Validate GCSToSambaOperator destination path stays within destination_path#67857
Merged
potiuk merged 1 commit intoJun 2, 2026
Merged
Conversation
potiuk
requested review from
amoghrajesh,
ashb,
bugraoz93,
gopidesupavan,
jason810496 and
jscheffl
as code owners
boring-cyborg
Bot
added
area:dev-tools
area:providers
backport-to-v3-2-test
jscheffl
reviewed
Jun 1, 2026
jscheffl
reviewed
Jun 1, 2026
jscheffl
approved these changes
Jun 1, 2026
Contributor
jscheffl
left a comment
jscheffl
left a comment
There was a problem hiding this comment.
Approving to un-block assuming you consider notes.
…_path GCS object names are read from the source bucket and may contain ".." segments. GCSToSambaOperator._resolve_destination_path joined the object name onto the configured destination_path without normalisation, so a crafted object name could resolve an SMB write target outside the intended directory. Normalise the resolved path and refuse to write when it falls outside destination_path. Generated-by: Claude Opus 4.8 (1M context)
potiuk
force-pushed
the
samba-gcs-to-smb-destination-path-containment
branch
from
637871e to
4bbaa5b
Compare
Contributor
Backport successfully created: v3-2-testNote: As of Merging PRs targeted for Airflow 3.X In matter of doubt please ask in #release-management Slack channel.
|
jscheffl
removed
the
backport-to-v3-2-test
Contributor
|
I assume no backport needed--- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GCS object names are read from the source bucket and may contain
..path segments.GCSToSambaOperator._resolve_destination_pathjoined the object name onto the configureddestination_pathwithout normalisation, so a crafted object name (e.g.../../elsewhere/file) could resolve an SMB write target outside the intended directory.This normalises the resolved path and raises
AirflowExceptionwhen it would fall outsidedestination_path, so transfers always write within the configured destination.Tests
test_resolve_destination_path_rejects_traversal—..object names raisetest_resolve_destination_path_allows_contained_object— normal objects still resolve underdestination_pathWas generative AI tooling used to co-author this PR?
Generated-by: Claude Opus 4.8 (1M context) following the guidelines at
https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions