We found 'file' may be contaminated on line 77 of PluginPackageController.java.Use of unfiltered data in selection of requested application file path could lead to sensitive data disclosure and potential theft of proprietary business logic.It will affect on line 487 of PluginArtifactsMgmtService.java
https://github.com/WeBankPartners/wecube-platform/blob/15b004e0295c9466ac11c717bee27165fc5b13a9/platform-core/src/main/java/com/webank/wecube/platform/core/controller/plugin/PluginPackageController.java#L76-L84
https://github.com/WeBankPartners/wecube-platform/blob/15b004e0295c9466ac11c717bee27165fc5b13a9/platform-core/src/main/java/com/webank/wecube/platform/core/service/plugin/PluginArtifactsMgmtService.java#L361-L380
https://github.com/WeBankPartners/wecube-platform/blob/15b004e0295c9466ac11c717bee27165fc5b13a9/platform-core/src/main/java/com/webank/wecube/platform/core/service/plugin/PluginArtifactsMgmtService.java#L476-L488
We found 'file' may be contaminated on line 77 of PluginPackageController.java.Use of unfiltered data in selection of requested application file path could lead to sensitive data disclosure and potential theft of proprietary business logic.It will affect on line 487 of PluginArtifactsMgmtService.java