[ https://issues.apache.org/jira/browse/TIKA-860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13205453#comment-13205453 ]
Jukka Zitting commented on TIKA-860: ------------------------------------ bq. Couldnt SecureContentHandler not simply get the ParseContext That would introduce a circular dependency between the o.a.t.parser and o.a.t.sax packages (currently the parser -> sax dependency is one-way). I'd rather keep the SecureContentHandler class concerned only with IO streams and SAX events. > Make ZIP bomb detection configureable > ------------------------------------- > > Key: TIKA-860 > URL: https://issues.apache.org/jira/browse/TIKA-860 > Project: Tika > Issue Type: Improvement > Components: parser > Affects Versions: 1.0 > Reporter: Uwe Schindler > > The detection of ZIP bombs is nice and the original issue says it's > configureable, but I found no solution how to change ParseContext of the > AutoDetectParser to e.g. allow deeper nesting levels. The > SecureContentHandler instantiation is hardcoded and there is no point of > intervention. > In my case a simple ZIP of an Eclipse project: > http://store.pangaea.de/Publications/AltaweelM_2011/Salinization.zip > triggered the bomb detection, but it is of course no bomb. Its just because > the JAR/WAR files in this projects itself contain other JAR files and class > files :-) This overflows the nesting level of 10 - maybe even the TIKA OSGI > bundle triggers the bomb detection (not tested). > In my case I would like to raise the nesting level, but there is no solution. > My change was to simply filter away JAR files (as they contain no metadata we > are interested in our own development, we already removed e.g. CLASS file > parsers from out TIKA config so we have a very simple parser structure only > allowing pdf, office documents, txt files,...) by using a custom > DocumentSelector in my ParseContext. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira