0x0OZ opened a new issue, #63160:
URL: https://github.com/apache/airflow/issues/63160
### Description
The Airflow REST API redacts sensitive fields in connection responses. The
`password` field is always replaced with `***`. The `extra` field is redacted
by parsing it as JSON and redacting each value in the resulting dictionary.
However, if the `extra` field contains a non-JSON string (e.g., a raw Bearer
token, a key=value pair, XML, or any other format), the `json.loads()` call
raises `JSONDecodeError`, and the exception handler **returns the raw value
as-is without redaction**.
From reading the comment there, it seems this is a known issue, so I didn't
report this as a security bug, but hopefully as a feature request.
```python
def redact_extra(cls, v: str | None) -> str | None:
if v is None:
return None
try:
extra_dict = json.loads(v)
redacted_dict = redact(extra_dict)
return json.dumps(redacted_dict)
except json.JSONDecodeError:
# we can't redact fields in an unstructured `extra`
return v
```
Currenlty the code simply returns the extra field if it failed to dumps its
JSON, instead maybe it should just return **\*\*\***, e.g `return "***"`
Ref:
https://github.com/apache/airflow/blob/main/airflow-core/src/airflow/api_fastapi/core_api/datamodels/connections.py#L53-L65
### Use case/motivation
_No response_
### Related issues
_No response_
### Are you willing to submit a PR?
- [x] Yes I am willing to submit a PR!
### Code of Conduct
- [x] I agree to follow this project's [Code of
Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
