ashb commented on code in PR #68662:
URL: https://github.com/apache/airflow/pull/68662#discussion_r3437045939
##########
airflow-core/src/airflow/serialization/serialized_objects.py:
##########
@@ -658,14 +659,18 @@ def deserialize(cls, encoded_var: Any) -> Any:
args = deser["args"]
kwargs = deser["kwargs"]
del deser
+ # ``exc_cls_name`` comes from the serialized payload, so resolve
it without handing an
+ # attacker-controlled string to ``import_string`` -- that would
execute the named
+ # module's top-level code before any validation. The encode side
only ever emits
+ # ``airflow.*`` AirflowException subclasses for AIRFLOW_EXC_SER
and builtin
+ # KeyError/AttributeError for BASE_EXC_SER, so reject anything
outside those up front,
+ # mirroring the import-path guards in the
timetable/window/wait-policy decoders.
if type_ == DAT.AIRFLOW_EXC_SER:
+ if not exc_cls_name.startswith("airflow."):
Review Comment:
Not sure this is safe either. It's relatively trivial to have `airflow.evil`
be a module.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
