[jira] [Created] (FLINK-18151) Resolve CWE22 problems in pyflink_gateway_server.py

Hequn Cheng (Jira) Fri, 05 Jun 2020 04:13:26 -0700

Hequn Cheng created FLINK-18151:
-----------------------------------

             Summary: Resolve CWE22 problems in pyflink_gateway_server.py 
                 Key: FLINK-18151
                 URL: https://issues.apache.org/jira/browse/FLINK-18151
             Project: Flink
          Issue Type: Bug
          Components: API / Python
    Affects Versions: 1.10.1, 1.11.0, 1.12.0
            Reporter: Hequn Cheng



For example, the code `if os.path.isfile(flink_conf_path):` contains CWE22 
problem that calling "os.path.isfile" with the tainted value in argument 1. 
This constructs a path or URI using the tainted value and may thus allow an 
attacker to access, modify, or test the existence of critical or sensitive 
files.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (FLINK-18151) Resolve CWE22 problems in pyflink_gateway_server.py

Reply via email to