You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by po...@apache.org on 2023/02/13 09:24:22 UTC
[airflow] branch main updated: Do not show version/node in UI traceback for unauthenticated user (#29501)
This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new cf81455027 Do not show version/node in UI traceback for unauthenticated user (#29501)
cf81455027 is described below
commit cf814550275bd04326f095cc28f93663daf3404b
Author: Jarek Potiuk <ja...@potiuk.com>
AuthorDate: Mon Feb 13 10:24:09 2023 +0100
Do not show version/node in UI traceback for unauthenticated user (#29501)
The traceback contains information that might be useful for a potential
attacker to better target their attack (Python/Airflow version, node
name). This information should not be shown if traceback is shown to
unauthenticated user.
---
airflow/www/views.py | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/airflow/www/views.py b/airflow/www/views.py
index 2ee9313727..ee0277651f 100644
--- a/airflow/www/views.py
+++ b/airflow/www/views.py
@@ -596,13 +596,13 @@ def show_traceback(error):
return (
render_template(
"airflow/traceback.html",
- python_version=sys.version.split(" ")[0],
- airflow_version=version,
+ python_version=sys.version.split(" ")[0] if g.user.is_authenticated else "redact",
+ airflow_version=version if g.user.is_authenticated else "redact",
hostname=get_hostname()
- if conf.getboolean("webserver", "EXPOSE_HOSTNAME", fallback=True)
+ if conf.getboolean("webserver", "EXPOSE_HOSTNAME", fallback=True) and g.user.is_authenticated
else "redact",
info=traceback.format_exc()
- if conf.getboolean("webserver", "EXPOSE_STACKTRACE", fallback=True)
+ if conf.getboolean("webserver", "EXPOSE_STACKTRACE", fallback=True) and g.user.is_authenticated
else "Error! Please contact server admin.",
),
500,