You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@inlong.apache.org by GitBox <gi...@apache.org> on 2023/01/11 02:11:20 UTC

[GitHub] [inlong] gong commented on a diff in pull request #7214: [INLONG-7213][Manager] Add a check to the URL encoding of mysql JDBC URL

gong commented on code in PR #7214:
URL: https://github.com/apache/inlong/pull/7214#discussion_r1066511008


##########
inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/sink/mysql/MySQLSinkDTO.java:
##########
@@ -47,6 +49,15 @@ public class MySQLSinkDTO {
     /**
      * The sensitive param may lead the attack.
      */
+    private static final Map<String, String> SENSITIVE_PARAM_MAP = new HashMap<String, String>() {
+        {
+            put("autoDeserialize=true", "autoDeserialize=false");
+            put("allowLoadLocalInfile=true", "allowLoadLocalInfile=false");
+            put("allowUrlInLocalInfile=true", "allowUrlInLocalInfile=false");
+            put("allowLoadLocalInfileInPath=/", "allowLoadLocalInfileInPath=");
+        }
+    };
+
     private static final String SENSITIVE_PARAM_TRUE = "autoDeserialize=true";
     private static final String SENSITIVE_PARAM_FALSE = "autoDeserialize=false";

Review Comment:
   maybe it can be removed



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@inlong.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org