Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement middleware to prevent regexp parameters and payload #47543

Open
wants to merge 6 commits into
base: main
Choose a base branch
from

Conversation

bugraoz93
Copy link
Contributor

closes: #47364


^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in newsfragments.

@boring-cyborg boring-cyborg bot added the area:API Airflow's REST/HTTP API label Mar 9, 2025
@bugraoz93 bugraoz93 force-pushed the feat/47364/regexp-middleware branch from a155abf to 89b669d Compare March 10, 2025 02:32
@bugraoz93 bugraoz93 marked this pull request as ready for review March 10, 2025 02:32
@bugraoz93 bugraoz93 changed the title [WIP] - Implement middleware to prevent regexp parameters and payload Implement middleware to prevent regexp parameters and payload Mar 10, 2025
@bugraoz93
Copy link
Contributor Author

CI failures seem unrelated. Rebasing

@bugraoz93 bugraoz93 force-pushed the feat/47364/regexp-middleware branch from 89b669d to 721b9f8 Compare March 10, 2025 20:08
@bugraoz93
Copy link
Contributor Author

Okay, two tests from k8s are seems related. I will check this out to be sure, but implementation should be ready for review.

@bugraoz93 bugraoz93 force-pushed the feat/47364/regexp-middleware branch from 721b9f8 to dcd9a9f Compare March 12, 2025 21:38
@pierrejeambrun pierrejeambrun force-pushed the feat/47364/regexp-middleware branch from dcd9a9f to b90ca77 Compare March 14, 2025 12:47
Copy link
Member

@potiuk potiuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should be able to disable that middleware - or add exceptions. With middlewares like this, it's often to get unforeseen false positives and we should be able to give the users a chance to bypass the middlewar in such specific cases.

@bugraoz93 bugraoz93 force-pushed the feat/47364/regexp-middleware branch from b90ca77 to 527c294 Compare March 17, 2025 21:16
…dard requests, include model validation, update test case where violate regexp and cannot pass through in connection since nothing can now have regexp like values, exclude some fields to prevent blocker for more likely include regexp like patterns such as password
@bugraoz93 bugraoz93 force-pushed the feat/47364/regexp-middleware branch from ef44f26 to a297425 Compare March 17, 2025 23:11
@bugraoz93
Copy link
Contributor Author

I think we should enable it by default. What do you think?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area:API Airflow's REST/HTTP API
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Create a Middleware that prevent Regexp in the Requests
2 participants