amoghrajesh commented on code in PR #64148:
URL: https://github.com/apache/airflow/pull/64148#discussion_r2999118649
##########
airflow-core/src/airflow/api_fastapi/core_api/datamodels/xcom.py:
##########
@@ -90,6 +90,29 @@ class XComCreateBody(StrictBaseModel):
value: Any
map_index: int = -1
+ @field_validator("value")
+ @classmethod
+ def _check_forbidden_keys(cls, value: Any) -> Any:
+ """Recursively check for forbidden deserialization keys in
user-provided XCom data."""
+ from airflow._shared.serialization import FORBIDDEN_XCOM_KEYS
+
+ def _check_forbidden_keys(obj: Any, path: str = "value") -> None:
+ if isinstance(obj, dict):
+ found = FORBIDDEN_XCOM_KEYS & obj.keys()
+ if found:
+ raise ValueError(
+ f"XCom {path} contains reserved serialization keys:
{', '.join(sorted(found))}. "
+ f"These keys are reserved for internal use."
+ )
+ for k, v in obj.items():
+ _check_forbidden_keys(v, f"{path}.{k}")
+ elif isinstance(obj, (list, tuple)):
+ for i, item in enumerate(obj):
+ _check_forbidden_keys(item, f"{path}[{i}]")
+
+ _check_forbidden_keys(value)
+ return value
Review Comment:
Yeah sounds fine. I didn't realise that!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
