GSIP 189
A new SPI interface that will evaluate external HTTP/HTTPS requests used to access XSD, SLD, Images etc.
Imran Rajjad
This proposal is for GeoServer 2.18-RC, 2.17.1 and 2.16.4
- Under Discussion
- In Progress
- Completed
- Rejected
- Deferred
There is several situations were GeoServer \ GeoTools will perform HTTP requests against a remote site, e.g. when parsing a XLM document or a WPS proceed doing an arbitrary HTTP GET or POST request.
We need to be able to whitelist the remote sites against which GeoTools \ GeoServer will perform HTTP requests. Roughly described this will require:
Create wrapper for the HTTP client that will take into account the sites whitelist, what already exists in GeoTools should be taken into account. Create new security menu to white list sites on GeoServer UI, this will require a mockup. Make the wrapper being used by the code that will issue the HTTP requests
Some example scenarios that have drawn attention to this new SPI interface
- WPS extension server side requests,
- WMS GetMap SLD parameter handling,
- WMS and WFS OGC fitlers handling (loading remote schemas);
To validate HTTP requests, the following new interfaces and implementations are proposed along with their scope.
This interface the defines implementation to encapsulate URL evaluation. Initially the implementation will look like.
GetName()
EvaluateUrl()
isEnabled()
A class that will be used to store URLs in Geoserver data directory in XML format. This file will be updated through a GUI page, as system admin manages URL validation in Geoserver. The class structure is proposed to hold following properties.
Name
Action (allow/block)
Regex (true/false)
Instantiated and registered through Spring.
The Geoserver implementation of URLChecker will read URLEntry from Geoserver Data Directory stored in xml file.
A factory class which will scan for all known implementation of URLChecker and will provide access to these instances.
A utility class that will make use of URLCheckerFactory and will provide utility methods to work with implementations of URLChecker
A wrapper class that will delegate any HttpClient implementation and perform URL validation before issuing requests.
A utility class that will return instance of ControlledHttpClient configured to evaluate URLs using all available URLChecker implementations.
Under the security tab, a new menu button will be added called URL Validation.
This link will navigate to a page, where user can manage URLs. User can name URLs and choose to have the evaluation work with regex expression or plain string comparison. By default each entry will be a regex expression. URL validation can be enabled disabled through a checkbox, this state will be persisted as part of Global Settings and will be read by Geoserver implementation of URLChecker.
As per standard, a REST interface will also be laid to work these settings
The data stores that make external HTTP calls, will receive a checkbox that will allow admin to enable URL validation on all external calls being through layers of the respective Stores. (e.g CascadedWMS, WMTS and WFS-NG etc)
The implementation will start down in Geotools, where the SPI interface and factory classes will be introduced. It will be possible to register a URLChecker implementation directly through URLCheckerFactory or SDI. High priority modules in Geotools will be refactored to evaluate outgoing URL calls.
As described above, Geoserver will receive a built-in implementation of URLChecker that leverages from underlying Geotools SPI classes. This implementation currently will evaluate URLs through configured regex expressions persisted inside Geoserver Data directory.
There are two scenarios that need to be dealt with.
The part of source code where URLs are accessed using implementations of HttpClient, will be modified to use the SecuredHttpClient wrapper if enabled. The instance of SecuredHttpClient will be acquired through SecuredHttpClientFactory
Other than using HttpClient implementations, there are areas across API where URLs either being accessed directly or being passed down utility methods beyond our control. These will require the URLs to be passed through utility methods provided by URLCheckerUtil , which works similarly to SecuredHttpClient but provides methods to directly evaluate URL, URIs and Strings against available URLChecker implementations.
Below are potential implementation points that will require modifications. Priority is also mentioned. Current implementation will only target modules with high priority.
