Search before asking

• I had searched in the issues and found no similar issues.

Issue Description

The static method in this utility class directly uses the URL passed in by the user, which has a hidden security issue.

Directly incorporating user input into an HTTP request without validating the input can facilitate server-side request forgery (SSRF) attacks. In these attacks, the server may be tricked into making a request and interacting with an attacker-controlled server.

该工具类的这个静态方法直接使用用户传入的 URL，存在潜在的安全隐患。
直接将用户输入作为 HTTP 请求而不对输入进行验证，可能会导致服务器端请求伪造 (SSRF) 攻击。攻击者可能通过该手段，诱使服务器向攻击者的服务器发请求并进行交互。

Tracking issue for:

• https://github.com/apache/eventmesh/security/code-scanning/131

Are you willing to submit PR?

• Yes I am willing to submit a PR!

Code of Conduct

• I agree to follow this project's Code of Conduct *