junyeong0619 commented on code in PR #66022:
URL: https://github.com/apache/airflow/pull/66022#discussion_r3215495981
##########
airflow-core/src/airflow/api_fastapi/execution_api/routes/variables.py:
##########
@@ -120,3 +125,25 @@ def delete_variable(
):
"""Delete an Airflow Variable."""
Variable.delete(key=variable_key, team_name=team_name)
+
+
+@keys_router.get(
+ "/keys",
+ responses={
+ status.HTTP_401_UNAUTHORIZED: {"description": "Unauthorized"},
+ },
+)
+def get_variable_keys(
+ session: SessionDep,
+ team_name: Annotated[str | None, Depends(get_team_name_dep)] = None,
+ prefix: Annotated[str | None, Query()] = None,
+) -> VariableKeysResponse:
+ """Get Airflow Variable keys, optionally filtered by prefix."""
+ stmt = select(Variable.key)
+ if prefix is not None:
+ stmt = stmt.where(Variable.key.startswith(prefix))
Review Comment:
Followed your advice to enable autoescape for prevention, and I've also
included negative tests (`underscore-is-literal`, `percent-is-literal`) to
ensure robustness.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
