[Bug 60153] [PATCH] Use ZipEntrySource in SXSSF module
https://bz.apache.org/bugzilla/show_bug.cgi?id=60153 --- Comment #11 from PJ Fanning --- Hi Javen, I can look at putting together some doc and related sample code. Could take a few days. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 60153] [PATCH] Use ZipEntrySource in SXSSF module
https://bz.apache.org/bugzilla/show_bug.cgi?id=60153 --- Comment #10 from Javen O'Neal --- Would you be interested in writing a few sentences to add to the Encryption documentation https://poi.apache.org/encryption.html The documentation source lives here: https://svn.apache.org/viewvc/poi/site/src/documentation/content/xdocs/encryption.xml?view=log -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 60153] [PATCH] Use ZipEntrySource in SXSSF module
https://bz.apache.org/bugzilla/show_bug.cgi?id=60153 Javen O'Neal changed: What|Removed |Added Status|NEEDINFO|RESOLVED Resolution|--- |FIXED --- Comment #9 from Javen O'Neal --- Thanks for the prompt patches! Applied in r1763969. If you have any other unit tests you would like to add, please reopen this bug. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 60153] [PATCH] Use ZipEntrySource in SXSSF module
https://bz.apache.org/bugzilla/show_bug.cgi?id=60153 Javen O'Neal changed: What|Removed |Added Attachment #34346|0 |1 is patch|| -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 60153] [PATCH] Use ZipEntrySource in SXSSF module
https://bz.apache.org/bugzilla/show_bug.cgi?id=60153 --- Comment #8 from PJ Fanning --- Created attachment 34346 --> https://bz.apache.org/bugzilla/attachment.cgi?id=34346&action=edit Extra test cases for encrypted temp data -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 60153] [PATCH] Use ZipEntrySource in SXSSF module
https://bz.apache.org/bugzilla/show_bug.cgi?id=60153 --- Comment #7 from PJ Fanning --- (In reply to Javen O'Neal from comment #6) > 3. Can you write a unit test that demonstrates that temporary files created > by SXSSFWorkbook are encrypted? Thanks Javen. I can look at the 3 topics you highlighted and I can attach a new patch file over the coming days. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 60153] [PATCH] Use ZipEntrySource in SXSSF module
https://bz.apache.org/bugzilla/show_bug.cgi?id=60153 --- Comment #6 from Javen O'Neal --- 3. Can you write a unit test that demonstrates that temporary files created by SXSSFWorkbook are encrypted? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 60153] [PATCH] Use ZipEntrySource in SXSSF module
https://bz.apache.org/bugzilla/show_bug.cgi?id=60153 Javen O'Neal changed: What|Removed |Added Attachment #34284|0 |1 is obsolete|| Attachment #34284|0 |1 is patch|| -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 60153] [PATCH] Use ZipEntrySource in SXSSF module
https://bz.apache.org/bugzilla/show_bug.cgi?id=60153 Javen O'Neal changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #5 from Javen O'Neal --- I am assuming a lazy consensus that there are no security issues with this implementation. Most of the crypto code has been around in TestSecureTempZip for a while anyway. This patch just makes that code available to developers by moving it into the main library. I applied your patch from comment 4 with a one minor change in r1763943. 1. provide protected or public accessor methods rather than elevating visibility of private variables. This gives us more freedom in the future to consolidate code between HSSF, XSSF, and SXSSF. Remaining questions: 1. In AesZipFileZipEntrySource, should the close method do nothing if the object has already been closed (guard the code with an if (closed)? 2. TestSecureTempZip demonstrates how to read an AES-encrypted XSSFWorkbook and TestSXSSFWorkbookWithCustomZipEntrySource demonstrates how to write an SXSSFWorkbook using encrypted temporary files, but we don't have an example for writing an SXSSFWorkbook where both temporary files and the saved workbook are AES-encrypted. Would you be willing to provide a code example or unit test for this? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 60153] [PATCH] Use ZipEntrySource in SXSSF module
https://bz.apache.org/bugzilla/show_bug.cgi?id=60153 Javen O'Neal changed: What|Removed |Added Attachment #34286|0 |1 is patch|| Attachment #34286|application/mbox|text/plain mime type|| -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 60153] [PATCH] Use ZipEntrySource in SXSSF module
https://bz.apache.org/bugzilla/show_bug.cgi?id=60153 --- Comment #4 from PJ Fanning --- Created attachment 34286 --> https://bz.apache.org/bugzilla/attachment.cgi?id=34286&action=edit [PATCH] open up SXSSF classes so that they can be subclassed updated patch based on Javen's commit and tidied up some issues -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 60153] [PATCH] Use ZipEntrySource in SXSSF module
https://bz.apache.org/bugzilla/show_bug.cgi?id=60153 --- Comment #3 from Javen O'Neal --- The patch from comment 2 looks good to me, including the relevant unit tests :) I committed SXSSFWorkbook#flushSheets() to get the ball rolling in r1761668. Can someone else review this patch to make sure this implementation doesn't write unencrypted data to disk and is unlikely to be the source of a security vulnerability? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 60153] [PATCH] Use ZipEntrySource in SXSSF module
https://bz.apache.org/bugzilla/show_bug.cgi?id=60153 PJ Fanning changed: What|Removed |Added Summary|Use ZipEntrySource in SXSSF |[PATCH] Use ZipEntrySource |module |in SXSSF module -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org