From ad1a305cf679c2362a81b72a48b5771151a12a73 Mon Sep 17 00:00:00 2001
From: "srowen@gmail.com"
 <srowen@gmail.com@59b500cc-1b3d-0410-9834-0bbf25fbcc57>
Date: Sun, 5 May 2013 12:41:41 +0000
Subject: [PATCH] Add uri blocklist feature

git-svn-id: https://zxing.googlecode.com/svn/trunk@2711 59b500cc-1b3d-0410-9834-0bbf25fbcc57
---
 build.xml                                     |   1 +
 pom.xml                                       |   5 +
 zxingorg/pom.xml                              |   6 -
 .../com/google/zxing/web/DecodeServlet.java   | 118 ++++++++++++------
 4 files changed, 84 insertions(+), 46 deletions(-)

diff --git a/build.xml b/build.xml
index 30b9b7e38..b212dc4db 100644
--- a/build.xml
+++ b/build.xml
@@ -59,6 +59,7 @@
         <include name="zxingorg/**"/>
         <exclude name="zxingorg/build/**"/>
         <exclude name="zxingorg/target/**"/>
+        <exclude name="zxingorg/resources/private/**"/>        
       </zipfileset>
     </zip>
     <!-- Separate out test data files now to make download more manageable -->
diff --git a/pom.xml b/pom.xml
index 0ab16f616..abb02a6ce 100644
--- a/pom.xml
+++ b/pom.xml
@@ -70,6 +70,11 @@
   <build>
     <sourceDirectory>src</sourceDirectory>
     <outputDirectory>build</outputDirectory>
+    <resources>
+      <resource>
+        <directory>resources</directory>
+      </resource>
+    </resources>
     <plugins>
       <plugin>
         <artifactId>maven-enforcer-plugin</artifactId>
diff --git a/zxingorg/pom.xml b/zxingorg/pom.xml
index 7e2e8a3fd..8a95c0b25 100644
--- a/zxingorg/pom.xml
+++ b/zxingorg/pom.xml
@@ -83,12 +83,6 @@
                    <version>2.2-SNAPSHOT</version>
                    <type>javadoc</type>                   
                  </artifactItem>
-                 <artifactItem>
-                    <groupId>com.google.zxing</groupId>
-                    <artifactId>javase</artifactId>
-                    <version>2.2-SNAPSHOT</version>
-                    <type>javadoc</type>                   
-                  </artifactItem>
                </artifactItems>
                <outputDirectory>web/w/docs/javadoc</outputDirectory>
                <overWriteIfNewer>true</overWriteIfNewer>
diff --git a/zxingorg/src/com/google/zxing/web/DecodeServlet.java b/zxingorg/src/com/google/zxing/web/DecodeServlet.java
index b64a9f4fb..b5dfd0f67 100644
--- a/zxingorg/src/com/google/zxing/web/DecodeServlet.java
+++ b/zxingorg/src/com/google/zxing/web/DecodeServlet.java
@@ -43,9 +43,11 @@ import org.apache.commons.io.FileCleaningTracker;
 
 import java.awt.color.CMMException;
 import java.awt.image.BufferedImage;
+import java.io.BufferedReader;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.InputStreamReader;
 import java.io.OutputStreamWriter;
 import java.io.Writer;
 import java.net.HttpURLConnection;
@@ -60,6 +62,7 @@ import java.util.Collection;
 import java.util.EnumMap;
 import java.util.EnumSet;
 import java.util.Map;
+import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import javax.imageio.ImageIO;
@@ -98,9 +101,10 @@ public final class DecodeServlet extends HttpServlet {
   }
 
   private DiskFileItemFactory diskFileItemFactory;
+  private Collection<String> blockedURLSubstrings;
 
