This is an automated email from the ASF dual-hosted git repository. nic pushed a commit to branch 3.0.x in repository https://gitbox.apache.org/repos/asf/kylin.git
commit 173d88b7015c9a60779cc04586896453ee5b69ed Author: nichunen <[email protected]> AuthorDate: Sat Jan 18 22:45:04 2020 +0800 Prevent uncontrolled data used in path expression --- .../src/main/java/org/apache/kylin/metadata/TableMetadataManager.java | 1 + 1 file changed, 1 insertion(+) diff --git a/core-metadata/src/main/java/org/apache/kylin/metadata/TableMetadataManager.java b/core-metadata/src/main/java/org/apache/kylin/metadata/TableMetadataManager.java index 457c046..ce3017f 100644 --- a/core-metadata/src/main/java/org/apache/kylin/metadata/TableMetadataManager.java +++ b/core-metadata/src/main/java/org/apache/kylin/metadata/TableMetadataManager.java @@ -484,6 +484,7 @@ public class TableMetadataManager { public void removeExternalFilter(String name) throws IOException { try (AutoLock lock = extFilterMapLock.lockForWrite()) { + name = name.replaceAll("[./]", ""); extFilterCrud.delete(name); } }
