[jira] [Commented] (TIKA-1387) Add forbidden-apis checker to TIKA build

Wed, 06 Aug 2014 14:27:34 -0700 

    [ 
https://issues.apache.org/jira/browse/TIKA-1387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14088286#comment-14088286
 ] 

Hudson commented on TIKA-1387:
------------------------------

ABORTED: Integrated in tika-trunk-jdk1.7 #147 (See 
[https://builds.apache.org/job/tika-trunk-jdk1.7/147/])
Fix for TIKA-1387 (thanks Uwe Schindler). Adding the Maven forbidden-apis 
plugin and fixing identified errors. (tpalsulich: 
http://svn.apache.org/viewvc/tika/trunk/?view=rev&rev=1616295)
* /tika/trunk/CHANGES.txt
* /tika/trunk/tika-app/src/main/java/org/apache/tika/cli/TikaCLI.java
* /tika/trunk/tika-app/src/test/java/org/apache/tika/cli/TikaCLITest.java
* /tika/trunk/tika-core/src/main/java/org/apache/tika/detect/MagicDetector.java
* /tika/trunk/tika-core/src/main/java/org/apache/tika/io/FilenameUtils.java
* /tika/trunk/tika-core/src/main/java/org/apache/tika/io/IOUtils.java
* 
/tika/trunk/tika-core/src/main/java/org/apache/tika/language/LanguageProfilerBuilder.java
* 
/tika/trunk/tika-core/src/main/java/org/apache/tika/parser/external/ExternalParser.java
* 
/tika/trunk/tika-core/src/main/java/org/apache/tika/sax/ToTextContentHandler.java
* 
/tika/trunk/tika-core/src/main/java/org/apache/tika/sax/WriteOutContentHandler.java
* /tika/trunk/tika-core/src/main/java/org/apache/tika/utils/DateUtils.java
* 
/tika/trunk/tika-core/src/test/java/org/apache/tika/TypeDetectionBenchmark.java
* /tika/trunk/tika-core/src/test/java/org/apache/tika/io/TailStreamTest.java
* 
/tika/trunk/tika-core/src/test/java/org/apache/tika/sax/BodyContentHandlerTest.java
* /tika/trunk/tika-java7/pom.xml
* /tika/trunk/tika-parent/pom.xml
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/chm/accessor/ChmDirectoryListingSet.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/chm/accessor/ChmItsfHeader.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/chm/accessor/ChmItspHeader.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/chm/accessor/ChmLzxcControlData.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/chm/accessor/ChmPmgiHeader.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/chm/accessor/ChmPmglHeader.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/chm/core/ChmExtractor.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/html/BoilerpipeContentHandler.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/image/ImageMetadataExtractor.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/iptc/IptcAnpaParser.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/iwork/AutoPageNumberUtils.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/mat/MatParser.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/mbox/MboxParser.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/mbox/OutlookPSTParser.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/microsoft/OutlookExtractor.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/microsoft/WordExtractor.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/mp3/LyricsHandler.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/odf/NSNormalizerContentHandler.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/pdf/PDF2XHTML.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/pdf/PDFParser.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/pdf/PDFParserConfig.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/pkg/ZipContainerDetector.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/rtf/RTFObjDataParser.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/rtf/TextExtractor.java
* 
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/video/FLVParser.java
* 
/tika/trunk/tika-parsers/src/test/java/org/apache/tika/embedder/ExternalEmbedderTest.java
* 
/tika/trunk/tika-parsers/src/test/java/org/apache/tika/parser/AutoDetectParserTest.java
* 
/tika/trunk/tika-parsers/src/test/java/org/apache/tika/parser/chm/TestChmBlockInfo.java
* 
/tika/trunk/tika-parsers/src/test/java/org/apache/tika/parser/chm/TestChmItspHeader.java
* 
/tika/trunk/tika-parsers/src/test/java/org/apache/tika/parser/chm/TestChmLzxState.java
* 
/tika/trunk/tika-parsers/src/test/java/org/apache/tika/parser/chm/TestChmLzxcControlData.java
* 
/tika/trunk/tika-parsers/src/test/java/org/apache/tika/parser/chm/TestChmLzxcResetTable.java
* 
/tika/trunk/tika-parsers/src/test/java/org/apache/tika/parser/chm/TestPmglHeader.java
* 
/tika/trunk/tika-parsers/src/test/java/org/apache/tika/parser/code/SourceCodeParserTest.java
* 
/tika/trunk/tika-parsers/src/test/java/org/apache/tika/parser/image/ImageMetadataExtractorTest.java
* 
/tika/trunk/tika-parsers/src/test/java/org/apache/tika/parser/microsoft/ooxml/OOXMLParserTest.java
* 
/tika/trunk/tika-parsers/src/test/java/org/apache/tika/parser/mp3/MpegStreamTest.java
* 
/tika/trunk/tika-parsers/src/test/java/org/apache/tika/parser/pdf/PDFParserTest.java
* /tika/trunk/tika-server/src/main/java/org/apache/tika/server/TikaResource.java
* 
/tika/trunk/tika-server/src/main/java/org/apache/tika/server/UnpackerResource.java
* 
/tika/trunk/tika-server/src/test/java/org/apache/tika/server/MetadataEPTest.java
* 
/tika/trunk/tika-server/src/test/java/org/apache/tika/server/MetadataResourceTest.java
* 
/tika/trunk/tika-translate/src/main/java/org/apache/tika/language/translate/GoogleTranslator.java
* 
/tika/trunk/tika-translate/src/main/java/org/apache/tika/language/translate/Lingo24Translator.java


