potiuk commented on code in PR #44557: URL: https://github.com/apache/airflow/pull/44557#discussion_r1867442251
########## providers/src/airflow/providers/http/sensors/http.py: ########## @@ -17,10 +17,14 @@ # under the License. from __future__ import annotations +import base64 +import pickle Review Comment: My default answer to "do we want to use pickle?" is "hell no". This is more nuanced when it comes to details, but using pickle is a HUGE security floodgate and using it for anything but internal passing of data for multiprocessing where it is not visible or even accesible to the external users is "no go" by default. Int this case - when we want to pass pickled data as a TriggerEvent - in order for it to be serialized and then unpickled, the answer is "ABSOLUTELY NOT". Cloudpickle might be a way to go. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
