Reject reserved XCom serialization keys submitted as JSON string literals#69378
Merged
potiuk merged 1 commit intoJul 6, 2026
Merged
Conversation
…rals
The XCom create/update payload validator _check_forbidden_xcom_keys
recursively rejects reserved serialization keys (__classname__, __type,
__var, ...) in dict/list values. Its _walk helper descended dicts, lists
and tuples but not str, so a value submitted as a JSON string literal
(e.g. json.dumps({"__classname__": ...})) was stored verbatim and re-parsed
into a dict on a ?deserialize=true read, slipping past the filter.
Extend _walk to json.loads a string value and inspect the decoded dict/list
the same way the read path does. Strings that are not JSON, or that decode
to non-container values, are unchanged and still accepted.
Generated-by: Claude Opus 4.8 (1M context) following the guidelines at
https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions
shahar1
approved these changes
Jul 4, 2026
Contributor
Backport successfully created: v3-3-testNote: As of Merging PRs targeted for Airflow 3.X In matter of doubt please ask in #release-management Slack channel.
|
potiuk
added a commit
that referenced
this pull request
Jul 6, 2026
… string literals (#69378) The XCom create/update payload validator _check_forbidden_xcom_keys recursively rejects reserved serialization keys (__classname__, __type, __var, ...) in dict/list values. Its _walk helper descended dicts, lists and tuples but not str, so a value submitted as a JSON string literal (e.g. json.dumps({"__classname__": ...})) was stored verbatim and re-parsed into a dict on a ?deserialize=true read, slipping past the filter. Extend _walk to json.loads a string value and inspect the decoded dict/list the same way the read path does. Strings that are not JSON, or that decode to non-container values, are unchanged and still accepted. (cherry picked from commit aae7c8f) Co-authored-by: Jarek Potiuk <jarek@potiuk.com> Generated-by: Claude Opus 4.8 (1M context) following the guidelines at https: //github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions
potiuk
added a commit
that referenced
this pull request
Jul 6, 2026
… string literals (#69378) (#69462) The XCom create/update payload validator _check_forbidden_xcom_keys recursively rejects reserved serialization keys (__classname__, __type, __var, ...) in dict/list values. Its _walk helper descended dicts, lists and tuples but not str, so a value submitted as a JSON string literal (e.g. json.dumps({"__classname__": ...})) was stored verbatim and re-parsed into a dict on a ?deserialize=true read, slipping past the filter. Extend _walk to json.loads a string value and inspect the decoded dict/list the same way the read path does. Strings that are not JSON, or that decode to non-container values, are unchanged and still accepted. (cherry picked from commit aae7c8f) Generated-by: Claude Opus 4.8 (1M context) following the guidelines at https: //github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
vatsrahul1001
pushed a commit
that referenced
this pull request
Jul 7, 2026
… string literals (#69378) (#69462) The XCom create/update payload validator _check_forbidden_xcom_keys recursively rejects reserved serialization keys (__classname__, __type, __var, ...) in dict/list values. Its _walk helper descended dicts, lists and tuples but not str, so a value submitted as a JSON string literal (e.g. json.dumps({"__classname__": ...})) was stored verbatim and re-parsed into a dict on a ?deserialize=true read, slipping past the filter. Extend _walk to json.loads a string value and inspect the decoded dict/list the same way the read path does. Strings that are not JSON, or that decode to non-container values, are unchanged and still accepted. (cherry picked from commit aae7c8f) Generated-by: Claude Opus 4.8 (1M context) following the guidelines at https: //github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
vatsrahul1001
pushed a commit
that referenced
this pull request
Jul 9, 2026
… string literals (#69378) (#69462) The XCom create/update payload validator _check_forbidden_xcom_keys recursively rejects reserved serialization keys (__classname__, __type, __var, ...) in dict/list values. Its _walk helper descended dicts, lists and tuples but not str, so a value submitted as a JSON string literal (e.g. json.dumps({"__classname__": ...})) was stored verbatim and re-parsed into a dict on a ?deserialize=true read, slipping past the filter. Extend _walk to json.loads a string value and inspect the decoded dict/list the same way the read path does. Strings that are not JSON, or that decode to non-container values, are unchanged and still accepted. (cherry picked from commit aae7c8f) Generated-by: Claude Opus 4.8 (1M context) following the guidelines at https: //github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The XCom create/update payload validator
_check_forbidden_xcom_keysrecursively rejects reserved serialization keys (
__classname__,__type,__var, ...) indict/listvalues. Its_walkhelper descended dicts,lists and tuples but not
str, so a value submitted as a JSON string literal— e.g.
json.dumps({"__classname__": ...})— was stored verbatim andre-parsed into a dict on a
?deserialize=trueread, slipping past the filter.This extends
_walktojson.loadsa string value and inspect the decodeddict/listthe same way the read path does. Strings that are not JSON, orthat decode to non-container values, are unchanged and still accepted.
Tests
test_create_xcom_entry_blocks_forbidden_keys_in_json_stringtest_patch_xcom_entry_blocks_forbidden_keys_in_json_stringtest_create_xcom_entry_allows_benign_string_values(no false positives)Was generative AI tooling used to co-author this PR?
Generated-by: Claude Opus 4.8 (1M context) following the guidelines at
https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions