You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tika.apache.org by "Fabian Lange (Created) (JIRA)" <ji...@apache.org> on 2012/01/01 17:05:30 UTC

[jira] [Created] (TIKA-838) EmptyParser Singleton should be final

EmptyParser Singleton should be final
-------------------------------------

                 Key: TIKA-838
                 URL: https://issues.apache.org/jira/browse/TIKA-838
             Project: Tika
          Issue Type: Sub-task
          Components: general
            Reporter: Fabian Lange


Currently the Singleton EmptyParser is not a robust singleton. Other Code could possibly exchange it, as it is not marked final.
This might pose a security risk.
Additionally, because the value is not final, the JVM cannot optimize it.
Attached patch adds the final attribute.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (TIKA-838) EmptyParser Singleton should be final

Posted by "Fabian Lange (Commented) (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/TIKA-838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13178876#comment-13178876 ] 

Fabian Lange commented on TIKA-838:
-----------------------------------

Hi Nick, 
clirr is correct. The public API currently is that every client can write to this field.
But clients currently doing so are possibly dangerous to others in a shared classpath environment. This is a singleton (at least according to the comment :-)) and it should be coded as this: final.

But if you cant break broken backwards compatibility, then this cannot be fixed.
Let me know if I can do something about it. Otherwise feel also free to close this ticket.

Fabian
                
> EmptyParser Singleton should be final
> -------------------------------------
>
>                 Key: TIKA-838
>                 URL: https://issues.apache.org/jira/browse/TIKA-838
>             Project: Tika
>          Issue Type: Sub-task
>          Components: general
>            Reporter: Fabian Lange
>         Attachments: EmptyParser.java.patch
>
>
> Currently the Singleton EmptyParser is not a robust singleton. Other Code could possibly exchange it, as it is not marked final.
> This might pose a security risk.
> Additionally, because the value is not final, the JVM cannot optimize it.
> Attached patch adds the final attribute.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (TIKA-838) EmptyParser Singleton should be final

Posted by "Jukka Zitting (Resolved) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/TIKA-838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jukka Zitting resolved TIKA-838.
--------------------------------

       Resolution: Fixed
    Fix Version/s: 1.1
         Assignee: Jukka Zitting

I suppose in this case it's fine for us to break strict binary backwards compatiblity, as no sane client should be modifying EmptyParser.INSTANCE in the first place.

Thus I committed the patch in revision 1226904 with an exclude setting to make clirr ignore the EmptyParser class.

Resolving as fixed. Thanks!
                
> EmptyParser Singleton should be final
> -------------------------------------
>
>                 Key: TIKA-838
>                 URL: https://issues.apache.org/jira/browse/TIKA-838
>             Project: Tika
>          Issue Type: Sub-task
>          Components: general
>            Reporter: Fabian Lange
>            Assignee: Jukka Zitting
>             Fix For: 1.1
>
>         Attachments: EmptyParser.java.patch
>
>
> Currently the Singleton EmptyParser is not a robust singleton. Other Code could possibly exchange it, as it is not marked final.
> This might pose a security risk.
> Additionally, because the value is not final, the JVM cannot optimize it.
> Attached patch adds the final attribute.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (TIKA-838) EmptyParser Singleton should be final

Posted by "Nick Burch (Commented) (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/TIKA-838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13178637#comment-13178637 ] 

Nick Burch commented on TIKA-838:
---------------------------------

This breaks the CLIRR check, so I'll have to defer to someone else on the right solution for this patch
                
> EmptyParser Singleton should be final
> -------------------------------------
>
>                 Key: TIKA-838
>                 URL: https://issues.apache.org/jira/browse/TIKA-838
>             Project: Tika
>          Issue Type: Sub-task
>          Components: general
>            Reporter: Fabian Lange
>         Attachments: EmptyParser.java.patch
>
>
> Currently the Singleton EmptyParser is not a robust singleton. Other Code could possibly exchange it, as it is not marked final.
> This might pose a security risk.
> Additionally, because the value is not final, the JVM cannot optimize it.
> Attached patch adds the final attribute.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (TIKA-838) EmptyParser Singleton should be final

Posted by "Fabian Lange (Updated) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/TIKA-838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Fabian Lange updated TIKA-838:
------------------------------

    Attachment: EmptyParser.java.patch
    
> EmptyParser Singleton should be final
> -------------------------------------
>
>                 Key: TIKA-838
>                 URL: https://issues.apache.org/jira/browse/TIKA-838
>             Project: Tika
>          Issue Type: Sub-task
>          Components: general
>            Reporter: Fabian Lange
>         Attachments: EmptyParser.java.patch
>
>
> Currently the Singleton EmptyParser is not a robust singleton. Other Code could possibly exchange it, as it is not marked final.
> This might pose a security risk.
> Additionally, because the value is not final, the JVM cannot optimize it.
> Attached patch adds the final attribute.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira