octoleo/plantuml
1
0
Fork 0
mirror of https://github.com/octoleo/plantuml.git synced 2024-11-28 15:56:31 +00:00
Code Issues Releases Wiki Activity

fix: only allow to read some environment variables

Browse Source
This commit is contained in:
Arnaud Roques 2023-06-13 12:55:32 +02:00
parent fbe7fa3b25
commit ff6e71e626
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/net/sourceforge/plantuml/security/SecurityProfile.java
View File

@ -165,13 +165,17 @@ public enum SecurityProfile {
if (name == null) if (name == null)
return false; return false;
if (this == UNSECURE) final String lname = name.toLowerCase();
if (lname.startsWith("plantuml.security"))
return false;
if (lname.startsWith("plantuml"))
return true; return true;
if (name.toLowerCase().startsWith("plantuml")) if (lname.equals("path.separator") || lname.equals("line.separator"))
return true; return true;
return true; return this == UNSECURE;
} }
} }

1
test/net/sourceforge/plantuml/tim/stdlib/GetenvTest.java
View File

@ -46,7 +46,6 @@ class GetenvTest {
*/ */
@ParameterizedTest @ParameterizedTest
@ValueSource(strings = { @ValueSource(strings = {
"java.version",
"path.separator", "path.separator",
"line.separator", "line.separator",
}) })