This is an automated email from the ASF dual-hosted git repository. kaxilnaik pushed a commit to branch v1-10-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit f46ed7c85d2392d3ac4d40e98a53cd9c1b5210f5 Author: Ash Berlin-Taylor <[email protected]> AuthorDate: Wed Dec 2 10:55:22 2020 +0000 Don't let webserver run with dangerous config (#12747) (cherry picked from commit dab783fcdcd6e18ee4d46c6daad0d43a0b075ada) --- airflow/bin/cli.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/airflow/bin/cli.py b/airflow/bin/cli.py index 4f23038..ac1b9a4 100644 --- a/airflow/bin/cli.py +++ b/airflow/bin/cli.py @@ -1138,6 +1138,17 @@ def webserver(args): py2_deprecation_waring() print(settings.HEADER) + # Check for old/insecure config, and fail safe (i.e. don't launch) if the config is wildly insecure. + if conf.get('webserver', 'secret_key') == 'temporary_key': + print( + "ERROR: The `secret_key` setting under the webserver config has an insecure " + "value - Airflow has failed safe and refuses to start. Please change this value to a new, " + "per-environment, randomly generated string, for example using this command `openssl rand " + "-hex 30`", + file=sys.stderr, + ) + sys.exit(1) + access_logfile = args.access_logfile or conf.get('webserver', 'access_logfile') error_logfile = args.error_logfile or conf.get('webserver', 'error_logfile') num_workers = args.workers or conf.get('webserver', 'workers')
