Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check DAG read permission before accessing DAG code #36257

Merged
merged 1 commit into from
Dec 16, 2023
Merged

Check DAG read permission before accessing DAG code #36257

merged 1 commit into from
Dec 16, 2023
+78 −13

Conversation

hussein-awala
Copy link
Member

This PR checks if the user has read access on the DAG before allowing the reading of the DAG code. If the DAG is defined with other DAGs in the same file, the user should have read access to all the other DAGs. Otherwise, he will be forbidden from reading the file code.

@boring-cyborg boring-cyborg bot added the area:API Airflow's REST/HTTP API label Dec 16, 2023
hussein-awala
hussein-awala commented Dec 16, 2023
View reviewed changes
airflow/models/dagcode.py
Comment on lines -180 to +186
def code(cls, fileloc) -> str:
@provide_session
def code(cls, fileloc, session: Session = NEW_SESSION) -> str:
"""Return source code for this DagCode object.
:return: source code as string
"""
return cls._get_code_from_db(fileloc)
return cls._get_code_from_db(fileloc, session)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is to avoid creating two different sessions because we use the method code and not the protected one.

@hussein-awala hussein-awala merged commit 30ea37e into apache:main Dec 16, 2023
52 checks passed
@hussein-awala hussein-awala added this to the Airflow 2.8.1 milestone Dec 16, 2023
@hussein-awala hussein-awala added the type:bug-fix Changelog: Bug Fixes label Dec 16, 2023
@vincbeck vincbeck mentioned this pull request Dec 18, 2023
Merged
ephraimbuddy pushed a commit that referenced this pull request Jan 11, 2024
@hussein-awala @ephraimbuddy
Check DAG read permission before accessing DAG code (#36257)
8d76538 
(cherry picked from commit 30ea37e)
@ephraimbuddy ephraimbuddy mentioned this pull request Jan 16, 2024
Closed
68 tasks
@GoVulnBot GoVulnBot mentioned this pull request Jan 24, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eladkal eladkal eladkal approved these changes

@Taragolis Taragolis Taragolis approved these changes

@potiuk potiuk potiuk approved these changes

@ephraimbuddy ephraimbuddy Awaiting requested review from ephraimbuddy ephraimbuddy is a code owner

@pierrejeambrun pierrejeambrun Awaiting requested review from pierrejeambrun pierrejeambrun is a code owner

@kaxil kaxil Awaiting requested review from kaxil

@XD-DENG XD-DENG Awaiting requested review from XD-DENG XD-DENG is a code owner

@ashb ashb Awaiting requested review from ashb ashb is a code owner

@vincbeck vincbeck Awaiting requested review from vincbeck

Assignees
No one assigned
Labels
area:API Airflow's REST/HTTP API type:bug-fix Changelog: Bug Fixes
Projects
None yet
Milestone
Airflow 2.8.1
Development

Successfully merging this pull request may close these issues.
4 participants
@hussein-awala @potiuk @Taragolis @eladkal