mirror of
https://github.com/octoleo/plantuml.git
synced 2024-12-25 20:11:18 +00:00
fix: only allow to read some environment variables
This commit is contained in:
parent
fbe7fa3b25
commit
ff6e71e626
@ -165,13 +165,17 @@ public enum SecurityProfile {
|
||||
if (name == null)
|
||||
return false;
|
||||
|
||||
if (this == UNSECURE)
|
||||
final String lname = name.toLowerCase();
|
||||
if (lname.startsWith("plantuml.security"))
|
||||
return false;
|
||||
|
||||
if (lname.startsWith("plantuml"))
|
||||
return true;
|
||||
|
||||
if (name.toLowerCase().startsWith("plantuml"))
|
||||
|
||||
if (lname.equals("path.separator") || lname.equals("line.separator"))
|
||||
return true;
|
||||
|
||||
return true;
|
||||
|
||||
return this == UNSECURE;
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -46,7 +46,6 @@ class GetenvTest {
|
||||
*/
|
||||
@ParameterizedTest
|
||||
@ValueSource(strings = {
|
||||
"java.version",
|
||||
"path.separator",
|
||||
"line.separator",
|
||||
})
|
||||
|
Loading…
Reference in New Issue
Block a user