[
https://issues.apache.org/jira/browse/TIKA-2731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16624138#comment-16624138
]
ASF GitHub Bot commented on TIKA-2731:
--------------------------------------
tballison closed pull request #250: fix for TIKA-2731 contributed by @jkakavas
URL: https://github.com/apache/tika/pull/250
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/tika-core/src/main/java/org/apache/tika/utils/XMLReaderUtils.java
b/tika-core/src/main/java/org/apache/tika/utils/XMLReaderUtils.java
index 0069a9a22..4ccdad485 100644
--- a/tika-core/src/main/java/org/apache/tika/utils/XMLReaderUtils.java
+++ b/tika-core/src/main/java/org/apache/tika/utils/XMLReaderUtils.java
@@ -80,14 +80,13 @@
private static int MAX_ENTITY_EXPANSIONS = determineMaxEntityExpansions();
private static int determineMaxEntityExpansions() {
- Properties properties = System.getProperties();
- if (properties != null &&
properties.containsKey(JAXP_ENTITY_EXPANSION_LIMIT_KEY)) {
+ String expansionLimit =
System.getProperty(JAXP_ENTITY_EXPANSION_LIMIT_KEY);
+ if (expansionLimit != null) {
try {
- return
Integer.parseInt(properties.getProperty(JAXP_ENTITY_EXPANSION_LIMIT_KEY));
+ return Integer.parseInt(expansionLimit);
} catch (NumberFormatException e) {
- LOG.log(Level.WARNING, "Couldn't parse an integer for the
entity expansion limit:"+
-
properties.getProperty(JAXP_ENTITY_EXPANSION_LIMIT_KEY)+
- "; backing off to default:
"+DEFAULT_MAX_ENTITY_EXPANSIONS);
+ LOG.log(Level.WARNING, "Couldn't parse an integer for the
entity expansion limit:" + expansionLimit +
+ "; backing off to default: " +
DEFAULT_MAX_ENTITY_EXPANSIONS);
}
}
return DEFAULT_MAX_ENTITY_EXPANSIONS;
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Unecessary call to System.getProperties() in XMLReaderUtils
> -----------------------------------------------------------
>
> Key: TIKA-2731
> URL: https://issues.apache.org/jira/browse/TIKA-2731
> Project: Tika
> Issue Type: Improvement
> Components: core
> Affects Versions: 1.19
> Reporter: Ioannis Kakavas
> Assignee: Tim Allison
> Priority: Major
> Fix For: 1.20
>
>
> As part of the changes introduced in [1.19
> |https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63]
> determineMaxEntityExpansions needs to read the jdk.xml.entityExpansionLimit
> System Property in order to overwrite the default value of 20, if it is set.
> This is however by reading all System Properties with System.getProperties()
> and attempting to find the relevant key in the properties Object. The issue
> with this approach is that getProperties() requires
> {noformat}java.util.PropertyPermission "*", "read,write"{noformat}
> which is overly permissive.
> A more sane approach, following the least privilege design principal would be
> to use System.getProperty() for the specific property that only requires
> {noformat}java.util.PropertyPermission "jdk.xml.entityExpansionLimit",
> "read"{noformat}
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