| Project | module | priority | Classes |
|---|---|---|---|
| GT | extension/tile-client | high | modules/extension/tile-client/src/main/java/org/geotools/tile/impl/WebMercatorTileService.java |
| GT | extension/wmsts | high | modules/extension/wmts/src/main/java/org/geotools/ows/wmts/client/WMTSTileService.java |
| GT | extension/wmsts | high | modules/extension/wmts/src/main/java/org/geotools/ows/wmts/request/AbstractGetTileRequest.java |
| GT | plugin/mongodb | low | modules/plugin/mongodb/src/main/java/org/geotools/data/mongodb/MongoDataStoreFactory.java |
| GT | unsupported/mbstyle | low | modules/unsupported/mbstyle/src/main/java/org/geotools/mbstyle/sprite/SpriteGraphicFactory.java |
| GT | unsupported/wfs-ng | high | modules/unsupported/wfs-ng/src/main/java/org/geotools/data/wfs/WFSDataStoreFactory.java |
| GT | unsupported/wfs-ng | high | modules/unsupported/wfs-ng/src/main/java/org/geotools/data/wfs/impl/WFSDataAccessFactory.java |
| GT | unsupported/wfs-ng | high | modules/unsupported/wps/src/main/java/org/geotools/data/wps/AbstractWPS.java |
| GT | unsupported/wps | high | modules/unsupported/wps/src/main/java/org/geotools/data/wps/WebProcessingService.java |
| GS | community/wps-download | med | community/wps-download/src/main/java/org/geoserver/wps/gs/download/DownloadMapProcess.java:import org.geotools.data.ows.HTTPClient; |
| GS | extension/authkey | med | extension/authkey/src/main/java/org/geoserver/security/WebServiceAuthenticationKeyMapper.java:import org.geotools.data.ows.HTTPClient; |
| GS | main | high | main/src/main/java/org/geoserver/catalog/ResourcePool.java:import org.geotools.data.ows.HTTPClient; |
| GS | main | high | web/core/src/main/java/org/geoserver/web/data/store/WMSStoreNewPage.java:import org.geotools.data.ows.HTTPClient; |
| GS | main | high | web/core/src/main/java/org/geoserver/web/data/store/WMTSStoreNewPage.java:import org.geotools.data.ows.HTTPClient; |
| GS | wms | high | wms/src/main/java/org/geoserver/wms/CascadedLegendRequest.java:import org.geotools.data.ows.HTTPClient; |
| Project | module | priority | Path and Line Number |
|---|---|---|---|
| GT | extension/validation | low | modules/extension/validation/src/main/java/org/geotools/validation/attributes/GazetteerNameValidation.java:107: (HttpURLConnection) gazetteerURL.openConnection(); |
| GT | extension/xsd/xsd-core | high | modules/extension/xsd/xsd-core/src/main/java/org/geotools/xsd/impl/HTTPURIHandler.java:91: return (HttpURLConnection) url.openConnection(); |
| GT | library/main | med | modules/library/main/src/main/java/org/geotools/data/ows/SimpleHttpClient.java:162: URLConnection connection = finalURL.openConnection(); |
| GT | library/referencing | med | modules/library/referencing/src/main/java/org/geotools/referencing/factory/gridshift/NADCONGridShiftFactory.java:329: InputStream in = url.openConnection().getInputStream(); |
| GT | library/referencing | med | modules/library/referencing/src/main/java/org/geotools/referencing/factory/gridshift/NTv2GridShiftFactory.java:145: new BufferedInputStream(url.openConnection().getInputStream())) { |
| GT | library/xml | high | modules/library/xml/src/main/java/org/geotools/xml/resolver/SchemaCache.java:253: HttpURLConnection connection = (HttpURLConnection) url.openConnection(); |
| GT | plugin/arcgrid | med | modules/plugin/arcgrid/src/main/java/org/geotools/gce/arcgrid/ArcGridReader.java:259: input = tempURL.openConnection().getInputStream(); |
| GT | plugin/arcgrid | med | modules/plugin/arcgrid/src/main/java/org/geotools/gce/arcgrid/ArcGridReader.java:268: ImageIO.createImageInputStream(tempURL.openConnection().getInputStream()); |
| GT | plugin/arcgrid | med | modules/plugin/arcgrid/src/main/java/org/geotools/gce/arcgrid/ArcGridReader.java:440: new GZIPInputStream(((URL) source).openConnection().getInputStream())); |
