sijie commented on a change in pull request #6219: minor: [checkmarx]OWASP-A17:
injecting topic name without validating
URL: https://github.com/apache/pulsar/pull/6219#discussion_r375014175
##########
File path:
pulsar-functions/worker/src/main/java/org/apache/pulsar/functions/worker/rest/api/ComponentImpl.java
##########
@@ -1426,6 +1426,9 @@ private void validateTriggerRequestParams(final String
tenant,
if (uploadedInputStream == null && input == null) {
throw new IllegalArgumentException("Trigger Data is not provided");
}
+ if (topic == null) {
Review comment:
I don't think this change is correct. See comment at line 1417.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
