gianm commented on PR #12918: URL: https://github.com/apache/druid/pull/12918#issuecomment-1224469318
> 6 for Uncontrolled data used in path expression How are there _more_? Looking at the alerts LGTM raises, I don't think it understands that `IdUtils.validateId` is an acceptable form of path-component sanitization. It validates that the id does not start with `.` nor does it contain `/`, which matches the suggestions given at https://codeql.github.com/codeql-query-help/java/java-path-injection/. Is anyone aware of a good way to deal with this, other than suppression of the LGTM alerts? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