| GT | plugin/arcgrid | med | modules/plugin/arcgrid/src/main/java/org/geotools/gce/arcgrid/ArcGridReader.java:444: ((URL) source).openConnection().getInputStream())); |
| GT | plugin/shapefile | low | modules/plugin/shapefile/src/main/java/org/geotools/data/shapefile/files/ShpFiles.java:701: URLConnection connection = url.openConnection(); |
| GT | plugin/shapefile | low | modules/plugin/shapefile/src/main/java/org/geotools/data/shapefile/files/ShpFiles.java:764: InputStream in = url.openConnection().getInputStream(); |
| GT | plugin/shapefile | low | modules/plugin/shapefile/src/main/java/org/geotools/data/shapefile/files/ShpFiles.java:815: OutputStream out = url.openConnection().getOutputStream(); |
| GS | extension/security/cas | low | extension/security/cas/src/main/java/org/geoserver/security/cas/CasAuthenticationHelper.java:150: HttpURLConnection conn = (HttpURLConnection) logoutUrl.openConnection(); |
| GS | extension/security/cas | low | extension/security/cas/src/main/java/org/geoserver/security/cas/CasAuthenticationHelper.java:211: HttpURLConnection conn = (HttpURLConnection) loginUrl.openConnection(); |
| GS | extension/security/web/web-cas | low | extension/security/web/web-cas/src/main/java/org/geoserver/security/web/cas/CasAuthFilterPanel.java:131: HttpURLConnection con = (HttpURLConnection) url.openConnection(); |
| GS | extension/wps/wps-core | high | extension/wps/wps-core/src/main/java/org/geoserver/wps/executor/RemoteRequestInputProvider.java:123: URLConnection conn = refDestination.openConnection(); |
| GS | extension/wps/wps-core | high | extension/wps/wps-core/src/main/java/org/geoserver/wps/executor/RemoteRequestInputProvider.java:194: URLConnection conn = destination.openConnection(); |
| GS | main | high | main/src/main/java/org/geoserver/security/password/URLMasterPasswordProvider.java:162: URLConnection cx = url.openConnection(); |
| GS | main | high | main/src/main/java/org/vfny/geoserver/util/Requests.java:126: URLConnection conn = url.openConnection(); |
| GS | ows | high | ows/src/main/java/org/geoserver/ows/AbstractURLPublisher.java:95: connection = url.openConnection(); |
| Project | module | priority | Path and Line Number |
|---|---|---|---|
| GT | extension/app-schema/app-schema | low | modules/extension/app-schema/app-schema/src/main/java/org/geotools/data/complex/config/XMLConfigDigester.java:106: configStream = dataStoreConfigUrl.openStream(); |
| GT | extension/brewer | low | modules/extension/brewer/src/main/java/org/geotools/brewer/color/ColorBrewer.java:294: try (InputStream stream = url.openStream()) { |
| GT | extension/complex | med | modules/extension/complex/src/main/java/org/geotools/data/complex/util/EmfComplexFeatureReader.java:136:InputStream input = resolvedLocation.openStream(); |
| GT | library/coverage | high | modules/library/coverage/src/main/java/org/geotools/coverage/util/CoverageUtilities.java:556:try (InputStream stream = new BufferedInputStream(propsURL.openStream())) { |
| GT | library/main | high | modules/library/main/src/main/java/org/geotools/data/MapInfoFileReader.java:407:parseTabFile(new BufferedReader(new InputStreamReader(tabfile.openStream()))); |
| GT | library/main | high | modules/library/main/src/main/java/org/geotools/data/WorldFileReader.java:133:parseWorldFile(new BufferedReader(new InputStreamReader(worldfile.openStream()))); |
| GT | library/metadata | high | modules/library/metadata/src/main/java/org/geotools/util/factory/GeoTools.java:476:try (InputStream content = manifestLocation.openStream()) { |
| GT | library/metadata | high | modules/library/metadata/src/main/java/org/geotools/util/factory/GeoTools.java:589:try (InputStream content = manifestLocation.openStream()) { |
