You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by po...@apache.org on 2023/02/13 09:24:22 UTC

[airflow] branch main updated: Do not show version/node in UI traceback for unauthenticated user (#29501)

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new cf81455027 Do not show version/node in UI traceback for unauthenticated user (#29501)
cf81455027 is described below

commit cf814550275bd04326f095cc28f93663daf3404b
Author: Jarek Potiuk <ja...@potiuk.com>
AuthorDate: Mon Feb 13 10:24:09 2023 +0100

    Do not show version/node in UI traceback for unauthenticated user (#29501)
    
    The traceback contains information that might be useful for a potential
    attacker to better target their attack (Python/Airflow version, node
    name). This information should not be shown if traceback is shown to
    unauthenticated user.
---
 airflow/www/views.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/airflow/www/views.py b/airflow/www/views.py
index 2ee9313727..ee0277651f 100644
--- a/airflow/www/views.py
+++ b/airflow/www/views.py
@@ -596,13 +596,13 @@ def show_traceback(error):
     return (
         render_template(
             "airflow/traceback.html",
-            python_version=sys.version.split(" ")[0],
-            airflow_version=version,
+            python_version=sys.version.split(" ")[0] if g.user.is_authenticated else "redact",
+            airflow_version=version if g.user.is_authenticated else "redact",
             hostname=get_hostname()
-            if conf.getboolean("webserver", "EXPOSE_HOSTNAME", fallback=True)
+            if conf.getboolean("webserver", "EXPOSE_HOSTNAME", fallback=True) and g.user.is_authenticated
             else "redact",
             info=traceback.format_exc()
-            if conf.getboolean("webserver", "EXPOSE_STACKTRACE", fallback=True)
+            if conf.getboolean("webserver", "EXPOSE_STACKTRACE", fallback=True) and g.user.is_authenticated
             else "Error! Please contact server admin.",
         ),
         500,