Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-12-20 Thread via GitHub


potiuk commented on PR #41995:
URL: https://github.com/apache/airflow/pull/41995#issuecomment-2556989150

   > I think I missed backporting it, somehow. I will investigate more. :/
   
   Yeah. Could be also some tooling issue of ours :(. I think we shoudl give an 
extra scrutiny for 2.10.5 (with @kaxil on board as well). This is actually the 
problem with release management tools, that when they work, we start trusting 
them and stop checking and validating things, bue it's pretty natural that some 
refactorings introduce some new cases - including edge cases, so once in a 
while we should pretty manually verify all the steps of release process, 
otherwise we might miss something.
   
   Having this check for 2.10.5 might be a good idea to do it in preparation 
for 3.0.0 (though there we will have to do extra-extra-scrutiny as there will 
be MANY NEW THINGS). At least if we find and fix some things in 2.10.5 we will 
have less to do when 3.0.0 comes.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-12-20 Thread via GitHub


utkarsharma2 commented on PR #41995:
URL: https://github.com/apache/airflow/pull/41995#issuecomment-2556973010

   > But it would be great to find what happened :)
   
   I think I missed backporting it, somehow. :/ will investigate more. 
   
   Thanks for the backporting it. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-12-19 Thread via GitHub


potiuk commented on PR #41995:
URL: https://github.com/apache/airflow/pull/41995#issuecomment-2554458054

   But it would be great to find what happened :)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-12-19 Thread via GitHub


potiuk commented on PR #41995:
URL: https://github.com/apache/airflow/pull/41995#issuecomment-2554456705

   I changed milestone to 2.10.5 and will cherry-pick it for 2.10.5
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-12-19 Thread via GitHub


potiuk commented on PR #41995:
URL: https://github.com/apache/airflow/pull/41995#issuecomment-2554453967

   > I am on 2.10.3 and this is still happening, on checking it looks like the 
fix is not in the releases, the code is visible in the main branch but not in 
the tags 2.10.4 / 2.10.3
   
   Interesting: @utkarsharma2 -> it's marked with 2.10.2 milestone, but yes it 
seems it's not cherry-picked there.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-12-19 Thread via GitHub


gpadavala commented on PR #41995:
URL: https://github.com/apache/airflow/pull/41995#issuecomment-2554358777

   The fix is not in the release, it seems to be in main branch but not in the 
tags 2.10.4  / 2.10.3


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-12-19 Thread via GitHub


potiuk commented on PR #41995:
URL: https://github.com/apache/airflow/pull/41995#issuecomment-2553386763

   It is already released in 2.10.2 - have you checked it @mfatemipour ? Can 
you please verify it in release notes and upgrade/ test locally and confirm 
that it works? If not, open a new issue describing the problem you have.
   
   Thanks for your help in advance.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-12-19 Thread via GitHub


mfatemipour commented on PR #41995:
URL: https://github.com/apache/airflow/pull/41995#issuecomment-2553032777

   Hi, Could we have this in 2.10 ?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-11-29 Thread via GitHub


mfatemipour commented on code in PR #41995:
URL: https://github.com/apache/airflow/pull/41995#discussion_r1863739240


##
airflow/www/static/js/dag/details/taskInstance/ExtraLinks.tsx:
##
@@ -57,8 +57,15 @@ const ExtraLinks = ({
 if (!url) {
   return true;
 }
-const urlRegex = /^(https?:)/i;
-return urlRegex.test(url);
+const path = new URL(url, "http://localhost";);

Review Comment:
   @utkarsharma2
   I believe we should use the value from AIRFLOW__WEBSERVER__BASE_URL in 
configs, instead of localhost, and this change needs to be backported to 
version 2.10
   Of course I know this change is already merged, I will create a PR



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-11-29 Thread via GitHub


mfatemipour commented on code in PR #41995:
URL: https://github.com/apache/airflow/pull/41995#discussion_r1863739240


##
airflow/www/static/js/dag/details/taskInstance/ExtraLinks.tsx:
##
@@ -57,8 +57,15 @@ const ExtraLinks = ({
 if (!url) {
   return true;
 }
-const urlRegex = /^(https?:)/i;
-return urlRegex.test(url);
+const path = new URL(url, "http://localhost";);

Review Comment:
   @utkarsharma2
   I believe we should use the value from AIRFLOW__WEBSERVER__BASE_URL in 
configs, instead of localhost, and this change needs to be backported to 
version 2.10
   Of course I know this change is already merged, I will create a PR



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-11-29 Thread via GitHub


mfatemipour commented on code in PR #41995:
URL: https://github.com/apache/airflow/pull/41995#discussion_r1863739240


