[GitHub] [inlong] fuweng11 commented on a diff in pull request #7214: [INLONG-7213][Manager] Add a check to the URL encoding of mysql JDBC URL

GitBox Tue, 10 Jan 2023 18:16:39 -0800


fuweng11 commented on code in PR #7214:
URL: https://github.com/apache/inlong/pull/7214#discussion_r1066512942



##########
inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/sink/mysql/MySQLSinkDTO.java:
##########
@@ -47,6 +49,15 @@ public class MySQLSinkDTO {
     /**
      * The sensitive param may lead the attack.
      */
+    private static final Map<String, String> SENSITIVE_PARAM_MAP = new 
HashMap<String, String>() {
+        {
+            put("autoDeserialize=true", "autoDeserialize=false");
+            put("allowLoadLocalInfile=true", "allowLoadLocalInfile=false");
+            put("allowUrlInLocalInfile=true", "allowUrlInLocalInfile=false");
+            put("allowLoadLocalInfileInPath=/", "allowLoadLocalInfileInPath=");
+        }
+    };
+
     private static final String SENSITIVE_PARAM_TRUE = "autoDeserialize=true";
     private static final String SENSITIVE_PARAM_FALSE = 
"autoDeserialize=false";

Review Comment:
   done



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@inlong.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [inlong] fuweng11 commented on a diff in pull request #7214: [INLONG-7213][Manager] Add a check to the URL encoding of mysql JDBC URL

Reply via email to