search

kermitt2 / biblio-glutton

A high performance bibliographic information service: https://biblio-glutton.readthedocs.io
125 stars 16 forks source link

Sanity check for field request #60

Open kermitt2 opened 3 years ago

kermitt2 commented 3 years ago

Looking at months of logs, I only found one catched error.

It seems that a complete google scholar query was send as DOI field, resulting in this exception: 

ERROR [2021-08-16 20:41:08,464] com.scienceminer.lookup.storage.lookup.MetadataLookup: Cannot retrieve Crossref document by DOI:  https://scholar.google.com/scholar_lookup?title=nepro+study+investigators+analysis+of+docetaxel+therapy+in+elderly+(%e2%89%a570years)+castration+resistant+prostate+cancer+patients+enrolled+in+the+netherlands+prostate+study&author=gerritse,+f.l.&author=meulenbeld,+h.j.&author=roodhart,+j.m.l.&author=van+der+velden,+a.m.t.&author=blaisse,+r.j.b.&author=smilde,+t.j.&author=erjavec,+z.&author=de+wit,+r.&author=los,+m.&publication_year=2013&journal=eur.+j.+cancer&volume=49&pages=3176%e2%80%933183&doi=10.1016/j.ejca.2013.06.008
! java.nio.BufferOverflowException: null
! at java.nio.DirectByteBuffer.put(DirectByteBuffer.java:363)
! at java.nio.ByteBuffer.put(ByteBuffer.java:859)
! at com.scienceminer.lookup.storage.lookup.MetadataLookup.retrieveJsonDocument(MetadataLookup.java:110)
! at com.scienceminer.lookup.storage.lookup.MetadataLookup.retrieveByMetadata(MetadataLookup.java:132)
! at com.scienceminer.lookup.storage.LookupEngine.retrieveByDoi(LookupEngine.java:128)
! at com.scienceminer.lookup.web.resource.LookupController.getByQuery(LookupController.java:126)
! at com.scienceminer.lookup.web.resource.LookupController.getByQueryAsync(LookupController.java:99)
! at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
! at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
! at java.lang.reflect.Method.invoke(Method.java:498)
! at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
...

Just checking the fields before processing them might be useful for avoiding BufferOverflowException, which could be a vulnerability.

kermitt2 commented 3 years ago

A bit related to #55 and both could be done at the same time.