Backups/TwelveMonkeys
2
0
Fork 0
mirror of https://github.com/haraldk/TwelveMonkeys.git synced 2025-08-05 04:25:29 -04:00
Code Issues Projects Releases Wiki Activity

#526 Incorporating review comments

Browse Source 
* renaming accessors
* changing the default to disallow external resources
* introduced system-property for backwards compatibility
* honor system-property (if present) and SVGReadParams.isAllowExternalResources hasn't been called
  (as against ignoring system-property and reverting to 'block-by-default' if SVGReadParams.isAllowExternalResources invoked)
* added + updated test cases
This commit is contained in:
Ashish Chopra 2020-03-24 18:40:01 +05:30
parent 7bf99fb496
commit 872523b0f0
3 changed files with 97 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
imageio/imageio-batik/src/main/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReader.java
View File

@ -79,8 +79,12 @@ import java.util.Map;
* @see <A href="http://www.mail-archive.com/batik-dev@xml.apache.org/msg00992.html">batik-dev</A>
*/
public class SVGImageReader extends ImageReaderBase {
static String ALLOW_EXTERNAL_RESOURCES_SYSTEM_PROP = "com.twelvemonkeys.imageio.plugins.svg.allowexternalresources";
private Rasterizer rasterizer;
private boolean allowExternalResources;
private boolean allowExternalResources =
"true".equalsIgnoreCase(System.getProperty(ALLOW_EXTERNAL_RESOURCES_SYSTEM_PROP));
/**
* Creates an {@code SVGImageReader}.
@ -89,7 +93,6 @@ public class SVGImageReader extends ImageReaderBase {
*/
public SVGImageReader(final ImageReaderSpi pProvider) {
super(pProvider);
allowExternalResources = true;
}
protected void resetMembers() {
@ -119,7 +122,7 @@ public class SVGImageReader extends ImageReaderBase {
SVGReadParam svgParam = (SVGReadParam) pParam;
// set the external-resource-resolution preference
allowExternalResources = svgParam.shouldAllowExternalResources();
allowExternalResources = svgParam.isAllowExternalResources();
// Get the base URI
// This must be done before converting the params to hints

18
imageio/imageio-batik/src/main/java/com/twelvemonkeys/imageio/plugins/svg/SVGReadParam.java
View File

@ -41,11 +41,11 @@ import java.awt.*;
public class SVGReadParam extends ImageReadParam {
private Paint background;
private String baseURI;
private boolean allowExternalResources;
private boolean allowExternalResources = false;
private boolean isAllowExternalResourcesSetExplicitly = false;
public SVGReadParam() {
super();
allowExternalResources = true;
}
public Paint getBackgroundColor() {
@ -64,12 +64,18 @@ public class SVGReadParam extends ImageReadParam {
baseURI = pBaseURI;
}
public void allowExternalResources(boolean bAllow) {
allowExternalResources = bAllow;
public void setAllowExternalResources(boolean allow) {
allowExternalResources = allow;
isAllowExternalResourcesSetExplicitly = true;
}
public boolean shouldAllowExternalResources() {
return allowExternalResources;
public boolean isAllowExternalResources() {
if (isAllowExternalResourcesSetExplicitly) {
return allowExternalResources;
} else {
// prefer the explicitly set value if invoked, read the system prop as a fallback if it wasn't
return "true".equals(System.getProperty(SVGImageReader.ALLOW_EXTERNAL_RESOURCES_SYSTEM_PROP));
}
}
@Override

119
imageio/imageio-batik/src/test/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderTest.java
View File

