You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tika.apache.org by "Tim Allison (JIRA)" <ji...@apache.org> on 2018/09/21 14:57:00 UTC
[jira] [Assigned] (TIKA-2731) Unecessary call to
System.getProperties() in XMLReaderUtils
[ https://issues.apache.org/jira/browse/TIKA-2731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tim Allison reassigned TIKA-2731:
---------------------------------
Assignee: Tim Allison
> Unecessary call to System.getProperties() in XMLReaderUtils
> -----------------------------------------------------------
>
> Key: TIKA-2731
> URL: https://issues.apache.org/jira/browse/TIKA-2731
> Project: Tika
> Issue Type: Improvement
> Components: core
> Affects Versions: 1.19
> Reporter: Ioannis Kakavas
> Assignee: Tim Allison
> Priority: Major
> Fix For: 1.20
>
>
> As part of the changes introduced in [1.19 |https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63] determineMaxEntityExpansions needs to read the jdk.xml.entityExpansionLimit System Property in order to overwrite the default value of 20, if it is set.
> This is however by reading all System Properties with System.getProperties() and attempting to find the relevant key in the properties Object. The issue with this approach is that getProperties() requires
> {noformat}java.util.PropertyPermission "*", "read,write"{noformat}
> which is overly permissive.
> A more sane approach, following the least privilege design principal would be to use System.getProperty() for the specific property that only requires
> {noformat}java.util.PropertyPermission "jdk.xml.entityExpansionLimit", "read"{noformat}
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)