[NOID] Upgraded jsoup to v.1.15.3 to mitigate CVE-2022-36033 (#3305) (#…

…3460) * [EHgXqsEW] Upgraded jsoup to v.1.15.3 to mitigate CVE-2022-36033 (#3305) * [EHgXqsEW] removed unused import
neo4j-contrib · Feb 21, 2023 · c11fd26 · c11fd26
1 parent 50fae23
commit c11fd26
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 9 deletions.
diff --git a/extended/build.gradle b/extended/build.gradle
@@ -74,7 +74,7 @@ dependencies {
     // These will be dependencies packaged with the .jar
     implementation project(':common')
     implementation group: 'com.novell.ldap', name: 'jldap', version: '2009-10-07'
-    implementation group: 'org.jsoup', name: 'jsoup', version: '1.14.3'
+    implementation group: 'org.jsoup', name: 'jsoup', version: '1.15.3'
     implementation group: 'com.opencsv', name: 'opencsv', version: '5.7.1'
     implementation group: 'com.github.javafaker', name: 'javafaker', version: '1.0.2'
     implementation group: 'us.fatehi', name: 'schemacrawler', version: '15.04.01'

diff --git a/extended/src/main/java/apoc/load/LoadHtml.java b/extended/src/main/java/apoc/load/LoadHtml.java
@@ -4,6 +4,7 @@
 import apoc.result.MapResult;
 import apoc.util.MissingDependencyException;
 import apoc.util.FileUtils;
+import java.nio.charset.UnsupportedCharsetException;
 import org.jsoup.Jsoup;
 import org.jsoup.nodes.Attribute;
 import org.jsoup.nodes.Document;
@@ -19,7 +20,6 @@
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
@@ -35,6 +35,8 @@ public class LoadHtml {
 
     // public for test purpose
     public static final String KEY_ERROR = "errorList";
+    public static final String INVALID_CONFIG_ERR = "Invalid config: ";
+    public static final String UNSUPPORTED_CHARSET_ERR = "Unsupported charset: ";
 
     @Context
     public GraphDatabaseService db;
@@ -74,12 +76,12 @@ private Stream<MapResult> readHtmlPage(String url, Map<String, String> query, Ma
             }
 
             return Stream.of(new MapResult(output));
+        } catch ( UnsupportedCharsetException e) {
+            throw new RuntimeException(UNSUPPORTED_CHARSET_ERR + config.getCharset());
         } catch (IllegalArgumentException | ClassCastException e) {
-            throw new RuntimeException("Invalid config: " + config);
+            throw new RuntimeException(INVALID_CONFIG_ERR + config);
         } catch (FileNotFoundException e) {
             throw new RuntimeException("File not found from: " + url);
-        } catch(UnsupportedEncodingException e) {
-            throw new RuntimeException("Unsupported charset: " + config.getCharset());
         } catch(Exception e) {
             throw new RuntimeException("Can't read the HTML from: "+ url, e);
         }

diff --git a/extended/src/test/java/apoc/load/LoadHtmlTest.java b/extended/src/test/java/apoc/load/LoadHtmlTest.java
@@ -20,7 +20,9 @@
 
 import static apoc.ApocConfig.APOC_IMPORT_FILE_ENABLED;
 import static apoc.ApocConfig.apocConfig;
+import static apoc.load.LoadHtml.INVALID_CONFIG_ERR;
 import static apoc.load.LoadHtml.KEY_ERROR;
+import static apoc.load.LoadHtml.UNSUPPORTED_CHARSET_ERR;
 import static apoc.load.LoadHtmlConfig.FailSilently.WITH_LIST;
 import static apoc.load.LoadHtmlConfig.FailSilently.WITH_LOG;
 import static apoc.util.MapUtil.map;
@@ -64,7 +66,6 @@ public class LoadHtmlTest {
             "<p class='thirdClass'>My third paragraph. Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.</p> " +
             "<ul><li>Coffee</li><li>Tea</li><li>Milk</li></ul>  " +
             "</body> </html>";
-    private static final String INVALID_CONFIG_ERR = "Invalid config";
 
     @Rule
     public DbmsRule db = new ImpermanentDbmsRule();
@@ -435,19 +436,19 @@ public void testQueryWithFailsSilentlyWithListWithExceptionIfIncorrectUrl() {
 
     @Test
     public void testQueryWithExceptionIfIncorrectCharset() {
-        assertWrongConfig(INVALID_CONFIG_ERR,
+        assertWrongConfig(UNSUPPORTED_CHARSET_ERR,
                 Map.of("charset", INVALID_CHARSET));
     }
 
     @Test
     public void testQueryWithFailsSilentlyWithLogWithExceptionIfIncorrectCharset() {
-        assertWrongConfig(INVALID_CONFIG_ERR,
+        assertWrongConfig(UNSUPPORTED_CHARSET_ERR,
                 Map.of("failSilently", WITH_LOG.name(), "charset", INVALID_CHARSET));
     }
 
     @Test
     public void testQueryWithFailsSilentlyWithListWithExceptionIfIncorrectCharset() {
-        assertWrongConfig(INVALID_CONFIG_ERR,
+        assertWrongConfig(UNSUPPORTED_CHARSET_ERR,
                 Map.of("failSilently", WITH_LIST.name(), "charset", INVALID_CHARSET));
     }