> Add forbidden-apis checker to TIKA build
> ----------------------------------------
>
>                 Key: TIKA-1387
>                 URL: https://issues.apache.org/jira/browse/TIKA-1387
>             Project: Tika
>          Issue Type: Improvement
>          Components: general
>            Reporter: Uwe Schindler
>            Assignee: Tyler Palsulich
>             Fix For: 1.7
>
>         Attachments: TIKA-1387.palsulich.080614.patch, TIKA-1387.patch, 
> TIKA-1387.patch, TIKA-1387.patch
>
>
> Lucene and many other projects already use the forbidden-apis checker to 
> prevent use of some broken classes/signatures from the JDK. These are 
> especially thing using default character sets or default locales. The 
> forbidden-api checker can also be used to explcitely disallow specific 
> methods, if they have security issues (e.g., creating XML parsers without 
> disabling external entity support).
> The attached patch adds the forbidden-api checker to the tika-parent pom file 
> with default configuration.
> Running it fails with many errors in TIKA core already:
> {noformat}
> [INFO] --- forbiddenapis:1.6.1:check (default) @ tika-core ---
> [INFO] Scanning for classes to check...
> [INFO] Reading bundled API signatures: jdk-unsafe
> [INFO] Reading bundled API signatures: jdk-deprecated
> [INFO] Loading classes to check...
> [INFO] Scanning for API signatures and dependencies...
> [ERROR] Forbidden method invocation: java.lang.String#getBytes() [Uses 
> default charset]
> [ERROR]   in org.apache.tika.language.LanguageProfilerBuilder 
> (LanguageProfilerBuilder.java:407)
> [ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses 
> default locale]
> [ERROR]   in org.apache.tika.io.FilenameUtils (FilenameUtils.java:68)
> [ERROR] Forbidden method invocation: java.lang.String#getBytes() [Uses 
> default charset]
> [ERROR]   in org.apache.tika.io.IOUtils (IOUtils.java:257)
> [ERROR] Forbidden method invocation: java.lang.String#<init>(byte[]) [Uses 
> default charset]
> [ERROR]   in org.apache.tika.io.IOUtils (IOUtils.java:395)
> [ERROR] Forbidden method invocation: java.lang.String#<init>(byte[]) [Uses 
> default charset]
> [ERROR]   in org.apache.tika.io.IOUtils (IOUtils.java:416)
> [ERROR] Forbidden method invocation: 
> java.io.InputStreamReader#<init>(java.io.InputStream) [Uses default charset]
> [ERROR]   in org.apache.tika.io.IOUtils (IOUtils.java:438)
> [ERROR] Forbidden method invocation: java.lang.String#getBytes() [Uses 
> default charset]
> [ERROR]   in org.apache.tika.io.IOUtils (IOUtils.java:532)
> [ERROR] Forbidden method invocation: java.lang.String#getBytes() [Uses 
> default charset]
> [ERROR]   in org.apache.tika.io.IOUtils (IOUtils.java:550)
> [ERROR] Forbidden method invocation: java.lang.String#<init>(byte[]) [Uses 
> default charset]