| GT | library/referencing | high | modules/library/referencing/src/main/java/org/geotools/referencing/factory/DatumAliases.java:208: try (BufferedReader in = new BufferedReader(new InputStreamReader(aliasURL.openStream()))) { |
| GT | library/referencing | high | modules/library/referencing/src/main/java/org/geotools/referencing/factory/PropertyAuthorityFactory.java:160: try (InputStream in = definitions.openStream()) { |
| GT | library/referencing | high | modules/library/referencing/src/main/java/org/geotools/referencing/factory/PropertyCoordinateOperationAuthorityFactory.java:137: try (InputStream in = definitions.openStream()) { |
| GT | library/referencing | high | modules/library/referencing/src/main/java/org/geotools/referencing/factory/gridshift/NADCONGridShiftFactory.java:360: new BufferedReader(new InputStreamReader(latGridUrl.openStream())); |
| GT | library/referencing | high | modules/library/referencing/src/main/java/org/geotools/referencing/factory/gridshift/NADCONGridShiftFactory.java:362: new BufferedReader(new InputStreamReader(longGridUrl.openStream()))) { |
| GT | library/referencing | high | modules/library/referencing/src/main/java/org/geotools/referencing/factory/gridshift/NTv2GridShiftFactory.java:177: in = new BufferedInputStream(location.openStream()); |
| GT | library/render | high | modules/library/render/src/main/java/org/geotools/renderer/style/FontCache.java:120: is = url.openStream(); |
| GT | library/render | high | modules/library/render/src/main/java/org/geotools/renderer/style/markwkt/WKTMarkFactory.java:200: in = libUrl.openStream(); |
| GT | library/xml | high | modules/library/xml/src/main/java/org/geotools/xml/SchemaFactory.java:133: new BufferedReader(new InputStreamReader(res.openStream(), "UTF-8"))) { |
| GT | library/xml | high | modules/library/xml/src/main/java/org/geotools/xml/resolver/SchemaCatalog.java:70: input = (new URL(resolvedLocation)).openStream(); |
| GT | library/xml | high | modules/library/xml/src/main/java/org/geotools/xml/styling/SLDParser.java:317: source = new InputSource(url.openStream()); |
| GT | plugin/coverage-multidim | low | modules/plugin/coverage-multidim/coverage-api/src/main/java/org/geotools/coverage/io/util/Utilities.java:1314: try (InputStream openStream = propsURL.openStream()) { |
| GT | plugin/coverage-multidim | low | modules/plugin/coverage-multidim/netcdf/src/main/java/org/geotools/coverage/io/netcdf/NetCDFDriver.java:174: source = url.openStream(); |
| GT | plugin/coverage-multidim | low | modules/plugin/coverage-multidim/netcdf/src/main/java/org/geotools/imageio/netcdf/utilities/NetCDFUtilities.java:707: try (InputStream input = uri.toURL().openStream()) { |
| GT | plugin/coverage-multidim | low | modules/plugin/coverage-multidim/netcdf/src/main/java/org/geotools/imageio/netcdf/utilities/NetCDFUtilities.java:734: try (InputStream input = uri.toURL().openStream()) { |
| GT | plugin/epsg-wkt | med | modules/plugin/epsg-wkt/src/main/java/org/geotools/referencing/epsg/wkt/EPSGCRSAuthorityFactory.java:107: epsg.load(definition.openStream()); |
| GT | plugin/epsg-wkt | med | modules/plugin/epsg-wkt/src/main/java/org/geotools/referencing/epsg/wkt/EPSGCRSAuthorityFactory.java:130: epsg.load(url.openStream()); |
| GT | plugin/feature-pregeneralized | low | modules/plugin/feature-pregeneralized/src/main/java/org/geotools/data/gen/DSFinderRepository.java:89: try (InputStream in = url.openStream()) { |
| GT | plugin/feature-pregeneralized | low | modules/plugin/feature-pregeneralized/src/main/java/org/geotools/data/gen/info/GeneralizationInfosProviderImpl.java:119: doc = db.parse(url.openStream()); |
| GT | plugin/image | low | modules/plugin/image/src/main/java/org/geotools/gce/image/WorldImageReader.java:214: } else if (input instanceof URL) input = ((URL) input).openStream(); |
| GT | plugin/imagemosaic | low | modules/plugin/imagemosaic/src/main/java/org/geotools/gce/imagemosaic/Utils.java:1156: url.openStream().close(); |
