Hequn Cheng created FLINK-18151:
-----------------------------------
Summary: Resolve CWE22 problems in pyflink_gateway_server.py
Key: FLINK-18151
URL:
https://issues.apache.org/jira/browse/FLINK-18151 Project: Flink
Issue Type: Bug
Components: API / Python
Affects Versions: 1.10.1, 1.11.0, 1.12.0
Reporter: Hequn Cheng
For example, the code `if os.path.isfile(flink_conf_path):` contains CWE22 problem that calling "os.path.isfile" with the tainted value in argument 1. This constructs a path or URI using the tainted value and may thus allow an attacker to access, modify, or test the existence of critical or sensitive files.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
