The GitHub Actions job "Tests (AMD)" on airflow.git/fix-templated-dag-id-escape-vulnerability has succeeded. Run started by GitHub user gopidesupavan (triggered by gopidesupavan).
Head commit for run: f3edd5def8cc0609e83edeb382a04c452e7f8e32 / GPK <[email protected]> Quote `dag_id` in Task SDK Get to prevent path traversal ### Motivation - Prevent templated `trigger_dag_id` from escaping the `/dags/` Execution API path by ensuring the task SDK treats `dag_id` as a single URL path segment. ### Description - Percent-encode `dag_id` in `DagsOperations.get` by using `urllib.parse.quote(dag_id, safe='')` in `task-sdk/src/airflow/sdk/api/client.py` and add a regression test `test_get_url_quotes_dag_id_as_single_path_segment` in `task-sdk/tests/task_sdk/api/test_client.py` that asserts the request `raw_path` is the percent-encoded `/dags/` segment. ### Testing - Ran `ruff format` and `ruff check --fix` on the modified files successfully and added a unit test demonstrating the encoded path behavior; running the test suite with `uv run --project task-sdk pytest ...` was attempted but test execution was blocked by network dependency download failures in this environment. --- Drafted-by: GPT-5.3-Codex (no human review before posting) Report URL: https://github.com/apache/airflow/actions/runs/27104333504 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
