naruto-lgtm commented on code in PR #68662:
URL: https://github.com/apache/airflow/pull/68662#discussion_r3523396518


##########
airflow-core/src/airflow/serialization/serialized_objects.py:
##########
@@ -662,6 +662,12 @@ def deserialize(cls, encoded_var: Any) -> Any:
                 exc_cls = import_string(exc_cls_name)
             else:
                 exc_cls = import_string(f"builtins.{exc_cls_name}")
+            # ``exc_cls_name`` comes from the serialized payload. A tampered 
blob can name any
+            # importable callable (``os.system``, ``builtins.exec``, ...) 
which would then be
+            # invoked with attacker-supplied args. Only accept genuine 
exception types, matching
+            # the import-path guards the timetable/window/wait-policy decoders 
already apply.
+            if not (isinstance(exc_cls, type) and issubclass(exc_cls, 
BaseException)):

Review Comment:
   Moot now. Pushed eef021eb, which drops the whole exception branch from 
BaseSerialization, so there is no import-then-validate ordering left to worry 
about and nothing legitimate serializes an exception through the general 
framework anymore.



##########
airflow-core/src/airflow/serialization/serialized_objects.py:
##########
@@ -658,14 +659,18 @@ def deserialize(cls, encoded_var: Any) -> Any:
             args = deser["args"]
             kwargs = deser["kwargs"]
             del deser
+            # ``exc_cls_name`` comes from the serialized payload, so resolve 
it without handing an
+            # attacker-controlled string to ``import_string`` -- that would 
execute the named
+            # module's top-level code before any validation. The encode side 
only ever emits
+            # ``airflow.*`` AirflowException subclasses for AIRFLOW_EXC_SER 
and builtin
+            # KeyError/AttributeError for BASE_EXC_SER, so reject anything 
outside those up front,
+            # mirroring the import-path guards in the 
timetable/window/wait-policy decoders.
             if type_ == DAT.AIRFLOW_EXC_SER:
+                if not exc_cls_name.startswith("airflow."):

Review Comment:
   Gone in eef021eb. Rather than trying to make the prefix safe, I removed the 
encode and decode branches entirely, so there is no import_string call on a 
payload name to defend anymore.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to