Author: jukka
Date: Mon Nov 30 01:48:45 2009
New Revision: 885311
URL: http://svn.apache.org/viewvc?rev=885311&view=rev
Log:
TIKA-329: secure-processing not supported by some JAXP implementations (2)
Patch by Julien Nioche
Modified:
lucene/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/epub/EpubContentParser.java
lucene/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/odf/OpenDocumentContentParser.java
Modified:
lucene/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/epub/EpubContentParser.java
URL:
http://svn.apache.org/viewvc/lucene/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/epub/EpubContentParser.java?rev=885311&r1=885310&r2=885311&view=diff
==============================================================================
---
lucene/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/epub/EpubContentParser.java
(original)
+++
lucene/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/epub/EpubContentParser.java
Mon Nov 30 01:48:45 2009
@@ -33,6 +33,7 @@
import org.apache.tika.sax.XHTMLContentHandler;
import org.xml.sax.ContentHandler;
import org.xml.sax.SAXException;
+import org.xml.sax.SAXNotRecognizedException;
/**
* Parser for EPUB OPS <code>*.html</code> files.
@@ -52,7 +53,14 @@
SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setValidating(false);
factory.setNamespaceAware(true);
- factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ try {
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
true);
+ } catch (SAXNotRecognizedException e) {
+ // TIKA-329: Some XML parsers do not support the
secure-processing
+ // feature, even though it's required by JAXP in Java 5.
Ignoring
+ // the exception is fine here, deployments without this feature
+ // are inherently vulnerable to XML denial-of-service attacks.
+ }
SAXParser parser = factory.newSAXParser();
parser.parse(
new CloseShieldInputStream(stream),
Modified:
lucene/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/odf/OpenDocumentContentParser.java
URL:
http://svn.apache.org/viewvc/lucene/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/odf/OpenDocumentContentParser.java?rev=885311&r1=885310&r2=885311&view=diff
==============================================================================
---
lucene/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/odf/OpenDocumentContentParser.java
(original)
+++
lucene/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/odf/OpenDocumentContentParser.java
Mon Nov 30 01:48:45 2009
@@ -42,6 +42,7 @@
import org.xml.sax.Attributes;
import org.xml.sax.ContentHandler;
import org.xml.sax.SAXException;
+import org.xml.sax.SAXNotRecognizedException;
import org.xml.sax.helpers.DefaultHandler;
/**
@@ -316,7 +317,14 @@
SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setValidating(false);
factory.setNamespaceAware(true);
- factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ try {
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
true);
+ } catch (SAXNotRecognizedException e){
+ // TIKA-329: Some XML parsers do not support the
secure-processing
+ // feature, even though it's required by JAXP in Java 5.
Ignoring
+ // the exception is fine here, deployments without this feature
+ // are inherently vulnerable to XML denial-of-service attacks.
+ }
SAXParser parser = factory.newSAXParser();
parser.parse(
new CloseShieldInputStream(stream),