@ -228,6 +228,7 @@ public class SVGImageReaderTest extends ImageReaderAbstractTest<SVGImageReader>
reader.addIIOReadWarningListener(listener);
SVGReadParam param = reader.getDefaultReadParam();
param.setAllowExternalResources(true);
param.setBaseURI(resource.toURI().toASCIIString());
BufferedImage image = reader.read(0, param);
@ -244,71 +245,82 @@ public class SVGImageReaderTest extends ImageReaderAbstractTest<SVGImageReader>
}
@Test
public void testEmbeddedBeforeBaseURI() throws URISyntaxException, IOException {
public void testEmbeddedBeforeBaseURI_withSystemProperty() throws URISyntaxException, IOException {
// Asking for metadata, width, height etc, before attempting to read using a param,
// will cause the document to be parsed without a base URI.
// This will work, but may not use the CSS...
// since the param is not available before the read operation is invoked,
// this test-case MUST use the system-property for backwards compatibility
URL resource = getClassLoaderResource("/svg/barChart.svg");
SVGImageReader reader = createReader();
try {
System.setProperty("com.twelvemonkeys.imageio.plugins.svg.allowexternalresources", "true");
SVGImageReader reader = createReader();
TestData data = new TestData(resource, (Dimension) null);
try (ImageInputStream stream = data.getInputStream()) {
reader.setInput(stream);
TestData data = new TestData(resource, (Dimension) null);
try (ImageInputStream stream = data.getInputStream()) {
reader.setInput(stream);
IIOReadWarningListener listener = mock(IIOReadWarningListener.class);
reader.addIIOReadWarningListener(listener);
IIOReadWarningListener listener = mock(IIOReadWarningListener.class);
reader.addIIOReadWarningListener(listener);
assertEquals(450, reader.getWidth(0));
assertEquals(500, reader.getHeight(0));
assertEquals(450, reader.getWidth(0));
assertEquals(500, reader.getHeight(0));
// Expect the warning about the missing CSS
verify(listener, atMost(1)).warningOccurred(any(ImageReader.class), anyString());
reset(listener);
// Expect the warning about the missing CSS
verify(listener, atMost(1)).warningOccurred(any(ImageReader.class), anyString());
reset(listener);
SVGReadParam param = reader.getDefaultReadParam();
param.setBaseURI(resource.toURI().toASCIIString());
BufferedImage image = reader.read(0, param);
SVGReadParam param = reader.getDefaultReadParam();
param.setBaseURI(resource.toURI().toASCIIString());
BufferedImage image = reader.read(0, param);
assertNotNull(image);
assertEquals(450, image.getWidth());
assertEquals(500, image.getHeight());
assertNotNull(image);
assertEquals(450, image.getWidth());
assertEquals(500, image.getHeight());
// No more warnings now that the base URI is set
verifyZeroInteractions(listener);
}
finally {
reader.dispose();
// No more warnings now that the base URI is set
verifyZeroInteractions(listener);
}
finally {
reader.dispose();
}
} finally {
System.clearProperty("com.twelvemonkeys.imageio.plugins.svg.allowexternalresources");
}
}
@Test
public void testEmbeddedNoBaseURI() throws IOException {
public void testEmbeddedNoBaseURI_withSystemProperty() throws IOException {
// With no base URI, we will throw an exception, about the missing embedded resource
URL resource = getClassLoaderResource("/svg/barChart.svg");
SVGImageReader reader = createReader();
try {
System.setProperty("com.twelvemonkeys.imageio.plugins.svg.allowexternalresources", "true");
TestData data = new TestData(resource, (Dimension) null);
try (ImageInputStream stream = data.getInputStream()) {
reader.setInput(stream);
SVGImageReader reader = createReader();
BufferedImage image = reader.read(0);
TestData data = new TestData(resource, (Dimension) null);
try (ImageInputStream stream = data.getInputStream()) {
reader.setInput(stream);
assertNotNull(image);
assertEquals(450, image.getWidth());
assertEquals(500, image.getHeight());
}
catch (IIOException allowed) {
assertTrue(allowed.getMessage().contains("batikLogo.svg")); // The embedded resource we don't find
}
finally {
reader.dispose();
reader.read(0);
assertTrue("reader.read should've thrown an exception, but didn't", false);
}
catch (IIOException allowed) {
assertTrue(allowed.getMessage().contains("batikLogo.svg")); // The embedded resource we don't find
}
finally {
reader.dispose();
}
} finally {
System.clearProperty("com.twelvemonkeys.imageio.plugins.svg.allowexternalresources");
}
}
@Test(expected = SecurityException.class)
public void testDisallowedExternalResources() throws URISyntaxException, IOException {
public void testDefaultDisallowedExternalResources() throws URISyntaxException, IOException {
URL resource = getClassLoaderResource("/svg/barChart.svg");
SVGImageReader reader = createReader();
@ -319,7 +331,6 @@ public class SVGImageReaderTest extends ImageReaderAbstractTest<SVGImageReader>
SVGReadParam param = reader.getDefaultReadParam();
param.setBaseURI(resource.toURI().toASCIIString());
param.allowExternalResources(false);
// `reader.read` for `/svg/barChart.svg` should raise
// a SecurityException when External Resources are blocked
reader.read(0, param);
@ -328,4 +339,32 @@ public class SVGImageReaderTest extends ImageReaderAbstractTest<SVGImageReader>
reader.dispose();
}
}
@Test(expected = SecurityException.class)
public void testDisallowedExternalResources_withSystemProperty() throws URISyntaxException, IOException {
URL resource = getClassLoaderResource("/svg/barChart.svg");
try {
System.setProperty("com.twelvemonkeys.imageio.plugins.svg.allowexternalresources", "true");
SVGImageReader reader = createReader();
TestData data = new TestData(resource, (Dimension) null);
try (ImageInputStream stream = data.getInputStream()) {
reader.setInput(stream);
SVGReadParam param = reader.getDefaultReadParam();
param.setBaseURI(resource.toURI().toASCIIString());
param.setAllowExternalResources(false);
// even when the system-property is set to true,
// `reader.read` for `/svg/barChart.svg` should raise
// a SecurityException when External Resources are blocked
// because the API invocation gets preference
reader.read(0, param);
}
finally {
reader.dispose();
}
} finally {
System.clearProperty("com.twelvemonkeys.imageio.plugins.svg.allowexternalresources");
}
}
}