| GT | plugin/imagepyramid | low | modules/plugin/imagepyramid/src/main/java/org/geotools/gce/imagepyramid/ImagePyramidFormat.java:133: sourceURL.openStream().close(); |
| GT | plugin/imagepyramid | low | modules/plugin/imagepyramid/src/main/java/org/geotools/gce/imagepyramid/ImagePyramidFormat.java:148: new PrjFileReader(Channels.newChannel(prjURL.openStream()))) { |
| GT | plugin/imagepyramid | low | modules/plugin/imagepyramid/src/main/java/org/geotools/gce/imagepyramid/ImagePyramidFormat.java:173: new BufferedInputStream(sourceURL.openStream())) { |
| GT | plugin/imagepyramid | low | modules/plugin/imagepyramid/src/main/java/org/geotools/gce/imagepyramid/ImagePyramidReader.java:168: crsReader = new PrjFileReader(Channels.newChannel(prjURL.openStream())); |
| GT | plugin/imagepyramid | low | modules/plugin/imagepyramid/src/main/java/org/geotools/gce/imagepyramid/ImagePyramidReader.java:212: try (InputStream in = sourceURL.openStream(); |
| GT | plugin/shapefile | low | modules/plugin/shapefile/src/main/java/org/geotools/data/shapefile/files/ShpFiles.java:650: new FilterInputStream(url.openStream()) { |
| GT | unsupported/geojsonstore | low | modules/unsupported/geojsonstore/src/main/java/org/geotools/data/geojson/GeoJSONReader.java:92:try (InputStream inputStream = url.openStream()) { |
| GT | unsupported/geojsonstore | low | modules/unsupported/geojsonstore/src/main/java/org/geotools/data/geojson/GeoJSONReader.java:97:try (InputStream inputStream2 = url.openStream()) { |
| GT | unsupported/georest | low | modules/unsupported/georest/src/main/java/org/geotools/data/georest/GeoRestFeatureReader.java:143: return targetUrl.openStream(); |
| GT | unsupported/georest | low | modules/unsupported/georest/src/main/java/org/geotools/data/georest/GeoRestFeatureSource.java:81: String count = streamToString(countUrl.openStream()); |
| GT | unsupported/georest | low | modules/unsupported/georest/src/main/java/org/geotools/data/georest/GeoRestFeatureSource.java:108: InputStream in = new URL(url.toString() + "?limit=1").openStream(); |
| GT | unsupported/swing | low | modules/unsupported/swing/src/main/java/org/geotools/swing/locale/PropertiesFileFinder.java:189: return new JarInputStream(jarUrl.openStream()); |
| GT | unsupported/wfs-ng/ | high | modules/unsupported/wfs-ng/src/main/java/org/geotools/data/wfs/internal/WFSContentComplexFeatureCollection.java:75: InputStream stream = request.getFinalURL().openStream(); |
| GS | community/jdbcconfig | low | community/jdbcconfig/src/main/java/org/geoserver/jdbcconfig/internal/DbMappings.java:258: InputStream in = resource.openStream(); |
| GS | community/jdbcconfig | low | community/jdbcconfig/src/main/java/org/geoserver/jdbcloader/JDBCLoaderPropertiesFactoryBean.java:175: InputStream in = url.openStream(); |
| GS | community/metadata | low | community/metadata/src/main/java/org/geoserver/metadata/data/service/impl/RemoteDocumentReaderImpl.java:27:InputStream stream = url.openStream(); |
| GS | extension/wps/wps-core | high | extension/wps/wps-core/src/main/java/org/geoserver/wps/DataTransformer.java:147: data = transmuter.decode(url.openStream()); |
| GS | gwc | high | gwc/src/main/java/org/geoserver/gwc/GWC.java:2519: props.load(url.openStream()); |
| GS | main | high | main/src/main/java/org/geoserver/ManifestLoader.java:158: try (InputStream is = resource.openStream()) { |
| GS | main | high | main/src/main/java/org/geoserver/ManifestLoader.java:205:try (InputStream input = new URL(archivePath + "/META-INF/MANIFEST.MF").openStream()) { |
| GS | main | high | main/src/main/java/org/geoserver/catalog/StyleHandler.java:199: return new InputStreamReader(((URL) input).openStream()); |