> [ERROR]   in org.apache.tika.io.IOUtils (IOUtils.java:588)
> [ERROR] Forbidden method invocation: java.lang.String#getBytes() [Uses 
> default charset]
> [ERROR]   in org.apache.tika.io.IOUtils (IOUtils.java:656)
> [ERROR] Forbidden method invocation: java.lang.String#getBytes() [Uses 
> default charset]
> [ERROR]   in org.apache.tika.io.IOUtils (IOUtils.java:782)
> [ERROR] Forbidden method invocation: java.lang.String#getBytes() [Uses 
> default charset]
> [ERROR]   in org.apache.tika.io.IOUtils (IOUtils.java:851)
> [ERROR] Forbidden method invocation: 
> java.io.InputStreamReader#<init>(java.io.InputStream) [Uses default charset]
> [ERROR]   in org.apache.tika.io.IOUtils (IOUtils.java:957)
> [ERROR] Forbidden method invocation: 
> java.io.OutputStreamWriter#<init>(java.io.OutputStream) [Uses default charset]
> [ERROR]   in org.apache.tika.io.IOUtils (IOUtils.java:1064)
> [ERROR] Forbidden method invocation: 
> java.io.OutputStreamWriter#<init>(java.io.OutputStream) [Uses default charset]
> [ERROR]   in org.apache.tika.sax.WriteOutContentHandler 
> (WriteOutContentHandler.java:93)
> [ERROR] Forbidden method invocation: 
> java.io.InputStreamReader#<init>(java.io.InputStream) [Uses default charset]
> [ERROR]   in org.apache.tika.parser.external.ExternalParser 
> (ExternalParser.java:234)
> [ERROR] Forbidden method invocation: 
> java.io.InputStreamReader#<init>(java.io.InputStream) [Uses default charset]
> [ERROR]   in org.apache.tika.parser.external.ExternalParser$3 
> (ExternalParser.java:294)
> [ERROR] Forbidden method invocation: 
> java.util.Calendar#getInstance(java.util.Locale) [Uses default locale or time 
> zone]
> [ERROR]   in org.apache.tika.utils.DateUtils (DateUtils.java:83)
> [ERROR] Forbidden method invocation: 
> java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default 
> locale]
> [ERROR]   in org.apache.tika.utils.DateUtils (DateUtils.java:91)
> [ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses 
> default locale]
> [ERROR]   in org.apache.tika.detect.MagicDetector (MagicDetector.java:98)
> [ERROR] Forbidden method invocation: java.lang.String#getBytes() [Uses 
> default charset]
> [ERROR]   in org.apache.tika.detect.MagicDetector (MagicDetector.java:100)
> [ERROR] Forbidden method invocation: java.lang.String#<init>(byte[]) [Uses 
> default charset]
> [ERROR]   in org.apache.tika.detect.MagicDetector (MagicDetector.java:396)
> [ERROR] Forbidden method invocation: 
> java.io.OutputStreamWriter#<init>(java.io.OutputStream) [Uses default charset]
> [ERROR]   in org.apache.tika.sax.ToTextContentHandler 
> (ToTextContentHandler.java:60)
> [ERROR] Scanned 225 (and 356 related) class file(s) for forbidden API 
> invocations (in 0.42s), 23 error(s).
> {noformat}
> We should fix those problems.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to