bugraoz93 commented on code in PR #55116:
URL: https://github.com/apache/airflow/pull/55116#discussion_r2314462203
##########
airflow-core/src/airflow/api_fastapi/logging/decorators.py:
##########
@@ -98,6 +98,9 @@ async def log_action(
request_body = {}
masked_body_json = {}
+ if request_body.get("dry_run"):
Review Comment:
What I mentioned is not specific to a single endpoint. Since you are making
the changes on the decorator level for the logging so this change will apply to
all the endpoints. I meant exactly this limiting the impact area. Even though
Pydantic validation prevents that request today, if there is be possibility to
overcome the validation with an exploit. It would end up affecting all
endpoints.
I like the solution that Jason proposed for the PR. In the long run, all
endpoints should end up in the audit logs
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
