Hi, I would fully wrap Apache POI in a clean set of interfaces/factories and this way only provide the minimum necessary methods.
If you have lots of existing code, maybe you can style it in a similar way to keep required code-changes small. Otherwise there is always a way to access underlying "CT" objects and thus alter content in unpredictable ways. Static code checkers like "forbidden-apis" and custom rules for it can then help to prevent anyone from using the underlying code directly. Regards... Dominik. On Thu, May 4, 2023 at 2:49 PM PJ Fanning <[email protected]> wrote: > Why don't you refactor your code so that there is a method to make one > cell safe? Your XSSF commit code can still call the make one cell safe > method. With SXSSF, you can call that method every time you add a new cell > to an SXSSF row. > > This sort of stuff is better going to stackoverflow btw. There are many > more people on that than there is on this mailing list. > > > > > > > On Thursday 4 May 2023 at 13:14:22 IST, Tobias Fink <[email protected]> > wrote: > > > > > > Hi, > > We have a project with quite a big codebase and I'm looking for a way to > implement a security-feature, where the "setQuotePrefixed(true);" > style-flag is automatically applied to cells with content that starts with > a "=" (as these contents would be interpreted as formulars once excel is > opened and the cell value is changed or pressed enter on unchanged). > We already have a class that produces "clean" instances of XSSFWorkbook > (with some core properties nilled out). There I've implemented a method to > create autofixing workbooks - but this is not working for streaming > workbooks (SXSSFWorkbook), because these are already streamed out before > the "commit" method is called. > > Do you know how I could implement such a behaviour for SXSSFWorkbooks ? > > Thank you and best regards, > > Tobias > > Heres my code for XSSFWorkbooks: > > public static XSSFWorkbook createCleanXSSFWorkbook(InputStream is) throws > IOException > { > XSSFWorkbook wb=new XSSFWorkbook(is){ > @Override > protected void commit() throws IOException > { > applySafeCellStyles(this); > super.commit(); > } > }; > cleanXSSFMetaInformation(wb); > return wb; > } > > private static void applySafeCellStyles(Workbook wb) > { > int sheets = wb.getNumberOfSheets(); > Map<CellStyle, CellStyle> styleToSafeStyleMap = new > HashMap<>(); > for (int sheetNumber = 0; sheetNumber < sheets; > sheetNumber++) > { > Sheet sheet = wb.getSheetAt(sheetNumber); > for (Row row : sheet) > { > for (Cell cell : row) > { > if > (cell.getCellType() == CellType.STRING) > { > > String cellValue = cell.getStringCellValue(); > > if (cellValue.startsWith("=")) > > { > > CellStyle thisCellStyle = cell.getCellStyle(); > > CellStyle safeCellStyle = > styleToSafeStyleMap.get(thisCellStyle); > > if (safeCellStyle == null) > > { > > safeCellStyle = wb.createCellStyle(); > > > safeCellStyle.cloneStyleFrom(thisCellStyle); > > safeCellStyle.setQuotePrefixed(true); > > styleToSafeStyleMap.put(thisCellStyle, > safeCellStyle); > > } > > > cell.setCellStyle(safeCellStyle); > > } > } > } > } > } > } > > Freundliche Grüße > > Tobias Fink > Software Development > > Tel.: +49(0)621 - 520078 - 0 -- Fax: +49(0)621 - 520078 - 20 > E-Mail: [email protected]<mailto:[email protected]> > > Fasihi GmbH - Ludwig-Reichling-Straße 6 - 67059 Ludwigshafen > Geschäftsführer Saeid Fasihi, Rolf Lutzer - Firmensitz Ludwigshafen a. Rh. > Amtsgericht Ludwigshafen - HRB 60601 > > > ----------------------------------------------------- > Preisträger Großer Preis des Mittelstandes 2014 > Innovationspreisträger Rheinland-Pfalz 2011 > ----------------------------------------------------- > Besuchen Sie uns auch unter > Das Digitale Assistenzsystem: https://das-assistenzsystem.de/ > Fasihi eXperience Platform: https://fxp.fasihi.net/ > Homepage: http://www.fasihi.net<http://www.fasihi.net/> > Unsere Hinweise zum Datenschutz finden Sie hier: Datenschutzerklärung > Fasihi GmbH<https://fasihi.net/portal/fep/de/dt.jsp?setCursor=1_551471> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
