[risk] Path traversal in ShenyuPluginPathBuilder

apache / shenyu

Apache ShenYu is a Java native API Gateway for service proxy, protocol conversion and API governance.

https://shenyu.apache.org/

Apache License 2.0

8.42k stars 2.92k forks source link

[risk] Path traversal in ShenyuPluginPathBuilder #5603

Open BrdgYin opened 2 months ago

BrdgYin commented 2 months ago

Question

/**
 * Gets plugin file.
 *
 * @param path the path
 * @return the plugin jar file.
 */
public static File getPluginFile(final String path) {
    String pluginPath = getPluginPath(path);
    return new File(pluginPath);
}

yu199195 commented 1 month ago

can you fix it? thanks