octoleo/plantuml
1
0
Fork 0
mirror of https://github.com/octoleo/plantuml.git synced 2024-11-24 22:07:33 +00:00
Code Issues Releases Wiki Activity

fix: only allow to read some environment variables

Browse Source
This commit is contained in:
Arnaud Roques 2023-06-13 12:55:32 +02:00
parent fbe7fa3b25
commit ff6e71e626
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/net/sourceforge/plantuml/security/SecurityProfile.java
View File

@ -165,13 +165,17 @@ public enum SecurityProfile {
if (name == null)
return false;
if (this == UNSECURE)
final String lname = name.toLowerCase();
if (lname.startsWith("plantuml.security"))
return false;
if (lname.startsWith("plantuml"))
return true;
if (name.toLowerCase().startsWith("plantuml"))
if (lname.equals("path.separator") || lname.equals("line.separator"))
return true;
return true;
return this == UNSECURE;
}
}

1
test/net/sourceforge/plantuml/tim/stdlib/GetenvTest.java
View File

@ -46,7 +46,6 @@ class GetenvTest {
*/
@ParameterizedTest
@ValueSource(strings = {
"java.version",
"path.separator",
"line.separator",
})