[tika] branch branch_1x updated: TIKA-3392 -- allow insecure parsing in MimeTypesReader

[tallison]

This is an automated email from the ASF dual-hosted git repository.

tallison pushed a commit to branch branch_1x
in repository https://gitbox.apache.org/repos/asf/tika.git


The following commit(s) were added to refs/heads/branch_1x by this push:
     new 06c111f  TIKA-3392 -- allow insecure parsing in MimeTypesReader
06c111f is described below

commit 06c111f82a14a34492b3302b4d8310645b6f8366
Author: tallison <talli...@apache.org>
AuthorDate: Wed May 12 13:30:03 2021 -0400

    TIKA-3392 -- allow insecure parsing in MimeTypesReader
---
 .../java/org/apache/tika/mime/MimeTypesReader.java     | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/tika-core/src/main/java/org/apache/tika/mime/MimeTypesReader.java 
b/tika-core/src/main/java/org/apache/tika/mime/MimeTypesReader.java
index d2334a2..a34f26e 100644
--- a/tika-core/src/main/java/org/apache/tika/mime/MimeTypesReader.java
+++ b/tika-core/src/main/java/org/apache/tika/mime/MimeTypesReader.java
@@ -35,6 +35,8 @@ import java.util.List;
 import java.util.concurrent.ArrayBlockingQueue;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.locks.ReentrantReadWriteLock;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 
 import org.apache.tika.exception.TikaException;
 import org.apache.tika.utils.XMLReaderUtils;
@@ -112,13 +114,17 @@ public class MimeTypesReader extends DefaultHandler 
implements MimeTypesReaderMe
 
     private static ArrayBlockingQueue<SAXParser> SAX_PARSERS = new 
ArrayBlockingQueue<>(POOL_SIZE);
 
+    private static Logger LOG = 
Logger.getLogger(MimeTypesReader.class.getName());
+
     static {
         try {
             setPoolSize(POOL_SIZE);
         } catch (TikaException e) {
             throw new RuntimeException("problem initializing SAXParser pool", 
e);
         }
-    }    protected final MimeTypes types;
+    }
+
+    protected final MimeTypes types;
 
     /** Current type */
     protected MimeType type = null;
@@ -428,9 +434,15 @@ public class MimeTypesReader extends DefaultHandler 
implements MimeTypesReaderMe
         try {
             factory.setFeature(
                     XMLConstants.FEATURE_SECURE_PROCESSING, true);
-            return factory.newSAXParser();
         } catch (ParserConfigurationException|SAXException e) {
-            throw new TikaException("problem creating SAX parser factory", e);
+            LOG.log(Level.WARNING,
+                    "can't set secure parsing feature on SAXParserFactory: " +
+                    factory.getClass() + ". User assumes responsibility for 
consequences.");
+        }
+        try {
+            return factory.newSAXParser();
+        } catch (ParserConfigurationException | SAXException e) {
+            throw new TikaException("can't create saxparser", e);
         }
     }
 }