ASF subversion and git services commented on AIRFLOW-231:

Commit 7d29698b639d9e2060465aa778efb842986df706 in incubator-airflow's branch 
refs/heads/master from [~maxime.beauche...@apache.org]
[ https://git-wip-us.apache.org/repos/asf?p=incubator-airflow.git;h=7d29698 ]

[AIRFLOW-231] Do not eval user input in PrestoHook

Running `eval` represent a security threat as the interpreter can be
hijacked by the service returning the string getting "evaled", in this
case Presto. It turns out the code I'm changing here was written a long
time ago and misguided, casting a python object to a string and then
evaling it as a useless round trip.

Closes #1584 from mistercrunch/security

> Remove security issue around `eval` statement in PrestoHook
> -----------------------------------------------------------
>                 Key: AIRFLOW-231
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-231
>             Project: Apache Airflow
>          Issue Type: Improvement
>            Reporter: Maxime Beauchemin

This message was sent by Atlassian JIRA

Reply via email to