imbajin commented on code in PR #2019:
URL:
https://github.com/apache/incubator-hugegraph/pull/2019#discussion_r1026536423
##########
hugegraph-core/src/main/java/org/apache/hugegraph/util/ConfigUtil.java:
##########
@@ -112,9 +112,11 @@ public static Map<String, String> scanGraphsDir(String
graphsDirPath) {
public static String writeToFile(String dir, String graphName,
HugeConfig config) {
- E.checkArgument(FileUtils.getFile(dir).exists(),
+ File file = FileUtils.getFile(dir);
+ E.checkArgument(file.exists(),
"The directory '%s' must exist", dir);
- String fileName = Paths.get(dir, graphName + CONF_SUFFIX).toString();
+ String tmpGraphName = graphName + CONF_SUFFIX;
Review Comment:
the security alert the user params before using it: (reasonable)
<img width="749" alt="image"
src="https://user-images.githubusercontent.com/17706099/202733423-5afeed0b-f28e-4638-b5b1-30cf154bc8c4.png";>
it means we should trim/check the `User provide params` before we using it
directly (like remove `.` and extra `//`)
BTW, the demo is nice for us to learn security problem
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@hugegraph.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
![https://user-images.githubusercontent.com/17706099/202733423-5afeed0b-f28e-4638-b5b1-30cf154bc8c4.png"](https://user-images.githubusercontent.com/17706099/202733423-5afeed0b-f28e-4638-b5b1-30cf154bc8c4.png"){kind=link}