[v3-3-test] Reject reserved XCom serialization keys submitted as JSON string literals (#69378)#69462
Merged
Merged
Conversation
4 tasks
… string literals (#69378) The XCom create/update payload validator _check_forbidden_xcom_keys recursively rejects reserved serialization keys (__classname__, __type, __var, ...) in dict/list values. Its _walk helper descended dicts, lists and tuples but not str, so a value submitted as a JSON string literal (e.g. json.dumps({"__classname__": ...})) was stored verbatim and re-parsed into a dict on a ?deserialize=true read, slipping past the filter. Extend _walk to json.loads a string value and inspect the decoded dict/list the same way the read path does. Strings that are not JSON, or that decode to non-container values, are unchanged and still accepted. (cherry picked from commit aae7c8f) Co-authored-by: Jarek Potiuk <jarek@potiuk.com> Generated-by: Claude Opus 4.8 (1M context) following the guidelines at https: //github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions
cf8a7d4 to
d5d4b1c
Compare
Contributor
Author
|
Hi maintainer, this PR was merged without a milestone set.
|
vatsrahul1001
pushed a commit
that referenced
this pull request
Jul 7, 2026
… string literals (#69378) (#69462) The XCom create/update payload validator _check_forbidden_xcom_keys recursively rejects reserved serialization keys (__classname__, __type, __var, ...) in dict/list values. Its _walk helper descended dicts, lists and tuples but not str, so a value submitted as a JSON string literal (e.g. json.dumps({"__classname__": ...})) was stored verbatim and re-parsed into a dict on a ?deserialize=true read, slipping past the filter. Extend _walk to json.loads a string value and inspect the decoded dict/list the same way the read path does. Strings that are not JSON, or that decode to non-container values, are unchanged and still accepted. (cherry picked from commit aae7c8f) Generated-by: Claude Opus 4.8 (1M context) following the guidelines at https: //github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
vatsrahul1001
pushed a commit
that referenced
this pull request
Jul 9, 2026
… string literals (#69378) (#69462) The XCom create/update payload validator _check_forbidden_xcom_keys recursively rejects reserved serialization keys (__classname__, __type, __var, ...) in dict/list values. Its _walk helper descended dicts, lists and tuples but not str, so a value submitted as a JSON string literal (e.g. json.dumps({"__classname__": ...})) was stored verbatim and re-parsed into a dict on a ?deserialize=true read, slipping past the filter. Extend _walk to json.loads a string value and inspect the decoded dict/list the same way the read path does. Strings that are not JSON, or that decode to non-container values, are unchanged and still accepted. (cherry picked from commit aae7c8f) Generated-by: Claude Opus 4.8 (1M context) following the guidelines at https: //github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The XCom create/update payload validator _check_forbidden_xcom_keys
recursively rejects reserved serialization keys (classname, __type,
__var, ...) in dict/list values. Its _walk helper descended dicts, lists
and tuples but not str, so a value submitted as a JSON string literal
(e.g. json.dumps({"classname": ...})) was stored verbatim and re-parsed
into a dict on a ?deserialize=true read, slipping past the filter.
Extend _walk to json.loads a string value and inspect the decoded dict/list
the same way the read path does. Strings that are not JSON, or that decode
to non-container values, are unchanged and still accepted.
(cherry picked from commit aae7c8f)
Co-authored-by: Jarek Potiuk jarek@potiuk.com
Generated-by: Claude Opus 4.8 (1M context) following the guidelines at
https: //github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions