/path")
List<String> contextPaths = ["/$TRIMMED_PATH", "/" + TRIMMED_PATH, TRIMMED_PATH, TRIMMED_PATH + "/"]
// Act
contextPaths.each { String contextPath ->
String normalizedContextPath = WebUtils.normalizeContextPath(contextPath)
// Assert
assert normalizedContextPath == CORRECT_CONTEXT_PATH
}
}
@Test
void testVerifyContextPathShouldAllowContextPathHeaderIfInAllowList() throws Exception {
WebUtils.verifyContextPath(Arrays.asList(ALLOWED_PATH), ALLOWED_PATH)
}
@Test
void testVerifyContextPathShouldAllowContextPathHeaderIfInMultipleAllowLists() throws Exception {
WebUtils.verifyContextPath(Arrays.asList(ALLOWED_PATH, ALLOWED_PATH.reverse()), ALLOWED_PATH)
}
@Test
void testVerifyContextPathShouldAllowContextPathHeaderIfBlank() throws Exception {
def emptyContextPaths = ["", " ", "\t", null]
emptyContextPaths.each { String contextPath ->
WebUtils.verifyContextPath(Arrays.asList(ALLOWED_PATH), contextPath)
}
}
@Test
void testVerifyContextPathShouldBlockContextPathHeaderIfNotAllowed() throws Exception {
def invalidContextPaths = ["/other/path", "localhost", "/../trying/to/escape"]
invalidContextPaths.each { String contextPath ->
assertThrows(UriBuilderException.class, () -> WebUtils.verifyContextPath(Arrays.asList(ALLOWED_PATH), contextPath))
}
}
@Test
void testHostnameVerifierType() {
// Arrange
SSLContext sslContext = Mockito.mock(SSLContext.class)
final ClientConfig clientConfig = new ClientConfig()
// Act
Client client = WebUtils.createClient(clientConfig, sslContext)
HostnameVerifier hostnameVerifier = client.getHostnameVerifier()
// Assert
assertTrue(hostnameVerifier instanceof DefaultHostnameVerifier)
}
@Test
void testHostnameVerifierWildcard() {
// Arrange
final String EXPECTED_DN = "CN=*.apache.com,OU=Security,O=Apache,ST=CA,C=US"
final String hostname = "nifi.apache.com"
X509Certificate cert = generateCertificate(EXPECTED_DN)
SSLContext sslContext = Mockito.mock(SSLContext.class)
final ClientConfig clientConfig = new ClientConfig()
// Act
Client client = WebUtils.createClient(clientConfig, sslContext)
DefaultHostnameVerifier hostnameVerifier = (DefaultHostnameVerifier) client.getHostnameVerifier()
// Verify
hostnameVerifier.verify(hostname, cert)
}
@Test
void testHostnameVerifierDNWildcardFourthLevelDomain() {
// Arrange
final String EXPECTED_DN = "CN=*.nifi.apache.org,OU=Security,O=Apache,ST=CA,C=US"
final String clientHostname = "client.nifi.apache.org"
final String serverHostname = "server.nifi.apache.org"
X509Certificate cert = generateCertificate(EXPECTED_DN)
SSLContext sslContext = Mockito.mock(SSLContext.class)
final ClientConfig clientConfig = new ClientConfig()
// Act
Client client = WebUtils.createClient(clientConfig, sslContext)
DefaultHostnameVerifier hostnameVerifier = client.getHostnameVerifier()
// Verify
hostnameVerifier.verify(clientHostname, cert)
hostnameVerifier.verify(serverHostname, cert)
}
@Test
void testHostnameVerifierDomainLevelMismatch() {
// Arrange
final String EXPECTED_DN = "CN=*.nifi.apache.org,OU=Security,O=Apache,ST=CA,C=US"
final String hostname = "nifi.apache.org"
X509Certificate cert = generateCertificate(EXPECTED_DN)
SSLContext sslContext = Mockito.mock(SSLContext.class)
final ClientConfig clientConfig = new ClientConfig()
// Act
Client client = WebUtils.createClient(clientConfig, sslContext)
DefaultHostnameVerifier hostnameVerifier = client.getHostnameVerifier()
assertThrows(SSLPeerUnverifiedException.class, () -> hostnameVerifier.verify(hostname, cert))
}
@Test
void testHostnameVerifierEmptyHostname() {
// Arrange
final String EXPECTED_DN = "CN=nifi.apache.org,OU=Security,O=Apache,ST=CA,C=US"
final String hostname = ""
X509Certificate cert = generateCertificate(EXPECTED_DN)
SSLContext sslContext = Mockito.mock(SSLContext.class)
final ClientConfig clientConfig = new ClientConfig()
// Act
Client client = WebUtils.createClient(clientConfig, sslContext)
DefaultHostnameVerifier hostnameVerifier = client.getHostnameVerifier()
assertThrows(SSLPeerUnverifiedException.class, () -> hostnameVerifier.verify(hostname, cert))
}
@Test
void testHostnameVerifierDifferentSubdomain() {
// Arrange
final String EXPECTED_DN = "CN=nifi.apache.org,OU=Security,O=Apache,ST=CA,C=US"
final String hostname = "egg.apache.org"
X509Certificate cert = generateCertificate(EXPECTED_DN)
SSLContext sslContext = Mockito.mock(SSLContext.class)
final ClientConfig clientConfig = new ClientConfig()
// Act
Client client = WebUtils.createClient(clientConfig, sslContext)
DefaultHostnameVerifier hostnameVerifier = client.getHostnameVerifier()
assertThrows(SSLPeerUnverifiedException.class, () -> hostnameVerifier.verify(hostname, cert))
}
@Test
void testHostnameVerifierDifferentTLD() {
// Arrange
final String EXPECTED_DN = "CN=nifi.apache.org,OU=Security,O=Apache,ST=CA,C=US"
final String hostname = "nifi.apache.com"
X509Certificate cert = generateCertificate(EXPECTED_DN)
SSLContext sslContext = Mockito.mock(SSLContext.class)
final ClientConfig clientConfig = new ClientConfig()
// Act
Client client = WebUtils.createClient(clientConfig, sslContext)
DefaultHostnameVerifier hostnameVerifier = client.getHostnameVerifier()
assertThrows(SSLPeerUnverifiedException.class, () -> hostnameVerifier.verify(hostname, cert))
}
@Test
void testHostnameVerifierWildcardTLD() {
// Arrange
final String EXPECTED_DN = "CN=nifi.apache.*,OU=Security,O=Apache,ST=CA,C=US"
final String comTLDhostname = "nifi.apache.com"
final String orgTLDHostname = "nifi.apache.org"
X509Certificate cert = generateCertificate(EXPECTED_DN)
SSLContext sslContext = Mockito.mock(SSLContext.class)
final ClientConfig clientConfig = new ClientConfig()
// Act
Client client = WebUtils.createClient(clientConfig, sslContext)
DefaultHostnameVerifier hostnameVerifier = client.getHostnameVerifier()
// Verify
hostnameVerifier.verify(comTLDhostname, cert)
hostnameVerifier.verify(orgTLDHostname, cert)
}
@Test
void testHostnameVerifierWildcardDomain() {
// Arrange
final String EXPECTED_DN = "CN=nifi.*.com,OU=Security,O=Apache,ST=CA,C=US"
final String hostname = "nifi.apache.com"
X509Certificate cert = generateCertificate(EXPECTED_DN)
SSLContext sslContext = Mockito.mock(SSLContext.class)
final ClientConfig clientConfig = new ClientConfig()
// Act
Client client = WebUtils.createClient(clientConfig, sslContext)
DefaultHostnameVerifier hostnameVerifier = client.getHostnameVerifier()
// Verify
hostnameVerifier.verify(hostname, cert)
}
X509Certificate generateCertificate(String DN) {
CertAndKeyGen certGenerator = new CertAndKeyGen("RSA", "SHA256WithRSA", null)
certGenerator.generate(2048)
long validityPeriod = (long) 365 * 24 * 60 * 60 // 1 YEAR
X509Certificate cert = certGenerator.getSelfCertificate(new X500Name(DN), validityPeriod)
return cert
}
}

