naruto-lgtm opened a new pull request, #68617:
URL: https://github.com/apache/airflow/pull/68617
Repro: pass an identifier containing `/` or `..` to one of the remaining
lookups in the task SDK client, e.g.
`connections.get("x/../../variables/secret_key")`. httpx collapses the
dot-segments and the request lands on an unrelated API path.
Cause: #68129 quoted `dag_id` in `DagsOperations.get`, but the sibling
single-segment lookups still interpolate the identifier into the URL unescaped:
`ConnectionOperations.get`, `TaskInstanceOperations.get_previous`, and the four
`DagRunOperations` methods.
Fix: wrap each identifier in `quote(..., safe='')` so it stays one path
segment, same as the dags lookup.
---
##### Was generative AI tooling used to co-author this PR?
- [ ] Yes (please specify the tool below)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