##
airflow/www/static/js/dag/details/taskInstance/ExtraLinks.tsx:
##
@@ -57,8 +57,15 @@ const ExtraLinks = ({
 if (!url) {
   return true;
 }
-const urlRegex = /^(https?:)/i;
-return urlRegex.test(url);
+const path = new URL(url, "http://localhost";);

Review Comment:
   @utkarsharma2
   I believe we should use the value from AIRFLOW__WEBSERVER__BASE_URL in 
configs, instead of localhost, and this change needs to be backported to 
version 2.10



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-11-29 Thread via GitHub


mfatemipour commented on code in PR #41995:
URL: https://github.com/apache/airflow/pull/41995#discussion_r1863739240


##
airflow/www/static/js/dag/details/taskInstance/ExtraLinks.tsx:
##
@@ -57,8 +57,15 @@ const ExtraLinks = ({
 if (!url) {
   return true;
 }
-const urlRegex = /^(https?:)/i;
-return urlRegex.test(url);
+const path = new URL(url, "http://localhost";);

Review Comment:
   @utkarsharma2
   I believe we should use the value from AIRFLOW__WEBSERVER__BASE_URL instead 
of localhost, and this change needs to be backported to version 2.10



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-09-05 Thread via GitHub


potiuk commented on PR #41995:
URL: https://github.com/apache/airflow/pull/41995#issuecomment-2332169416

   I marked it so - but this was I think what we agreed on, that it is not 
going to cancel rc1


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-09-05 Thread via GitHub


eladkal commented on PR #41995:
URL: https://github.com/apache/airflow/pull/41995#issuecomment-2332004702

   @utkarsharma2 This will target 2.10.2?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-09-04 Thread via GitHub


potiuk commented on code in PR #41995:
URL: https://github.com/apache/airflow/pull/41995#discussion_r1744115305


##
airflow/www/static/js/dag/details/taskInstance/ExtraLinks.tsx:
##
@@ -57,8 +57,15 @@ const ExtraLinks = ({
 if (!url) {
   return true;
 }
-const urlRegex = /^(https?:)/i;
-return urlRegex.test(url);
+const path = new URL(url, "http://localhost";);

Review Comment:
   Yeah. I think so @bbovenzi ?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-09-04 Thread via GitHub


utkarsharma2 commented on code in PR #41995:
URL: https://github.com/apache/airflow/pull/41995#discussion_r1744093827


##
airflow/www/static/js/dag/details/taskInstance/ExtraLinks.tsx:
##
@@ -57,8 +57,15 @@ const ExtraLinks = ({
 if (!url) {
   return true;
 }
-const urlRegex = /^(https?:)/i;
-return urlRegex.test(url);
+const path = new URL(url, "http://localhost";);
+// The URL creation will succeed for
+// 1. Absolute/Relative URL

Review Comment:
   Yes, I have updated it. PTAL.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-09-04 Thread via GitHub


potiuk commented on code in PR #41995:
URL: https://github.com/apache/airflow/pull/41995#discussion_r1744074896


##
airflow/www/static/js/dag/details/taskInstance/ExtraLinks.tsx:
##
@@ -57,8 +57,15 @@ const ExtraLinks = ({
 if (!url) {
   return true;
 }
-const urlRegex = /^(https?:)/i;
-return urlRegex.test(url);
+const path = new URL(url, "http://localhost";);

Review Comment:
   (and we are just doing this to parse the UIRL and see if it's "correct")



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-09-04 Thread via GitHub


utkarsharma2 commented on code in PR #41995:
URL: https://github.com/apache/airflow/pull/41995#discussion_r1744075302


##
airflow/www/static/js/dag/details/taskInstance/ExtraLinks.tsx:
##
@@ -57,8 +57,15 @@ const ExtraLinks = ({
 if (!url) {
   return true;
 }
-const urlRegex = /^(https?:)/i;
-return urlRegex.test(url);
+const path = new URL(url, "http://localhost";);

Review Comment:
   I think it should be fine without 8080 since we are just validating the URL, 
right?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-09-04 Thread via GitHub


potiuk commented on code in PR #41995:
URL: https://github.com/apache/airflow/pull/41995#discussion_r1744074896


##
airflow/www/static/js/dag/details/taskInstance/ExtraLinks.tsx:
##
@@ -57,8 +57,15 @@ const ExtraLinks = ({
 if (!url) {
   return true;
 }
-const urlRegex = /^(https?:)/i;
-return urlRegex.test(url);
+const path = new URL(url, "http://localhost";);

Review Comment:
   (and we are just doing this to parse the UIRL and see if it's "correct" and 
produces http protocol



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-09-04 Thread via GitHub


bbovenzi commented on code in PR #41995:
URL: https://github.com/apache/airflow/pull/41995#discussion_r1744050012


