kylin-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KYLIN-3401) The current using zip compress tool has an arbitrary file write vulnerability
Date Wed, 06 Jun 2018 11:12:00 GMT

    [ https://issues.apache.org/jira/browse/KYLIN-3401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16503146#comment-16503146
] 

ASF GitHub Bot commented on KYLIN-3401:
---------------------------------------

codecov-io commented on issue #149: KYLIN-3401 change zip compress tool from java.util.zip
to Apache comm…
URL: https://github.com/apache/kylin/pull/149#issuecomment-395031843
 
 
   # [Codecov](https://codecov.io/gh/apache/kylin/pull/149?src=pr&el=h1) Report
   > Merging [#149](https://codecov.io/gh/apache/kylin/pull/149?src=pr&el=desc) into
[master](https://codecov.io/gh/apache/kylin/commit/e5accc575cc78f25f54d3125b0796a933526e79b?src=pr&el=desc)
will **increase** coverage by `<.01%`.
   > The diff coverage is `0%`.
   
   [![Impacted file tree graph](https://codecov.io/gh/apache/kylin/pull/149/graphs/tree.svg?token=JawVgbgsVo&src=pr&height=150&width=650)](https://codecov.io/gh/apache/kylin/pull/149?src=pr&el=tree)
   
   ```diff
   @@             Coverage Diff              @@
   ##             master     #149      +/-   ##
   ============================================
   + Coverage     22.16%   22.16%   +<.01%     
   + Complexity     4021     4020       -1     
   ============================================
     Files          1012     1012              
     Lines         61164    61133      -31     
     Branches       8766     8760       -6     
   ============================================
   - Hits          13554    13551       -3     
   + Misses        46370    46341      -29     
   - Partials       1240     1241       +1
   ```
   
   
   | [Impacted Files](https://codecov.io/gh/apache/kylin/pull/149?src=pr&el=tree) | Coverage
Δ | Complexity Δ | |
   |---|---|---|---|
   | [...ava/org/apache/kylin/common/util/ZipFileUtils.java](https://codecov.io/gh/apache/kylin/pull/149/diff?src=pr&el=tree#diff-Y29yZS1jb21tb24vc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2t5bGluL2NvbW1vbi91dGlsL1ppcEZpbGVVdGlscy5qYXZh)
| `0% <0%> (ø)` | `0 <0> (ø)` | :arrow_down: |
   | [...org/apache/kylin/rest/util/QueryRequestLimits.java](https://codecov.io/gh/apache/kylin/pull/149/diff?src=pr&el=tree#diff-c2VydmVyLWJhc2Uvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2t5bGluL3Jlc3QvdXRpbC9RdWVyeVJlcXVlc3RMaW1pdHMuamF2YQ==)
| `35.71% <0%> (-4.77%)` | `5% <0%> (-1%)` | |
   | [.../apache/kylin/cube/cuboid/TreeCuboidScheduler.java](https://codecov.io/gh/apache/kylin/pull/149/diff?src=pr&el=tree#diff-Y29yZS1jdWJlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9reWxpbi9jdWJlL2N1Ym9pZC9UcmVlQ3Vib2lkU2NoZWR1bGVyLmphdmE=)
| `63.84% <0%> (-2.31%)` | `0% <0%> (ø)` | |
   | [...rg/apache/kylin/cube/inmemcubing/MemDiskStore.java](https://codecov.io/gh/apache/kylin/pull/149/diff?src=pr&el=tree#diff-Y29yZS1jdWJlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9reWxpbi9jdWJlL2lubWVtY3ViaW5nL01lbURpc2tTdG9yZS5qYXZh)
| `69.6% <0%> (+0.3%)` | `7% <0%> (ø)` | :arrow_down: |
   | [...lin/dict/lookup/cache/RocksDBLookupTableCache.java](https://codecov.io/gh/apache/kylin/pull/149/diff?src=pr&el=tree#diff-Y29yZS1kaWN0aW9uYXJ5L3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9reWxpbi9kaWN0L2xvb2t1cC9jYWNoZS9Sb2Nrc0RCTG9va3VwVGFibGVDYWNoZS5qYXZh)
| `76.68% <0%> (+0.51%)` | `27% <0%> (ø)` | :arrow_down: |
   
   ------
   
   [Continue to review full report at Codecov](https://codecov.io/gh/apache/kylin/pull/149?src=pr&el=continue).
   > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)
   > `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
   > Powered by [Codecov](https://codecov.io/gh/apache/kylin/pull/149?src=pr&el=footer).
Last update [e5accc5...47ef600](https://codecov.io/gh/apache/kylin/pull/149?src=pr&el=lastupdated).
Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> The current using zip compress tool has an arbitrary file write vulnerability
> -----------------------------------------------------------------------------
>
>                 Key: KYLIN-3401
>                 URL: https://issues.apache.org/jira/browse/KYLIN-3401
>             Project: Kylin
>          Issue Type: Bug
>            Reporter: Chao Long
>            Assignee: Chao Long
>            Priority: Major
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message