[tika] branch main updated: TIKA-3392 -- allow insecure parsing in MimeTypesReader; log a warning

[tallison]

This is an automated email from the ASF dual-hosted git repository.

tallison pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tika.git


The following commit(s) were added to refs/heads/main by this push:
     new 03b6baf  TIKA-3392 -- allow insecure parsing in MimeTypesReader; log a 
warning
03b6baf is described below

commit 03b6baf1efdb43b299cbe025184cf24cca9a8847
Author: tallison <talli...@apache.org>
AuthorDate: Wed May 12 13:38:06 2021 -0400

    TIKA-3392 -- allow insecure parsing in MimeTypesReader; log a warning
---
 .../src/main/java/org/apache/tika/mime/MimeTypesReader.java   | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/tika-core/src/main/java/org/apache/tika/mime/MimeTypesReader.java 
b/tika-core/src/main/java/org/apache/tika/mime/MimeTypesReader.java
index 7d53ab9..c4e3b9d 100644
--- a/tika-core/src/main/java/org/apache/tika/mime/MimeTypesReader.java
+++ b/tika-core/src/main/java/org/apache/tika/mime/MimeTypesReader.java
@@ -36,6 +36,8 @@ import javax.xml.transform.TransformerException;
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.sax.SAXResult;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.w3c.dom.Document;
 import org.xml.sax.Attributes;
 import org.xml.sax.InputSource;
@@ -115,7 +117,7 @@ public class MimeTypesReader extends DefaultHandler 
implements MimeTypesReaderMe
      */
     private static int POOL_SIZE = 10;
     private static ArrayBlockingQueue<SAXParser> SAX_PARSERS = new 
ArrayBlockingQueue<>(POOL_SIZE);
-
+    static Logger LOG = LoggerFactory.getLogger(MimeTypesReader.class);
     static {
         try {
             setPoolSize(POOL_SIZE);
@@ -213,9 +215,14 @@ public class MimeTypesReader extends DefaultHandler 
implements MimeTypesReaderMe
         factory.setNamespaceAware(false);
         try {
             factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+        } catch (ParserConfigurationException | SAXException e) {
+            LOG.warn("can't set secure processing feature on: " + 
factory.getClass() +
+                    ". User assumes responsibility for consequences.");
+        }
+        try {
             return factory.newSAXParser();
         } catch (ParserConfigurationException | SAXException e) {
-            throw new TikaException("problem creating SAX parser factory", e);
+            throw new TikaException("Can't create new sax parser", e);
         }
     }