The issue was fixed in version 2.2.4 by introducing a new feature: parameter validation. To enable parameter validation, set the DAG_VALIDATE_ARGS system variable to 1 . The DAG_VALIDATE_ARGS system variable can be set in the YAML front matter of the DAG configuration, in the CONF block of a custom task, or as a global system variable. When DAG_VALIDATE_ARGS is set to 1 , Apache Airflow will raise an exception if any of the following occurs: Injection of any OS command into a DAG via the command line or web UI
Injection of user-provided data into a DAG via the command line or web UI
Sanitization of user-provided data into a DAG via the command line or web UI where the data is later injected into the DAG If DAG_VALIDATE_ARGS is set to 0 , Apache Airflow will continue to perform validation, but will also raise an exception if any of the following occurs: Injection of any OS command into a DAG via the command line or web UI
Injection of user-provided data into a DAG via the command line or web UI
Sanitization of user-provided data into a DAG via the command line or web UI where the data is later injected into the DAG If DAG_VALIDATE_ARGS is set
How to set DAG_VALIDATE_ARGS
DAG_VALIDATE_ARGS can be set in the YAML front matter of the DAG configuration, in the CONF block of a custom task, or as a global system variable.
Airflow’s default behavior is to validate all user-provided data
Airflow’s default behavior is to validate all user-provided data.
Parameters Validation in Apache Airflow
The issue was fixed in version 2.2.4 by introducing a new feature: parameter validation. To enable parameter validation, set the DAG_VALIDATE_ARGS system variable to 1 . The DAG_VALIDATE_ARGS system variable can be set in the YAML front matter of the DAG configuration, in the CONF block of a custom task, or as a global system variable. When DAG_VALIDATE_ARGS is set to 1 , Apache Airflow will raise an exception if any of the following occurs: Injection of any OS command into a DAG via the command line or web UI
Injection of user-provided data into a DAG via the command line or web UI
Sanitization of user-provided data into a DAG via the command line or web UI where the data is later injected into the DAG If DAG_VALIDATE_ARGS is set to 0 , Apache Airflow will continue to perform validation, but will also raise an exception if any of the following occurs: Injection of any OS command into a DAG via the command line or web UI
Injection of user-provided data into a DAG via the command line or web UI
Sanitization of user-provided data into a DAV where the data is later injected into the DAG
Configure DAG validation for parameter validation
The following configuration snippet is for DAG validation.
# DAG parameter validation
dag_validate_args:
- 1
Timeline
Published on: 02/25/2022 09:15:00 UTC
Last modified on: 03/04/2022 20:41:00 UTC