You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tika.apache.org by "Fabian Lange (Created) (JIRA)" <ji...@apache.org> on 2012/01/01 17:05:30 UTC
[jira] [Created] (TIKA-838) EmptyParser Singleton should be final
EmptyParser Singleton should be final
-------------------------------------
Key: TIKA-838
URL: https://issues.apache.org/jira/browse/TIKA-838
Project: Tika
Issue Type: Sub-task
Components: general
Reporter: Fabian Lange
Currently the Singleton EmptyParser is not a robust singleton. Other Code could possibly exchange it, as it is not marked final.
This might pose a security risk.
Additionally, because the value is not final, the JVM cannot optimize it.
Attached patch adds the final attribute.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (TIKA-838) EmptyParser Singleton should be final
Posted by "Fabian Lange (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TIKA-838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13178876#comment-13178876 ]
Fabian Lange commented on TIKA-838:
-----------------------------------
Hi Nick,
clirr is correct. The public API currently is that every client can write to this field.
But clients currently doing so are possibly dangerous to others in a shared classpath environment. This is a singleton (at least according to the comment :-)) and it should be coded as this: final.
But if you cant break broken backwards compatibility, then this cannot be fixed.
Let me know if I can do something about it. Otherwise feel also free to close this ticket.
Fabian
> EmptyParser Singleton should be final
> -------------------------------------
>
> Key: TIKA-838
> URL: https://issues.apache.org/jira/browse/TIKA-838
> Project: Tika
> Issue Type: Sub-task
> Components: general
> Reporter: Fabian Lange
> Attachments: EmptyParser.java.patch
>
>
> Currently the Singleton EmptyParser is not a robust singleton. Other Code could possibly exchange it, as it is not marked final.
> This might pose a security risk.
> Additionally, because the value is not final, the JVM cannot optimize it.
> Attached patch adds the final attribute.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (TIKA-838) EmptyParser Singleton should be final
Posted by "Jukka Zitting (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TIKA-838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jukka Zitting resolved TIKA-838.
--------------------------------
Resolution: Fixed
Fix Version/s: 1.1
Assignee: Jukka Zitting
I suppose in this case it's fine for us to break strict binary backwards compatiblity, as no sane client should be modifying EmptyParser.INSTANCE in the first place.
Thus I committed the patch in revision 1226904 with an exclude setting to make clirr ignore the EmptyParser class.
Resolving as fixed. Thanks!
> EmptyParser Singleton should be final
> -------------------------------------
>
> Key: TIKA-838
> URL: https://issues.apache.org/jira/browse/TIKA-838
> Project: Tika
> Issue Type: Sub-task
> Components: general
> Reporter: Fabian Lange
> Assignee: Jukka Zitting
> Fix For: 1.1
>
> Attachments: EmptyParser.java.patch
>
>
> Currently the Singleton EmptyParser is not a robust singleton. Other Code could possibly exchange it, as it is not marked final.
> This might pose a security risk.
> Additionally, because the value is not final, the JVM cannot optimize it.
> Attached patch adds the final attribute.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (TIKA-838) EmptyParser Singleton should be final
Posted by "Nick Burch (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TIKA-838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13178637#comment-13178637 ]
Nick Burch commented on TIKA-838:
---------------------------------
This breaks the CLIRR check, so I'll have to defer to someone else on the right solution for this patch
> EmptyParser Singleton should be final
> -------------------------------------
>
> Key: TIKA-838
> URL: https://issues.apache.org/jira/browse/TIKA-838
> Project: Tika
> Issue Type: Sub-task
> Components: general
> Reporter: Fabian Lange
> Attachments: EmptyParser.java.patch
>
>
> Currently the Singleton EmptyParser is not a robust singleton. Other Code could possibly exchange it, as it is not marked final.
> This might pose a security risk.
> Additionally, because the value is not final, the JVM cannot optimize it.
> Attached patch adds the final attribute.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (TIKA-838) EmptyParser Singleton should be final
Posted by "Fabian Lange (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TIKA-838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Fabian Lange updated TIKA-838:
------------------------------
Attachment: EmptyParser.java.patch
> EmptyParser Singleton should be final
> -------------------------------------
>
> Key: TIKA-838
> URL: https://issues.apache.org/jira/browse/TIKA-838
> Project: Tika
> Issue Type: Sub-task
> Components: general
> Reporter: Fabian Lange
> Attachments: EmptyParser.java.patch
>
>
> Currently the Singleton EmptyParser is not a robust singleton. Other Code could possibly exchange it, as it is not marked final.
> This might pose a security risk.
> Additionally, because the value is not final, the JVM cannot optimize it.
> Attached patch adds the final attribute.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira