You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@kylin.apache.org by ni...@apache.org on 2020/02/07 07:40:26 UTC

[kylin] 02/05: Prevent uncontrolled data used in path expression

This is an automated email from the ASF dual-hosted git repository.

nic pushed a commit to branch 2.6.x
in repository https://gitbox.apache.org/repos/asf/kylin.git

commit 0556b007dd7e9e69f6ce817a883b38f7c69c58de
Author: nichunen <ni...@apache.org>
AuthorDate: Fri Jan 10 21:04:21 2020 +0800

    Prevent uncontrolled data used in path expression
---
 .../java/org/apache/kylin/metadata/badquery/BadQueryHistoryManager.java  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/core-metadata/src/main/java/org/apache/kylin/metadata/badquery/BadQueryHistoryManager.java b/core-metadata/src/main/java/org/apache/kylin/metadata/badquery/BadQueryHistoryManager.java
index 843e9e9..812d3c3 100644
--- a/core-metadata/src/main/java/org/apache/kylin/metadata/badquery/BadQueryHistoryManager.java
+++ b/core-metadata/src/main/java/org/apache/kylin/metadata/badquery/BadQueryHistoryManager.java
@@ -57,6 +57,7 @@ public class BadQueryHistoryManager {
     }
 
     public BadQueryHistory getBadQueriesForProject(String project) throws IOException {
+        project = project.replaceAll("[./]", "");
         BadQueryHistory badQueryHistory = getStore().getResource(getResourcePathForProject(project), BAD_QUERY_INSTANCE_SERIALIZER);
         if (badQueryHistory == null) {
             badQueryHistory = new BadQueryHistory(project);