airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <>
Subject [jira] [Commented] (AIRFLOW-231) Remove security issue around `eval` statement in PrestoHook
Date Tue, 14 Jun 2016 12:00:04 GMT


ASF subversion and git services commented on AIRFLOW-231:

Commit 7d29698b639d9e2060465aa778efb842986df706 in incubator-airflow's branch refs/heads/master
from []
[;h=7d29698 ]

[AIRFLOW-231] Do not eval user input in PrestoHook

Running `eval` represent a security threat as the interpreter can be
hijacked by the service returning the string getting "evaled", in this
case Presto. It turns out the code I'm changing here was written a long
time ago and misguided, casting a python object to a string and then
evaling it as a useless round trip.

Closes #1584 from mistercrunch/security

> Remove security issue around `eval` statement in PrestoHook
> -----------------------------------------------------------
>                 Key: AIRFLOW-231
>                 URL:
>             Project: Apache Airflow
>          Issue Type: Improvement
>            Reporter: Maxime Beauchemin

This message was sent by Atlassian JIRA

View raw message