You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by GitBox <gi...@apache.org> on 2022/01/28 07:58:10 UTC

[GitHub] [zeppelin] xufengnian edited a comment on pull request #4282: [ZEPPELIN-5624] Check if the path directory is compliant.

xufengnian edited a comment on pull request #4282:
URL: https://github.com/apache/zeppelin/pull/4282#issuecomment-1023970671


   Are you sure this way can really delete zeppelin application directory?
   I just try same way in zeppelin 0.9.0 with docker,but it can not delete any directory.
   As this log，any  id from the REST request will be deleted.but Function 'FileUtils.deleteDirectory' seem can not delete directory in used
   ![image](https://user-images.githubusercontent.com/15324125/151507952-e2ab13e8-5271-4c3a-9fc5-87027bb9b4cd.png)
   By the way，if only check the id contains("..")，attacker maybe try to use "%2e%2e",so it's useless
   ![image](https://user-images.githubusercontent.com/15324125/151508934-3b926260-68c6-4ae7-a626-0b173aeffc7f.png)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org