[jira] [Commented] (BEAM-3072) Improve error handling at staging time time for DataflowRunner

Wed, 27 Mar 2019 11:25:24 -0700 


    [ 
https://issues.apache.org/jira/browse/BEAM-3072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16803185#comment-16803185
 ] 

Ahmet Altay commented on BEAM-3072:
-----------------------------------

Yes, I think setting shell = True would be a concern.

See the docs here: 
https://docs.python.org/2/library/subprocess.html#subprocess.Popen

And this part specifically: 
"""
On Unix with shell=True, the shell defaults to /bin/sh. If args is a string, 
the string specifies the command to execute through the shell. This means that 
the string must be formatted exactly as it would be when typed at the shell 
prompt. This includes, for example, quoting or backslash escaping filenames 
with spaces in them. If args is a sequence, the first item specifies the 
command string, and any additional items will be treated as additional 
arguments to the shell itself. That is to say, Popen does the equivalent of:
"""

There are some use case where a Beam pipeline will be constructed on behalf of 
a user in a new environment. (E.g. a service that is built on top of beam but 
hides implementation details.) Setting shell=True here will expose those use 
cases to potential exploitation with this user provided input.

> Improve error handling at staging time time for DataflowRunner
> --------------------------------------------------------------
>
>                 Key: BEAM-3072
>                 URL: https://issues.apache.org/jira/browse/BEAM-3072
>             Project: Beam
>          Issue Type: Bug
>          Components: sdk-py-core
>            Reporter: Ahmet Altay
>            Assignee: niklas Hansson
>            Priority: Minor
>              Labels: starter, triaged
>
> dependency.py calls out to external process to collect dependencies:
> https://github.com/apache/beam/blob/de7cc05cc67d1aa6331cddc17c2e02ed0efbe37d/sdks/python/apache_beam/runners/dataflow/internal/dependency.py#L263
> If these calls fails, the error is not clear. The error only tells what 
> failed but does not show the actual error message, and is not helpful for 
> users.
> As a general fix processes.py should have general better output collection 
> from failed processes.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to