airflow
airflow copied to clipboard
apache
Add ability to pass extra parameters to Hive Client Wrapper connection
Relates to issue: #45049
Add extra fields to Hive Client Wrapper connection so it is possible to pass extra parameters which are used to construct JDBC connection string. The extra fields are SSL Trust Store, SSL Trust Store password and Transport mode.
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in newsfragments.
Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contributors' Guide (https://github.com/apache/airflow/blob/main/contributing-docs/README.rst) Here are some useful points:
- Pay attention to the quality of your code (ruff, mypy and type annotations). Our pre-commits will help you with that.
- In case of a new feature add useful documentation (in docstrings or in
docs/directory). Adding a new operator? Check this short guide Consider adding an example DAG that shows how users should use it. - Consider using Breeze environment for testing locally, it's a heavy docker but it ships with a working Airflow and a lot of integrations.
- Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
- Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
- Be sure to read the Airflow Coding style.
- Always keep your Pull Requests rebased, otherwise your build might fail due to changes not related to your commits. Apache Airflow is a community-driven project and together we are making it better 🚀. In case of doubts contact the developers at: Mailing List: [email protected] Slack: https://s.apache.org/airflow-slack
![boring-cyborg[bot] avatar](https://avatars.githubusercontent.com/in/50386?v=4 "Published by a pub.dev verified publisher"){kind=small}
Actually - this is not securre enough.
The problem is that you can pass many, many bad things via JDBC url - when the values are not properly escaped. It's enough to pass
;as value of any of the paremeters you pass from extra. And when it happens, the user who has permission to configure the connection via UI might even perform RCE in a number of cases.The recommendation here is:
- only allow fixed values to be passed via extra (bool for example) to control how the JDBC URL is constructed
- only allow "free-form" parameters to be passed by init parameters of the operator/hook - that can only be done by the DAG author, and DAG author by definitiion and security model of Airflow https://airflow.apache.org/docs/apache-airflow/stable/security/security_model.html can do more than connection editing user
- sanitize the input (but this one is potentially very difficult)
While we already warn against the potentially Conection editing user being able to have more capabilities - so this is not strictly security issue, this is part of "security hardeninig" - we should not add "easy" ways for those users to be able to perform all kinds of attacks.
I guess this also applies to the already existing Principal and Proxy User fields? I see that they only validate if a ; character was passed
I guess this also applies to the already existing Principal and Proxy User fields? I see that they only validate if a ; character was passed
I think there are more validations needed. Passing arbitrary parameter as path to jdbc is dangerous (what happens if for example jdbc driver displays content of the file when it is wrong and you pass "/etc/passwd"` ?. This is just example, it could be even more diastrous - printing more secret keys and secret variables stored somewhere on remote system. I am not sure if you can make it "secure" when this parameter is passed via UI and free-form.
There are only few values allowed for transportMode I guess, so it is safer to enumerate them rather than pass directly. When it comes to password, there is a question how ; is going to be passed (i..e what form of escaping should be there)?
I guess this also applies to the already existing Principal and Proxy User fields? I see that they only validate if a ; character was passed
I think there are more validations needed. Passing arbitrary parameter as path to jdbc is dangerous (what happens if for example jdbc driver displays content of the file when it is wrong and you pass "/etc/passwd"` ?. This is just example, it could be even more diastrous - printing more secret keys and secret variables stored somewhere on remote system. I am not sure if you can make it "secure" when this parameter is passed via UI and free-form.
There are only few values allowed for transportMode I guess, so it is safer to enumerate them rather than pass directly. When it comes to password, there is a question how
;is going to be passed (i..e what form of escaping should be there)?
Thanks for the insight. I will see what I can do.
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 5 days if no further activity occurs. Thank you for your contributions.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}