ashb commented on a change in pull request #7644: [AIRFLOW-7003] Lazy load all
plguins
URL: https://github.com/apache/airflow/pull/7644#discussion_r392208874
##########
File path: airflow/serialization/serialized_objects.py
##########
@@ -326,14 +326,15 @@ def serialize_operator(cls, op: BaseOperator) -> dict:
def deserialize_operator(cls, encoded_op: Dict[str, Any]) -> BaseOperator:
"""Deserializes an operator from a JSON object.
"""
- from airflow.plugins_manager import operator_extra_links
+ from airflow import plugins_manager
Review comment:
It's a security measure:
Since operator links can be dynamic (think a pre-signed S3 url that is only
valid for 15mins), so we need to support inflating to "custom" classes, but we
don't want to have to trust the serialized blob, so we only inflate classes are
pre-registered.
This is a class of bugs called "Object Injection Attacks" -- if we trusted
the input and de-serialized whatever class was here we might end up opening a
reverse shell etc. https://blog.nelhage.com/2011/03/exploiting-pickle/ as an
example. This defense is not perfect as the plugins are "under user control"
but this is mostly looking forward to when we will have an API that accepts a
serialized DAG blob to run.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