| GS | main | high | main/src/main/java/org/geoserver/security/password/URLMasterPasswordProvider.java:184: return url.openStream(); |
| GS | platform | high | platform/src/main/java/org/geoserver/platform/exception/GeoServerExceptions.java:143: InputStream in = url.openStream(); |
| GS | platform | high | platform/src/main/java/org/geoserver/platform/resource/URIs.java:67: return url.openStream(); |
| GS | rest | high | rest/src/main/java/org/geoserver/rest/util/RESTUtils.java:182: final InputStream inputStream = fileURL.openStream(); |
| GS | wms | high | wms/src/main/java/org/geoserver/wms/legendgraphic/GetLegendGraphicKvpReader.java:695: in = url.openStream(); |
| Project | module | priority | Path and Line Number | Paths |
|---|---|---|---|---|
| GT | library/coverage | high | modules/library/coverage/src/main/java/org/geotools/image/io/ImageIOExt.java:98: return ImageIO.createImageOutputStream(destination); | |
| GT | library/coverage | high | modules/library/coverage/src/main/java/org/geotools/image/io/ImageIOExt.java:110: return ImageIO.createImageInputStream(input); | |
| GT | library/coverage | high | modules/library/coverage/src/main/java/org/geotools/image/io/ImageIOExt.java:388: ImageInputStream stream = ImageIO.createImageInputStream(input); | |
| GT | plugin/arcgrid | med | modules/plugin/arcgrid/src/main/java/org/geotools/gce/arcgrid/ArcGridReader.java:240: ImageIO.createImageInputStream( | |
| GT | plugin/arcgrid | med | modules/plugin/arcgrid/src/main/java/org/geotools/gce/arcgrid/ArcGridReader.java:260: inStream = ImageIO.createImageInputStream(new GZIPInputStream((InputStream) input)); | |
| GT | plugin/arcgrid | med | modules/plugin/arcgrid/src/main/java/org/geotools/gce/arcgrid/ArcGridReader.java:268: ImageIO.createImageInputStream(tempURL.openConnection().getInputStream()); | |
| GT | plugin/arcgrid | med | modules/plugin/arcgrid/src/main/java/org/geotools/gce/arcgrid/ArcGridReader.java:430: else pbjImageRead.add(ImageIO.createImageInputStream(source)); | |
| GT | plugin/arcgrid | med | modules/plugin/arcgrid/src/main/java/org/geotools/gce/arcgrid/ArcGridReader.java:433: ImageIO.createImageInputStream( | |
| GT | plugin/arcgrid | med | modules/plugin/arcgrid/src/main/java/org/geotools/gce/arcgrid/ArcGridReader.java:439: ImageIO.createImageInputStream( | |
| GT | plugin/arcgrid | med | modules/plugin/arcgrid/src/main/java/org/geotools/gce/arcgrid/ArcGridReader.java:443: ImageIO.createImageInputStream( | |
| GT | plugin/coverage-multidim | med | modules/plugin/coverage-multidim/netcdf/src/main/java/org/geotools/coverage/io/netcdf/NetCDFDriver.java:188: : ImageIO.createImageInputStream(source)); | |
| GT | plugin/geotiff | med | modules/plugin/geotiff/src/main/java/org/geotools/gce/geotiff/GeoTiffFormat.java:204: : ImageIO.createImageInputStream(o)); | |
| GT | plugin/geotiff | med | modules/plugin/geotiff/src/main/java/org/geotools/gce/geotiff/GeoTiffReader.java:661: : ImageIO.createImageInputStream(source)); | |
| GT | plugin/image | med | modules/plugin/image/src/main/java/org/geotools/gce/image/WorldImageFormat.java:244: try (ImageInputStream is = ImageIO.createImageInputStream(new File(pathname))) { | |
| GT | plugin/image | med | modules/plugin/image/src/main/java/org/geotools/gce/image/WorldImageReader.java:455: : ImageIO.createImageInputStream(source)); | |
| GT | plugin/jp2k | med | modules/plugin/jp2k/src/main/java/org/geotools/coverageio/jp2k/JP2KFormat.java:175: try (ImageInputStream stream = ImageIO.createImageInputStream(input)) { | |
| GT | plugin/jp2k | med | modules/plugin/jp2k/src/main/java/org/geotools/coverageio/jp2k/JP2KReader.java:585: tiffreader.setInput(ImageIO.createImageInputStream(inputStream)); | |
| GT | plugin/jp2k | med | modules/plugin/jp2k/src/main/java/org/geotools/coverageio/jp2k/JP2KReader.java:677: try (ImageInputStream stream = ImageIO.createImageInputStream(inputFile)) { | |
