|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.xml.sax.helpers.DefaultHandler org.apache.tika.sax.ContentHandlerDecorator org.apache.tika.sax.SecureContentHandler
public class SecureContentHandler
Content handler decorator that attempts to prevent denial of service attacks against Tika parsers.
Currently this class simply compares the number of output characters to to the number of input bytes, and throws an exception if the output is truly excessive when compared to the input. This is a strong indication of a zip bomb.
Constructor Summary | |
---|---|
SecureContentHandler(org.xml.sax.ContentHandler handler,
CountingInputStream stream)
Decorates the given content handler with zip bomb prevention based on the count of bytes read from the given counting input stream. |
Method Summary | |
---|---|
void |
characters(char[] ch,
int start,
int length)
|
long |
getMaximumCompressionRatio()
Returns the maximum compression ratio. |
long |
getOutputThreshold()
Returns the configured output threshold. |
void |
ignorableWhitespace(char[] ch,
int start,
int length)
|
void |
setMaximumCompressionRatio(long ratio)
Sets the ratio between output characters and input bytes. |
void |
setOutputThreshold(long threshold)
Sets the threshold for output characters before the zip bomb prevention is activated. |
void |
throwIfCauseOf(org.xml.sax.SAXException e)
Converts the given SAXException to a corresponding
TikaException if it's caused by this instance detecting
a zip bomb. |
Methods inherited from class org.apache.tika.sax.ContentHandlerDecorator |
---|
endDocument, endElement, endPrefixMapping, handleException, processingInstruction, setDocumentLocator, skippedEntity, startDocument, startElement, startPrefixMapping, toString |
Methods inherited from class org.xml.sax.helpers.DefaultHandler |
---|
error, fatalError, notationDecl, resolveEntity, unparsedEntityDecl, warning |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Constructor Detail |
---|
public SecureContentHandler(org.xml.sax.ContentHandler handler, CountingInputStream stream)
handler
- the content handler to be decoratedstream
- the input stream to be parsed, wrapped into
a CountingInputStream
decoratorMethod Detail |
---|
public long getOutputThreshold()
public void setOutputThreshold(long threshold)
threshold
- new output thresholdpublic long getMaximumCompressionRatio()
public void setMaximumCompressionRatio(long ratio)
ratio
- new maximum compression ratiopublic void throwIfCauseOf(org.xml.sax.SAXException e) throws TikaException
SAXException
to a corresponding
TikaException
if it's caused by this instance detecting
a zip bomb.
e
- SAX exception
TikaException
- zip bomb exceptionpublic void characters(char[] ch, int start, int length) throws org.xml.sax.SAXException
characters
in interface org.xml.sax.ContentHandler
characters
in class ContentHandlerDecorator
org.xml.sax.SAXException
public void ignorableWhitespace(char[] ch, int start, int length) throws org.xml.sax.SAXException
ignorableWhitespace
in interface org.xml.sax.ContentHandler
ignorableWhitespace
in class ContentHandlerDecorator
org.xml.sax.SAXException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |