You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kylin.apache.org by ni...@apache.org on 2020/02/07 07:40:26 UTC
[kylin] 02/05: Prevent uncontrolled data used in path expression
This is an automated email from the ASF dual-hosted git repository.
nic pushed a commit to branch 2.6.x
in repository https://gitbox.apache.org/repos/asf/kylin.git
commit 0556b007dd7e9e69f6ce817a883b38f7c69c58de
Author: nichunen <ni...@apache.org>
AuthorDate: Fri Jan 10 21:04:21 2020 +0800
Prevent uncontrolled data used in path expression
---
.../java/org/apache/kylin/metadata/badquery/BadQueryHistoryManager.java | 1 +
1 file changed, 1 insertion(+)
diff --git a/core-metadata/src/main/java/org/apache/kylin/metadata/badquery/BadQueryHistoryManager.java b/core-metadata/src/main/java/org/apache/kylin/metadata/badquery/BadQueryHistoryManager.java
index 843e9e9..812d3c3 100644
--- a/core-metadata/src/main/java/org/apache/kylin/metadata/badquery/BadQueryHistoryManager.java
+++ b/core-metadata/src/main/java/org/apache/kylin/metadata/badquery/BadQueryHistoryManager.java
@@ -57,6 +57,7 @@ public class BadQueryHistoryManager {
}
public BadQueryHistory getBadQueriesForProject(String project) throws IOException {
+ project = project.replaceAll("[./]", "");
BadQueryHistory badQueryHistory = getStore().getResource(getResourcePathForProject(project), BAD_QUERY_INSTANCE_SERIALIZER);
if (badQueryHistory == null) {
badQueryHistory = new BadQueryHistory(project);