| GT | plugin/jp2k | med | modules/plugin/jp2k/src/main/java/org/geotools/coverageio/jp2k/Utils.java:130: final ImageInputStream inStream = ImageIO.createImageInputStream(file); | |
| GT | unsupported/gtopo30/ | med | modules/unsupported/gtopo30/src/main/java/org/geotools/gce/gtopo30/GTopo30Reader.java:439: final ImageInputStream iis = ImageIO.createImageInputStream(file); | |
| GT | unsupported/mbtiles | med | modules/unsupported/mbtiles/src/main/java/org/geotools/mbtiles/mosaic/MBTilesReader.java:295: ImageInputStream iis = ImageIO.createImageInputStream(bis)) { | |
| GT | library/xml | high | modules/library/xml/src/main/java/org/geotools/xml/styling/SLDParser.java:632: BufferedImage image = ImageIO.read(new ByteArrayInputStream(bytes)); | |
| GS | community/dds | low | community/dds/src/main/java/org/geoserver/wms/worldwind/BilMapResponse.java:214: final ImageOutputStream imageOutStream = ImageIO.createImageOutputStream(outStream); | |
| GS | wcs2_0 | med | wcs2_0/src/main/java/org/geoserver/wcs2_0/response/ImgMimeTypeMapper.java:57: inStream = ImageIO.createImageInputStream(sourceFile); | |
| GS | wms | high | wms/src/main/java/org/geoserver/wms/kvp/PaletteManager.java:115: ImageInputStream iis = ImageIO.createImageInputStream(resource.in()); | |
| GS | wms | high | wms/src/main/java/org/geoserver/wms/map/GIFMapResponse.java:175: otStream = ImageIO.createImageOutputStream(outStream); | |
| GS | community/wps-download/ | low | community/wps-download/src/main/java/org/geoserver/wps/gs/download/DownloadMapProcess.java:450: BufferedImage image = ImageIO.read(new MemoryCacheImageInputStream(is)); | |
| GS | platform | high | platform/src/main/java/org/geoserver/platform/resource/ResourceStore.java:37: * BufferedImage img = ImageIO.read( file ); | |
| GS | wms | high | wms/src/main/java/org/geoserver/wms/decoration/WatermarkDecoration.java:136: logo = ImageIO.read(url); | |
| GS | wms | high | wms/src/main/java/org/geoserver/wms/legendgraphic/BufferedImageLegendGraphicBuilder.java:518: BufferedImage image = ImageIO.read(url); | |
| GS | wms | high | wms/src/main/java/org/geoserver/wms/legendgraphic/RasterLayerLegendHelper.java:51: imgShape = ImageIO.read(rasterLegend.file()); | |
Please note that the list is a result of initial scan, and is subject to change as implementation progresses. Some pointers might need to be removes as it could an over-kill to insert evaluation at those points and there might be more code pointers. Any suggestion to include/exclude are welcome
Below URLs were found in XML and XSD documents found across GS and GT code base. Any suggestion to include/exclude are welcome
- earth.google.com
- edcdaac.usgs.gov
- en.wikipedia.org
- extjs.cachefly.net
- inspire.ec.europa.eu
- gcmd.gsfc.nasa.gov
- geoserver.org
- goals.performance.gov
- icons.opengeo.org
- jabber.org
- java.sun.com
- logging.apache.org
- openlayers.org
- portal.opengis.org
- schemas.opengis.net
- schemas.xmlsoap.org
- tile.openstreetmap.org
- trac.mapfish.org
- webexhibits.org
- www.bipm.fr
- www.bipm.org
- www.cryer.co.uk
- www.dgiwg.org
- www.geoserver.org
- www.ietf.org
- www.intuitive.com
- www.miramon.uab.es
- www.nga.mil
- www.oasis-open.org
- www.opengeospatial.org
- www.opengis.net
- www.springframework.org
- www.treasure-troves.com
- www.university.edu
- www.whitehouse.gov
- www.worldserver.com
- xml.org
There are no backward compatibility issues foreseen. If no
if there is no implementation of URLChecker interface registering through SDI or directly in URLCheckerFactory, all URLs will go un-evaluated
if user has not configured any Regex, all URLs will go un-evaluated
Project Steering Committee:
- Alessio Fabiani:
- Andrea Aime:
- Ian Turton:
- Jody Garnett:
- Jukka Rahkonen:
- Kevin Smith:
- Nuno Oliveira:
- Simone Giannecchini:
- Torben Barsballe: