yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2026-01-07 13:07:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update vuln (#6432)

Browse Source
This commit is contained in:
Pere Miquel Brull 2022-07-29 13:08:12 +02:00 committed by GitHub
parent 839d25217e
commit 8ec2dbe6e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile
View File

@ -242,7 +242,7 @@ snyk-ui-report: ## Uses Snyk CLI to validate the UI dependencies. Don't stop th
snyk test --file=openmetadata-ui/src/main/resources/ui/yarn.lock $(SNYK_ARGS) >> security/ui-dep-scan.out | true;
.PHONY: snyk-dependencies-report
snyk-dependencies-report: ## Uses Snyk CLI to validate the project dependencies: MySQL, Postgres and ES
snyk-dependencies-report: ## Uses Snyk CLI to validate the project dependencies: MySQL, Postgres and ES. Only local testing.
@echo "Validating dependencies images..."
snyk container test mysql/mysql-server:latest $(SNYK_ARGS) >> security/mysql-scan.out | true;
snyk container test postgres:latest $(SNYK_ARGS) >> security/postgres-scan.out | true;
@ -256,7 +256,6 @@ snyk-report: ## Uses Snyk CLI to run a security scan of the different pieces of
$(MAKE) snyk-airflow-apis-report
$(MAKE) snyk-server-report
$(MAKE) snyk-ui-report
$(MAKE) snyk-dependencies-report
$(MAKE) read-report
.PHONY: read-report

9
openmetadata-airflow-apis/openmetadata_managed_apis/api/routes/delete.py
View File

@ -22,6 +22,7 @@ from openmetadata_managed_apis.api.app import blueprint
from openmetadata_managed_apis.api.response import ApiResponse
from openmetadata_managed_apis.api.utils import get_arg_dag_id
from openmetadata_managed_apis.operations.delete import delete_dag_id
from werkzeug.utils import secure_filename
@blueprint.route("/delete", methods=["DELETE"])
@ -37,13 +38,15 @@ def delete_dag() -> Response:
}
"""
dag_id = get_arg_dag_id()
# Sanitize Path Traversal, as later on we clean files based on the DAG id
secure_dag_id = secure_filename(dag_id)
try:
return delete_dag_id(dag_id)
return delete_dag_id(secure_dag_id)
except Exception as exc:
logging.info(f"Failed to delete dag {dag_id}")
logging.info(f"Failed to delete dag {dag_id} [secured: {secure_dag_id}]")
return ApiResponse.error(
status=ApiResponse.STATUS_SERVER_ERROR,
error=f"Failed to delete {dag_id} due to {exc} - {traceback.format_exc()}",
error=f"Failed to delete {dag_id} [secured: {secure_dag_id}] due to {exc} - {traceback.format_exc()}",
)