1
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/endpoints/ControllerConfigurationEndpointMerger.java
View File

@ -16,7 +16,6 @@
*/
package org.apache.nifi.cluster.coordination.http.endpoints;
import org.apache.nifi.cluster.coordination.http.endpoints.AbstractSingleEntityEndpoint;
import org.apache.nifi.cluster.manager.NodeResponse;
import org.apache.nifi.cluster.manager.PermissionsDtoMerger;
import org.apache.nifi.cluster.protocol.NodeIdentifier;

4
nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-processors/src/test/java/org/apache/nifi/processors/splunk/TestPutSplunkHTTP.java
View File

@ -49,10 +49,6 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
@ExtendWith(MockitoExtension.class)
public class TestPutSplunkHTTP {
private static final String ACK_ID = "1234";

1
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/util/FTPTransfer.java
View File

@ -50,7 +50,6 @@ import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.standard.util.FileTransfer;
import org.apache.nifi.processors.standard.ftp.FTPClientProvider;
import org.apache.nifi.processors.standard.ftp.StandardFTPClientProvider;
import org.apache.nifi.proxy.ProxyConfiguration;

1
nifi-nar-bundles/nifi-standard-services/nifi-record-sink-service-bundle/nifi-record-sink-service/src/test/java/org/apache/nifi/record/sink/TestProcessor.java
View File

@ -21,7 +21,6 @@ import org.apache.nifi.processor.AbstractProcessor;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.record.sink.RecordSinkService;
import java.util.ArrayList;
import java.util.List;