Deny disallowed local file loading

Author: mirromutth

src/main/java/io/asyncer/r2dbc/mysql/internal/util/ReadCompletionHandler.java

@@ -28,7 +28,8 @@
 import java.util.concurrent.atomic.AtomicReference;
 
 /**
- * TODO: add javadoc here
+ * An implementation of {@link CompletionHandler} that reads data from an asynchronous file channel and emits
+ * file data or I/O exception to a {@link FluxSink}.
  */
 final class ReadCompletionHandler implements CompletionHandler<Integer, ByteBuf> {
 

src/main/java/io/asyncer/r2dbc/mysql/message/client/LocalInfileResponse.java

@@ -63,7 +63,11 @@ public Flux<ByteBuf> encode(ByteBufAllocator allocator, ConnectionContext contex
                     Path safePath = context.getLocalInfilePath();
                     Path file = Paths.get(this.path);
 
-                    if (safePath == null || file.startsWith(safePath)) {
+                    if (safePath == null) {
+                        String message = "Allowed local file path not set, but attempted to load '" + file +
+                            '\'';
+                        sink.error(new R2dbcPermissionDeniedException(message));
+                    } else if (file.startsWith(safePath)) {
                         sink.success(file);
                     } else {
                         String message = String.format("The file '%s' is not under the safe path '%s'",