sergehuber commented on a change in pull request #265:
URL: https://github.com/apache/unomi/pull/265#discussion_r598800936
##########
File path:
services/src/main/java/org/apache/unomi/services/actions/ActionExecutorDispatcher.java
##########
@@ -146,6 +156,19 @@ public Action getContextualAction(Action action, Event
event) {
return values;
}
+ private Object extractValue(String s, Event event) throws
IllegalAccessException, NoSuchMethodException, InvocationTargetException {
+ Object value = null;
+
+ String valueType = StringUtils.substringBefore(s,
VALUE_NAME_SEPARATOR);
+ String valueAsString = StringUtils.substringAfter(s,
VALUE_NAME_SEPARATOR);
+ ValueExtractor extractor = valueExtractors.get(valueType);
+ if (extractor != null) {
+ value = extractor.extract(valueAsString, event);
+ }
+
+ return value;
Review comment:
We should check the value to make sure it doesn't have any
PLACEHOLDER_PREFIX in which case we might need to encode it somehow, otherwise
this could lead to a security vulnerability as attackers could inject
expressions that could ready any data.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
