This is an automated email from the ASF dual-hosted git repository.
tallison pushed a commit to branch branch_1x
in repository https://gitbox.apache.org/repos/asf/tika.git
commit 4fdc51a40bf9532d7db57d0b08c1aec3931468ad
Author: tballison <talli...@mitre.org>
AuthorDate: Mon Apr 16 12:28:34 2018 -0400
followup fix
---
.../apache/tika/server/resource/TikaResource.java | 22 ++++++++++++++--------
.../org/apache/tika/server/TikaResourceTest.java | 13 +++++++++++++
2 files changed, 27 insertions(+), 8 deletions(-)
diff --git
a/tika-server/src/main/java/org/apache/tika/server/resource/TikaResource.java
b/tika-server/src/main/java/org/apache/tika/server/resource/TikaResource.java
index 2becf07..d8795f7 100644
---
a/tika-server/src/main/java/org/apache/tika/server/resource/TikaResource.java
+++
b/tika-server/src/main/java/org/apache/tika/server/resource/TikaResource.java
@@ -198,20 +198,26 @@ public class TikaResource {
try {
String property = StringUtils.removeStart(key, prefix);
+ Field field = null;
+ try {
+
object.getClass().getDeclaredField(StringUtils.uncapitalize(property));
+ } catch (NoSuchFieldException e) {
+ //swallow
+ }
String setter = property;
setter =
"set"+setter.substring(0,1).toUpperCase(Locale.US)+setter.substring(1);
- Field field =
object.getClass().getDeclaredField(StringUtils.uncapitalize(property));
//default assume string class
//if there's a more specific type, e.g. double, int, boolean
//try that.
Class clazz = String.class;
-
- if (field.getType() == int.class) {
- clazz = int.class;
- } else if (field.getType() == double.class) {
- clazz = double.class;
- } else if (field.getType() == boolean.class) {
- clazz = boolean.class;
+ if (field != null) {
+ if (field.getType() == int.class) {
+ clazz = int.class;
+ } else if (field.getType() == double.class) {
+ clazz = double.class;
+ } else if (field.getType() == boolean.class) {
+ clazz = boolean.class;
+ }
}
Method m = tryToGetMethod(object, setter, clazz);
diff --git
a/tika-server/src/test/java/org/apache/tika/server/TikaResourceTest.java
b/tika-server/src/test/java/org/apache/tika/server/TikaResourceTest.java
index 9e624f8..bd86fd8 100644
--- a/tika-server/src/test/java/org/apache/tika/server/TikaResourceTest.java
+++ b/tika-server/src/test/java/org/apache/tika/server/TikaResourceTest.java
@@ -301,4 +301,17 @@ public class TikaResourceTest extends CXFTestBase {
.put(ClassLoader.getSystemResourceAsStream("testOCR.pdf"));
assertEquals(200, response.getStatus());
}
+
+ @Test
+ public void testTrustedMethodPrevention() {
+ Response response = WebClient.create(endPoint + TIKA_PATH)
+ .type("application/pdf")
+ .accept("text/plain")
+ .header(TikaResource.X_TIKA_OCR_HEADER_PREFIX +
+ "trustedPageSeparator",
+ "\u0010")
+ .put(ClassLoader.getSystemResourceAsStream("testOCR.pdf"));
+ assertEquals(500, response.getStatus());
+
+ }
}
--
To stop receiving notification emails like this one, please contact
talli...@apache.org.
