potiuk commented on issue #6801: [AIRFLOW-6260] Drive _cmd config options by env var URL: https://github.com/apache/airflow/pull/6801#issuecomment-566603555 Geeee. Bad me .. I missed entirely the _cmd option in Airflow. So it seems we are already past the dangerous line when user can not only write arbitrary python code in DAGs but also arbitrary bash script :). Still what I see is that we allow that only for those "secret-related" cases. From the docs: > The following config options support this _cmd version: > > - sql_alchemy_conn in [core] section > - fernet_key in [core] section > - broker_url in [celery] section > - result_backend in [celery] section > - password in [atlas] section > - smtp_password in [smtp] section > - bind_password in [ldap] section > - git_password in [kubernetes] section So if we allow this ENV variable thing here it should also be limited to those variables IMHO. > Never heard that one in Polish (half-Pole here ^^), but it translates as well in French :) What is the French version then :) ?
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
