[FLINK-18151] Resolve CWE22 problems in pyflink_gateway_server.py - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.11.0, 1.12.0
Fix Version/s: 1.11.0, 1.12.0
Component/s: API / Python
Labels:
- pull-request-available

Description

For example, the code `if os.path.isfile(flink_conf_path):` contains CWE22 problem that calling "os.path.isfile" with the tainted value in argument 1. This constructs a path or URI using the tainted value and may thus allow an attacker to access, modify, or test the existence of critical or sensitive files.

More information about CWE22 here: https://cwe.mitre.org/data/definitions/22.html

Attachments

Issue Links

links to

GitHub Pull Request #12503

Activity

People

Assignee:: Shuiqiang Chen

Reporter:: Hequn Cheng

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 05/Jun/20 11:12

Updated:: 08/Jun/20 02:58

Resolved:: 08/Jun/20 02:58