This is an automated email from the ASF dual-hosted git repository. nic pushed a commit to branch 2.6.x in repository https://gitbox.apache.org/repos/asf/kylin.git
commit 25e879c45f8d592d742943d0a2ea595d6d5e9d6e Author: nichunen <[email protected]> AuthorDate: Thu Jan 16 17:27:20 2020 +0800 Prevent uncontrolled data used in path expression --- .../src/main/java/org/apache/kylin/job/execution/ExecutableManager.java | 1 + 1 file changed, 1 insertion(+) diff --git a/core-job/src/main/java/org/apache/kylin/job/execution/ExecutableManager.java b/core-job/src/main/java/org/apache/kylin/job/execution/ExecutableManager.java index 90c9873..f4bd197 100644 --- a/core-job/src/main/java/org/apache/kylin/job/execution/ExecutableManager.java +++ b/core-job/src/main/java/org/apache/kylin/job/execution/ExecutableManager.java @@ -149,6 +149,7 @@ public class ExecutableManager { public AbstractExecutable getJob(String uuid) { try { + uuid = uuid.replaceAll("[./]", ""); return parseTo(executableDao.getJob(uuid)); } catch (PersistentException e) { logger.error("fail to get job:" + uuid, e);
