-
Bug
-
Resolution: Done
-
Major
-
None
-
3.0.9.Final, 3.6.2.Final
-
None
-
None
We use a MultipartFormDataReader to process our "multipart/form-data" (multiple files uploaded via POST). We use inputPart.getBody(InputStream.class, null) to get the binary content of the uploaded files.
Everything worked well until someone tried to upload an EML/rfc822 file.
Turns out the EML gets parsed as part of the request and turned into objects. All other files/mimetypes stay in binary form. EML files turn up as Message objects where the getBody doesn't work with InputStream.
This only happens when the Content-Type of the "formpart" is set to "message/rfc822". So it really does not depend on the content of the file transmitted!
Turns out MultipartFormDataReader uses MultipartInputImpl::BinaryMessage. There a mime4j MimeStreamParser is created, which in turn uses MimeTokenStream. That stream supports MIME as well as rfc822 parsing which results in EML files being parsed. Even attachments in the attached email get parsed.
We obviously don't want the files to be touched and have no control over how the client sends this information. So I looked into how to change this:
MimeTokenStream has a way to control the recursion mode: setRecursionMode
If I set RecursionMode.M_NO_RECURSE there, it won't start parsing any mimeparts in the post request.
Unfortunately this can't be set easily in mime4j 0.6 because the MimeTokenStream is not exposed. I could only solve by patching mime4j. I added a setNoRecurse() to MimeStreamParser and call this in BinaryMessage after creating the parser. Then everything works as expected.
mime4j 0.7 has a new constructor MimeStreamParser(MimeTokenStream tokenStream) which allows to set the streams no_recurse flag.
To make it even easier, I submitted a push request to mime4j to support the settting via a method: https://github.com/apache/james-mime4j/pull/4
I would like to see that fixed in a new version of Resteasy though. How can I help?
- is related to
-
RESTEASY-754 Port resteasy-multipart-provider to a recent mime4j version
-
- Resolved
-
[RESTEASY-1255] MultipartFormDataReader parses EML files that get uploaded
I followed up on https://issues.apache.org/jira/browse/MIME4J-255.
That team is going to take a look at the request and the original PR.
Hopefully it will be accepted.
Arvid Villén (Inactive)
added a comment - Hi,
I just wanted to say that this is still issue.
Using RestEasy in Quarkus.
Arvid Villén (Inactive)
added a comment - Hi,
I just wanted to say that this is still issue.
Using RestEasy in Quarkus. 
Felix Knecht (Inactive)
added a comment - I'm unfortunately not too familiar with resteasy to make a decision like that nor do I think I am able to migrate to mime4j 0.7 (or 0.8 which seems due to be released soon).
I worked around the issue by using a CustomMultipartFormDataReader which uses a CustomMultipartFormDataInputImpl to parse the entityStream.
CustomMultipartFormDataInputImpl::BinaryMessage then sets a CustomMimeStreamParser which in turn which offers a setNoRecurse() method.
Since my github pull request was automatically closed a while ago, I opened a ticket for this:
https://issues.apache.org/jira/browse/MIME4J-255
I don't know if that is a possibility for you, but a third solution could be to use a patched MimeStreamParser instead of the one coming from mime4j
Felix Knecht (Inactive)
added a comment - I'm unfortunately not too familiar with resteasy to make a decision like that nor do I think I am able to migrate to mime4j 0.7 (or 0.8 which seems due to be released soon).
I worked around the issue by using a CustomMultipartFormDataReader which uses a CustomMultipartFormDataInputImpl to parse the entityStream.
CustomMultipartFormDataInputImpl::BinaryMessage then sets a CustomMimeStreamParser which in turn which offers a setNoRecurse() method.
Since my github pull request was automatically closed a while ago, I opened a ticket for this:
https://issues.apache.org/jira/browse/MIME4J-255
I don't know if that is a possibility for you, but a third solution could be to use a patched MimeStreamParser instead of the one coming from mime4j 
Ronald Sigal
added a comment - Hi Felix,
It sounds like there are two options when Content-Type is "message/rfc822":
- upgrade to mime4j 0.7 and turning off recursion mode, or
- use something other than BinaryMessage
Am I making sense?
The request to upgrade to mime4j 0.7 has been around for years. If you want to help and are feeling particularly ambitious, that would certainly be something to work on.
Otherwise, what are your thoughts about adding an alternative to BinaryMessage?
Thank you,
Ron
Ronald Sigal
added a comment - Hi Felix,
It sounds like there are two options when Content-Type is "message/rfc822":
upgrade to mime4j 0.7 and turning off recursion mode, or
use something other than BinaryMessage
Am I making sense?
The request to upgrade to mime4j 0.7 has been around for years. If you want to help and are feeling particularly ambitious, that would certainly be something to work on.
Otherwise, what are your thoughts about adding an alternative to BinaryMessage?
Thank you,
Ron
The requested change has been merged into mim4j version 0.8.5.