wwbmmm commented on code in PR #2610:
URL: https://github.com/apache/brpc/pull/2610#discussion_r1590484646
##########
src/brpc/span.cpp:
##########
@@ -506,6 +509,13 @@ inline uint64_t ToLittleEndian(const uint32_t* buf) {
}
SpanDB* SpanDB::Open() {
+ // Remove old rpcz directory even if crash occurs.
+ if (!FLAGS_rpcz_keep_span_db) {
+ std::string cmd = butil::string_printf("rm -rf
%s/[0-9]*\.*[0-9]*\.[0-9]*",
Review Comment:
最好不要用拼接命令行的方式,可以用文件系统函数遍历一下FLAGS_rpcz_database_dir下的子目录,然后判断目录名符合正则表达式的目录,再进行删除
##########
src/brpc/span.cpp:
##########
@@ -506,6 +509,13 @@ inline uint64_t ToLittleEndian(const uint32_t* buf) {
}
SpanDB* SpanDB::Open() {
+ // Remove old rpcz directory even if crash occurs.
+ if (!FLAGS_rpcz_keep_span_db) {
+ std::string cmd = butil::string_printf("rm -rf
%s/[0-9]*\.*[0-9]*\.[0-9]*",
Review Comment:
这样还是有命令注入的风险,比如FLAGS_rpcz_database_dir被改成 "/ abc",中间有个空格,那么命令就变成了同时删除"/"
和"abc/[0-9]*\.*[0-9]*\.[0-9]*"这两种目录
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@brpc.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@brpc.apache.org
For additional commands, e-mail: dev-h...@brpc.apache.org
