You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@accumulo.apache.org by GitBox <gi...@apache.org> on 2021/05/06 16:05:12 UTC

[GitHub] [accumulo] milleruntime commented on a change in pull request #2075: Add fromClassPath Method

milleruntime commented on a change in pull request #2075:
URL: https://github.com/apache/accumulo/pull/2075#discussion_r627559708



##########
File path: core/src/main/java/org/apache/accumulo/core/clientImpl/ClientInfoImpl.java
##########
@@ -115,6 +120,18 @@ public static Properties toProperties(Path propertiesFile) {
     return properties;
   }
 
+  @SuppressFBWarnings(value = "URLCONNECTION_SSRF_FD",
+      justification = "code runs in same security context as user who provided propertiesURL")
+  public static Properties toProperties(URL propertiesURL) {
+    Properties properties = new Properties();
+    try (InputStream is = propertiesURL.openStream()) {

Review comment:
       You could add some additional validation to make sure this is just a properties file and not something malicious.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org