[
https://issues.apache.org/jira/browse/AIRFLOW-231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15329370#comment-15329370
]
ASF subversion and git services commented on AIRFLOW-231:
-
Commit 7d29698b639d9e2060465aa778efb842986df706 in incubator-airflow's branch
refs/heads/master from [~maxime.beauche...@apache.org]
[ https://git-wip-us.apache.org/repos/asf?p=incubator-airflow.git;h=7d29698 ]
[AIRFLOW-231] Do not eval user input in PrestoHook
Running `eval` represent a security threat as the interpreter can be
hijacked by the service returning the string getting "evaled", in this
case Presto. It turns out the code I'm changing here was written a long
time ago and misguided, casting a python object to a string and then
evaling it as a useless round trip.
Closes #1584 from mistercrunch/security
> Remove security issue around `eval` statement in PrestoHook
> ---
>
> Key: AIRFLOW-231
> URL: https://issues.apache.org/jira/browse/AIRFLOW-231
> Project: Apache Airflow
> Issue Type: Improvement
>Reporter: Maxime Beauchemin
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)