Fix CVE-2021-27116 CVE-2021-27117

1. Adding O_NOFOLLOW flag to prevent symlink attacks

These changes help protect against various security issues including:

- Symlink attacks where attackers could trick the application into modifying unintended files
- Privilege escalation through improper file permissions

Signed-off-by: chengjingtao <jtcheng0616@gmail.com>

core/config/xml/xml.go

@@ -36,6 +36,7 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"syscall"
 
 	"github.com/mitchellh/mapstructure"
 
@@ -247,7 +248,7 @@ func (c *ConfigContainer) GetSection(section string) (map[string]string, error)
 // SaveConfigFile save the config into file
 func (c *ConfigContainer) SaveConfigFile(filename string) (err error) {
 	// Write configuration file by filename.
-	f, err := os.Create(filename)
+	f, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE|syscall.O_NOFOLLOW, 0600)
 	if err != nil {
 		return err
 	}