SameerMesiah97 commented on code in PR #63708:
URL: https://github.com/apache/airflow/pull/63708#discussion_r2972205389
##########
airflow-ctl/src/airflowctl/api/client.py:
##########
@@ -160,7 +161,13 @@ def __init__(
):
self.api_url = api_url
self.api_token = api_token
- self.api_environment = os.getenv("AIRFLOW_CLI_ENVIRONMENT") or
api_environment
+ raw_env = os.getenv("AIRFLOW_CLI_ENVIRONMENT") or api_environment
+ if not re.match(r'^[a-zA-Z0-9_.-]+$', raw_env):
Review Comment:
This is too strict. What about existing valid `api_environment` values like
'team:prod', or 'prod v2'?Previously this accepted any string, but now it is
limited to , so these would fail. Since this comes from CLI/env, this could
break real usages.
Seems like it would be better to loosen restriction to only block `/` and
`..`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
