imbajin commented on code in PR #2918:
URL:
https://github.com/apache/incubator-hugegraph/pull/2918#discussion_r2618191587
##########
hugegraph-server/hugegraph-core/pom.xml:
##########
@@ -198,7 +198,7 @@
<version>${commons-compress.version}</version>
</dependency>
<dependency>
- <groupId>org.lz4</groupId>
Review Comment:
expected change? (org changed?)
##########
hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/util/StringEncoding.java:
##########
@@ -140,7 +140,7 @@ public static String decompress(byte[] value, float
bufferRatio) {
}
public static String hashPassword(String password) {
- return BCrypt.hashpw(password, BCrypt.gensalt(4));
+ return BCrypt.hashpw(password, BCrypt.gensalt(12));
Review Comment:
maybe use the minimum factor in the proper range (to reduce perf influence,
like 10?)
##########
hugegraph-server/hugegraph-core/pom.xml:
##########
@@ -32,7 +32,7 @@
<jraft.version>1.3.11</jraft.version>
<ohc.version>0.7.4</ohc.version>
<jna.version>5.12.1</jna.version>
- <lz4.version>1.8.0</lz4.version>
+ <lz4.version>1.9.0</lz4.version>
Review Comment:
in ASF rules, we need to update the dependencies info
refer:
https://hugegraph.apache.org/docs/contribution-guidelines/contribute/#321-check-licenses
##########
hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/util/CompressUtil.java:
##########
@@ -173,6 +173,21 @@ private static Path zipSlipProtect(ArchiveEntry entry,
Path targetDir)
return normalizePath;
}
+ private static Path zipSlipProtect(ZipEntry entry, Path targetDir)
+ throws IOException {
+ Path targetDirResolved = targetDir.resolve(entry.getName());
+ /*
+ * Make sure normalized file still has targetDir as its prefix,
+ * else throws exception
+ */
+ Path normalizePath = targetDirResolved.normalize();
+ if (!normalizePath.startsWith(targetDir.normalize())) {
+ throw new IOException(String.format("Bad entry: %s",
+ entry.getName()));
Review Comment:
maybe merge into one line?
##########
hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/util/CompressUtil.java:
##########
@@ -173,6 +173,21 @@ private static Path zipSlipProtect(ArchiveEntry entry,
Path targetDir)
return normalizePath;
}
+ private static Path zipSlipProtect(ZipEntry entry, Path targetDir)
+ throws IOException {
Review Comment:
one line?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