##
airflow/www/static/js/dag/details/taskInstance/ExtraLinks.tsx:
##
@@ -57,8 +57,15 @@ const ExtraLinks = ({
 if (!url) {
   return true;
 }
-const urlRegex = /^(https?:)/i;
-return urlRegex.test(url);
+const path = new URL(url, "http://localhost";);

Review Comment:
   Exactly, it would have to be something like `http://localhost:8080/test`to 
be valid



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-09-04 Thread via GitHub


potiuk commented on code in PR #41995:
URL: https://github.com/apache/airflow/pull/41995#discussion_r1744045430


##
airflow/www/static/js/dag/details/taskInstance/ExtraLinks.tsx:
##
@@ -57,8 +57,15 @@ const ExtraLinks = ({
 if (!url) {
   return true;
 }
-const urlRegex = /^(https?:)/i;
-return urlRegex.test(url);
+const path = new URL(url, "http://localhost";);

Review Comment:
   https://github.com/user-attachments/assets/0745749f-5391-45f5-90d3-cc16e30e5f6a";>
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-09-04 Thread via GitHub


potiuk commented on code in PR #41995:
URL: https://github.com/apache/airflow/pull/41995#discussion_r1744040814


##
airflow/www/static/js/dag/details/taskInstance/ExtraLinks.tsx:
##
@@ -57,8 +57,15 @@ const ExtraLinks = ({
 if (!url) {
   return true;
 }
-const urlRegex = /^(https?:)/i;
-return urlRegex.test(url);
+const path = new URL(url, "http://localhost";);

Review Comment:
   Hmm. I think this won't work for absolute URLs now
   
   ```
   URL("http://www.apache.org";, "http://localhost";)b x xx 
   ```
   
   -> `Uncaught TypeError: Failed to construct 'URL': Please use the 'new' 
operator, this DOM object constructor cannot be called as a function.
   at :1:1`



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-09-04 Thread via GitHub


potiuk commented on code in PR #41995:
URL: https://github.com/apache/airflow/pull/41995#discussion_r1744040814


##
airflow/www/static/js/dag/details/taskInstance/ExtraLinks.tsx:
##
@@ -57,8 +57,15 @@ const ExtraLinks = ({
 if (!url) {
   return true;
 }
-const urlRegex = /^(https?:)/i;
-return urlRegex.test(url);
+const path = new URL(url, "http://localhost";);

Review Comment:
   Hmm. I think this won't work for absolute URLs now
   
   ```
   URL("http://www.apache.org";, "http://localhost";)
   ```
   
   -> `URL("http://www.apache.org";, "http://localhost";)`



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-09-04 Thread via GitHub


utkarsharma2 commented on code in PR #41995:
URL: https://github.com/apache/airflow/pull/41995#discussion_r1744019178


##
airflow/www/static/js/dag/details/taskInstance/ExtraLinks.tsx:
##
@@ -57,8 +57,27 @@ const ExtraLinks = ({
 if (!url) {
   return true;
 }
-const urlRegex = /^(https?:)/i;
-return urlRegex.test(url);
+try {
+  const path = new URL(url);
+  // The URL creation will succeed for
+  // 1. Absolute URL
+  // 2. URL with javascript:()
+  // URL(url) will fail for relative paths.
+  // eslint-disable-next-line
+  if (path.protocol === "javascript:") {
+return false; // javascript:() is not allowed
+  }
+  if (path.protocol === "http:" || path.protocol === "https:") {
+return true; // Absolute URL are allowed
+  }
+} catch (e: any) {
+  // Relative URL are handled here
+  const path = new URL(url, "http://localhost";);
+  if (path.protocol === "http:") {

Review Comment:
   Correct, updated the code, accordingly. PTAL.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-09-04 Thread via GitHub


potiuk commented on PR #41995:
URL: https://github.com/apache/airflow/pull/41995#issuecomment-2329221409

   Not sure if we have some tests for this one ? @pierrejeambrun @bbovenzi  ?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [PR] Handle relative paths when sanitizing URLs [airflow]

2024-09-04 Thread via GitHub


potiuk commented on code in PR #41995:
URL: https://github.com/apache/airflow/pull/41995#discussion_r1743910036


##
airflow/www/static/js/dag/details/taskInstance/ExtraLinks.tsx:
##
@@ -57,8 +57,27 @@ const ExtraLinks = ({
 if (!url) {
   return true;
 }
-const urlRegex = /^(https?:)/i;
-return urlRegex.test(url);
+try {
+  const path = new URL(url);
+  // The URL creation will succeed for
+  // 1. Absolute URL
+  // 2. URL with javascript:()
+  // URL(url) will fail for relative paths.
+  // eslint-disable-next-line
+  if (path.protocol === "javascript:") {

Review Comment:
   We likely don't need to check it here - since only http/https are allowed 
below.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org