Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change white and black list to allow and deny list #1714

Merged
merged 3 commits into from
Dec 21, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,8 @@
public class CustomJacksonHttpMessageConverter extends MappingJackson2HttpMessageConverter {

// These classes should use the internal Spring HttpMessageConverters.
private static final ImmutableList<Class<?>> BLACKLIST = ImmutableList.of(String.class, Resource.class);
private static final ImmutableList<Class<?>> DENY_LIST
= ImmutableList.of(String.class, Resource.class);

@Inject
CustomJacksonHttpMessageConverter(ObjectMapper objectMapper) {
Expand All @@ -53,7 +54,7 @@ public class CustomJacksonHttpMessageConverter extends MappingJackson2HttpMessag

@Override
public boolean canWrite(Class<?> clazz, MediaType mediaType) {
return BLACKLIST.stream().noneMatch(blc -> blc.isAssignableFrom(clazz))
return DENY_LIST.stream().noneMatch(blc -> blc.isAssignableFrom(clazz))
&& super.canWrite(clazz, mediaType);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ public class MediaTypeUtils {

private static final Logger LOG = LoggerFactory.getLogger(MediaTypeUtils.class);

private final PropertiesConfiguration _whiteListPropertiesConfig;
private final PropertiesConfiguration _mediaTypePropertiesConfig;

@Inject
public MediaTypeUtils(PropertiesUtil propertiesUtil) throws ConfigurationException {
Expand All @@ -57,33 +57,32 @@ public MediaTypeUtils(PropertiesUtil propertiesUtil) throws ConfigurationExcepti
.setListDelimiterHandler(new DefaultListDelimiterHandler(','));

var builder = new FileBasedConfigurationBuilder<>(PropertiesConfiguration.class);
_whiteListPropertiesConfig = builder
_mediaTypePropertiesConfig = builder
.configure(configBuilderParameters)
.getConfiguration();
}

/**
* Uses the media mimeType and any whitelisted properties to determine how to process
* a piece of media.
* Uses the media mimeType and media type properties file to determine how to process a piece
* of media.
*
* @param mimeType The mime-type of the media.
* @return The MediaType to treat the media as.
*/
public MediaType parse(String mimeType) {
var whiteListKey = "whitelist." + mimeType;
var typeFromWhitelist = _whiteListPropertiesConfig.getString(whiteListKey);
if (typeFromWhitelist != null && !typeFromWhitelist.isBlank()) {
var trimmedUpper = typeFromWhitelist.strip().toUpperCase();
var mediaType = _mediaTypePropertiesConfig.getString(mimeType);
if (mediaType != null && !mediaType.isBlank()) {
var trimmedUpper = mediaType.strip().toUpperCase();
try {
return MediaType.valueOf(trimmedUpper);
}
catch (IllegalArgumentException e) {
LOG.error(
"The \"{}\" property from the media type white list file contained the invalid value of \"{}\".",
whiteListKey, typeFromWhitelist);
"The \"{}\" property from the media types file contained the invalid value of \"{}\".",
mimeType, mediaType);

}
}

return Stream.of(MediaType.values())
.filter(mt -> StringUtils.startsWithIgnoreCase(mimeType, mt.toString()))
.findAny()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,16 +24,14 @@
# limitations under the License. #
#############################################################################

#######################
# FILE TYPE WHITELIST #
#######################

# Properties should be defined in the format "whitelist.<MIME-TYPE>", and values should be
# in the set of {VIDEO, IMAGE, AUDIO}
# Adding whitelisted types inappropriately may cause components to crash. Please add or
###########################
# FILE TYPE CONFIGURATION #
###########################
# Property keys should be mime types and values should be in the set of {VIDEO, IMAGE, AUDIO}.
# Adding mime type mappings inappropriately may cause components to crash. Please add or
# change values with caution.
# for .gz you need both whitelist.binary/octet-stream and whitelist.application/gzip
whitelist.application/x-matroska=VIDEO
whitelist.application/x-vnd.rn-realmedia=VIDEO
whitelist.application/mp4=VIDEO
whitelist.image/gif=VIDEO
# For .gz you need both binary/octet-stream and application/gzip.
application/x-matroska=VIDEO
application/x-vnd.rn-realmedia=VIDEO
application/mp4=VIDEO
image/gif=VIDEO