ferruzzi commented on code in PR #63296:
URL: https://github.com/apache/airflow/pull/63296#discussion_r2976351302
##########
airflow-core/src/airflow/config_templates/config.yml:
##########
@@ -439,6 +439,16 @@ core:
example: ~
default: "1024"
+ allow_dotdot_in_ids:
Review Comment:
I'm terrible at naming things, but that.... that could be better 😆
consider `allow_double_dot_in_ids` or `allow_consecutive_dots_in_ids`
(that's so long...) or maybe invert it and call if something like
`check_id_path_safety`??
I don't know. `dotdot` sounds awkward though
##########
airflow-core/src/airflow/config_templates/config.yml:
##########
@@ -439,6 +439,16 @@ core:
example: ~
default: "1024"
+ allow_dotdot_in_ids:
+ description: |
+ Allow ``..`` (consecutive dots) in DAG IDs and run IDs. By default,
``..`` is blocked to prevent
+ path traversal attacks. Set to ``True`` only if you have existing DAGs
or runs whose IDs contain
+ ``..`` and cannot be renamed.
+ version_added: 3.0.0
Review Comment:
This would be released in 3.3.0
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
