7x31
/
databasir
mirror of https://github.com/vran-dev/databasir.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: security vulnerability SSRF (#256)

This commit is contained in:
vran 2022-07-29 11:18:51 +08:00 committed by GitHub
parent 4df8f9b93e
commit 226c20e0c9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
core/src/main/java/com/databasir/core/infrastructure/driver/DriverResources.java
View File

@ -60,7 +60,7 @@ public class DriverResources {
try { try {
Files.createDirectories(parentDirPath); Files.createDirectories(parentDirPath);
} catch (IOException e) { } catch (IOException e) {
log.error("下载驱动时创建目录失败", e); log.error("create directory for driver failed", e);
throw DomainErrors.DOWNLOAD_DRIVER_ERROR.exception(e); throw DomainErrors.DOWNLOAD_DRIVER_ERROR.exception(e);
} }
@ -97,8 +97,9 @@ public class DriverResources {
} }
}); });
} catch (RestClientException e) { } catch (RestClientException e) {
log.error(parentDir + " download driver error", e); String msg = String.format("download driver from %s to %s failed", driverFileUrl, parentDir);
throw DomainErrors.DOWNLOAD_DRIVER_ERROR.exception(e.getMessage()); log.error(msg, e);
throw DomainErrors.DOWNLOAD_DRIVER_ERROR.exception(msg);
} }
} }