You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@flink.apache.org by "Hequn Cheng (Jira)" <ji...@apache.org> on 2020/06/05 11:13:00 UTC

[jira] [Created] (FLINK-18151) Resolve CWE22 problems in pyflink_gateway_server.py

Hequn Cheng created FLINK-18151:
-----------------------------------

             Summary: Resolve CWE22 problems in pyflink_gateway_server.py 
                 Key: FLINK-18151
                 URL: https://issues.apache.org/jira/browse/FLINK-18151
             Project: Flink
          Issue Type: Bug
          Components: API / Python
    Affects Versions: 1.10.1, 1.11.0, 1.12.0
            Reporter: Hequn Cheng


For example, the code `if os.path.isfile(flink_conf_path):` contains CWE22 problem that calling "os.path.isfile" with the tainted value in argument 1. This constructs a path or URI using the tainted value and may thus allow an attacker to access, modify, or test the existence of critical or sensitive files.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)