   @Override
-  public void init(ServletConfig servletConfig) {
+  public void init(ServletConfig servletConfig) throws ServletException {
     Logger logger = Logger.getLogger("com.google.zxing");
     ServletContext context = servletConfig.getServletContext();
     logger.addHandler(new ServletContextLogHandler(context));
@@ -108,6 +112,25 @@ public final class DecodeServlet extends HttpServlet {
     FileCleaningTracker fileCleaningTracker = FileCleanerCleanup.getFileCleaningTracker(context);
     diskFileItemFactory = new DiskFileItemFactory(1 << 16, repository);
     diskFileItemFactory.setFileCleaningTracker(fileCleaningTracker);
+    
+    blockedURLSubstrings = new ArrayList<String>();
+    InputStream in = DecodeServlet.class.getResourceAsStream("/private/uri-block-substrings.txt");
+    if (in != null) {
+      try {
+        BufferedReader reader = new BufferedReader(new InputStreamReader(in, Charset.forName("UTF-8")));
+        try {
+          String line;
+          while ((line = reader.readLine()) != null) {
+            blockedURLSubstrings.add(line);
+          }
+        } finally {
+          reader.close();
+        }
+      } catch (IOException ioe) {
+        throw new ServletException(ioe);
+      }
+    }
+    log.info("Blocking URIs containing: " + blockedURLSubstrings);
   }
 
   @Override
@@ -122,6 +145,13 @@ public final class DecodeServlet extends HttpServlet {
     }
 
     imageURIString = imageURIString.trim();
+    for (String substring : blockedURLSubstrings) {
+      if (imageURIString.contains(substring)) {
+        log.info("Disallowed URI " + imageURIString);        
+        response.sendRedirect("badurl.jspx");
+        return;
+      }
+    }
 
     URI imageURI;
     try {
@@ -322,56 +352,64 @@ public final class DecodeServlet extends HttpServlet {
     ReaderException savedException = null;
 
     try {
-      // Look for multiple barcodes
-      MultipleBarcodeReader multiReader = new GenericMultipleBarcodeReader(reader);
-      Result[] theResults = multiReader.decodeMultiple(bitmap, HINTS);
-      if (theResults != null) {
-        results.addAll(Arrays.asList(theResults));
-      }
-    } catch (ReaderException re) {
-      savedException = re;
-    }
 
-    if (results.isEmpty()) {
       try {
-        // Look for pure barcode
-        Result theResult = reader.decode(bitmap, HINTS_PURE);
-        if (theResult != null) {
-          results.add(theResult);
+        // Look for multiple barcodes
+        MultipleBarcodeReader multiReader = new GenericMultipleBarcodeReader(reader);
+        Result[] theResults = multiReader.decodeMultiple(bitmap, HINTS);
+        if (theResults != null) {
+          results.addAll(Arrays.asList(theResults));
         }
       } catch (ReaderException re) {
         savedException = re;
       }
-    }
-
-    if (results.isEmpty()) {
-      try {
-        // Look for normal barcode in photo
-        Result theResult = reader.decode(bitmap, HINTS);
-        if (theResult != null) {
-          results.add(theResult);
+  
+      if (results.isEmpty()) {
+        try {
+          // Look for pure barcode
+          Result theResult = reader.decode(bitmap, HINTS_PURE);
+          if (theResult != null) {
+            results.add(theResult);
+          }
+        } catch (ReaderException re) {
+          savedException = re;
         }
-      } catch (ReaderException re) {
-        savedException = re;
       }
-    }
-
-    if (results.isEmpty()) {
-      try {
-        // Try again with other binarizer
-        BinaryBitmap hybridBitmap = new BinaryBitmap(new HybridBinarizer(source));
-        Result theResult = reader.decode(hybridBitmap, HINTS);
-        if (theResult != null) {
-          results.add(theResult);
+  
+      if (results.isEmpty()) {
+        try {
+          // Look for normal barcode in photo
+          Result theResult = reader.decode(bitmap, HINTS);
+          if (theResult != null) {
+            results.add(theResult);
+          }
+        } catch (ReaderException re) {
+          savedException = re;
         }
-      } catch (ReaderException re) {
-        savedException = re;
       }
-    }
+  
+      if (results.isEmpty()) {
+        try {
+          // Try again with other binarizer
+          BinaryBitmap hybridBitmap = new BinaryBitmap(new HybridBinarizer(source));
+          Result theResult = reader.decode(hybridBitmap, HINTS);
+          if (theResult != null) {
+            results.add(theResult);
+          }
+        } catch (ReaderException re) {
+          savedException = re;
+        }
+      }
+  
+      if (results.isEmpty()) {
+        handleException(savedException, response);
+        return;
+      }
 
-    if (results.isEmpty()) {
-      handleException(savedException, response);
-      return;
+    } catch (RuntimeException re) {
+      // Call out unexpected errors in the log clearly
+      log.log(Level.WARNING, "Unexpected exception from library", re);
+      throw new ServletException(re);
     }
 
     String fullParameter = request.getParameter("full");