You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@kylin.apache.org by ni...@apache.org on 2020/02/07 14:26:31 UTC

[kylin] 36/44: Prevent uncontrolled data used in path expression

This is an automated email from the ASF dual-hosted git repository.

nic pushed a commit to branch 3.0.x
in repository https://gitbox.apache.org/repos/asf/kylin.git

commit ac6906189ea20cafdc41be0ed54611d52284b6bb
Author: nichunen <ni...@apache.org>
AuthorDate: Thu Jan 16 17:27:20 2020 +0800

    Prevent uncontrolled data used in path expression
---
 .../src/main/java/org/apache/kylin/job/execution/ExecutableManager.java  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/core-job/src/main/java/org/apache/kylin/job/execution/ExecutableManager.java b/core-job/src/main/java/org/apache/kylin/job/execution/ExecutableManager.java
index ce9cc35..6f8d789 100644
--- a/core-job/src/main/java/org/apache/kylin/job/execution/ExecutableManager.java
+++ b/core-job/src/main/java/org/apache/kylin/job/execution/ExecutableManager.java
@@ -149,6 +149,7 @@ public class ExecutableManager {
 
     public AbstractExecutable getJob(String uuid) {
         try {
+            uuid = uuid.replaceAll("[./]", "");
             return parseTo(executableDao.getJob(uuid));
         } catch (PersistentException e) {
             logger.error("fail to get job:" + uuid, e);