This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new cf81455027 Do not show version/node in UI traceback for
unauthenticated user (#29501)
cf81455027 is described below
commit cf814550275bd04326f095cc28f93663daf3404b
Author: Jarek Potiuk <[email protected]>
AuthorDate: Mon Feb 13 10:24:09 2023 +0100
Do not show version/node in UI traceback for unauthenticated user (#29501)
The traceback contains information that might be useful for a potential
attacker to better target their attack (Python/Airflow version, node
name). This information should not be shown if traceback is shown to
unauthenticated user.
---
airflow/www/views.py | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/airflow/www/views.py b/airflow/www/views.py
index 2ee9313727..ee0277651f 100644
--- a/airflow/www/views.py
+++ b/airflow/www/views.py
@@ -596,13 +596,13 @@ def show_traceback(error):
return (
render_template(
"airflow/traceback.html",
- python_version=sys.version.split(" ")[0],
- airflow_version=version,
+ python_version=sys.version.split(" ")[0] if
g.user.is_authenticated else "redact",
+ airflow_version=version if g.user.is_authenticated else "redact",
hostname=get_hostname()
- if conf.getboolean("webserver", "EXPOSE_HOSTNAME", fallback=True)
+ if conf.getboolean("webserver", "EXPOSE_HOSTNAME", fallback=True)
and g.user.is_authenticated
else "redact",
info=traceback.format_exc()
- if conf.getboolean("webserver", "EXPOSE_STACKTRACE", fallback=True)
+ if conf.getboolean("webserver", "EXPOSE_STACKTRACE",
fallback=True) and g.user.is_authenticated
else "Error! Please contact server admin.",
),
500,
