CVE-2023-22888: Sanitize `DagRun.run_id` and allow flexibility by ephraimbuddy · Pull Request #32293 · apache/airflow

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Conversation

This commit sanitizes the DagRun.run_id parameter by introducing a configurable option. Users now have the ability to select a specific run_id pattern for their runs, ensuring stricter control over the values used. This update does not impact the default run_id generation performed by the scheduler for scheduled DAG runs or for Dag runs triggered without modifying the run_id parameter in the run configuration page. The configuration flexibility empowers users to align the run_id pattern with their specific requirements.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

This commit sanitizes the DagRun.run_id parameter by introducing a configurable option. Users now have the ability to select a specific run_id pattern for their runs, ensuring stricter control over the values used. This update does not impact the default run_id generation performed by the scheduler for scheduled DAG runs or for Dag runs triggered without modifying the run_id parameter in the run configuration page. The configuration flexibility empowers users to align the run_id pattern with their specific requirements.

ephraimbuddy added a commit that referenced this pull request

Jul 6, 2023

This commit sanitizes the DagRun.run_id parameter by introducing a configurable option. Users now have the ability to select a specific run_id pattern for their runs, ensuring stricter control over the values used. This update does not impact the default run_id generation performed by the scheduler for scheduled DAG runs or for Dag runs triggered without modifying the run_id parameter in the run configuration page. The configuration flexibility empowers users to align the run_id pattern with their specific requirements.

(cherry picked from commit 05bd90f)

ephraimbuddy added a commit that referenced this pull request

Jul 6, 2023

This commit sanitizes the DagRun.run_id parameter by introducing a configurable option. Users now have the ability to select a specific run_id pattern for their runs, ensuring stricter control over the values used. This update does not impact the default run_id generation performed by the scheduler for scheduled DAG runs or for Dag runs triggered without modifying the run_id parameter in the run configuration page. The configuration flexibility empowers users to align the run_id pattern with their specific requirements.

(cherry picked from commit 05bd90f)

ephraimbuddy added a commit that referenced this pull request

Jul 6, 2023

This commit sanitizes the DagRun.run_id parameter by introducing a configurable option. Users now have the ability to select a specific run_id pattern for their runs, ensuring stricter control over the values used. This update does not impact the default run_id generation performed by the scheduler for scheduled DAG runs or for Dag runs triggered without modifying the run_id parameter in the run configuration page. The configuration flexibility empowers users to align the run_id pattern with their specific requirements.

(cherry picked from commit 05bd90f)

This was referenced

Jul 7, 2023

Reviewers

potiuk potiuk approved these changes

ryanahamilton Awaiting requested review from ryanahamilton ryanahamilton is a code owner

ashb Awaiting requested review from ashb ashb is a code owner

bbovenzi Awaiting requested review from bbovenzi bbovenzi is a code owner

pierrejeambrun Awaiting requested review from pierrejeambrun pierrejeambrun is a code owner

kaxil Awaiting requested review from kaxil kaxil is a code owner

XD-DENG Awaiting requested review from XD-DENG XD-DENG is a code owner

2 participants