Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Handle invalid parameters (including missing object) in webserver

See original GitHub issue

Description

Hi. The webserver code is very optimistic and negative paths are not checked. For example: We have the following code: https://github.com/apache/airflow/blob/0dafdd0b9d635b4513b1413007337b19c3d96b17/airflow/www/views.py#L595-L597

It is not checked here whether the DAG object exists. Condition dag == None should be added and when it is met, error 404 should be reported.

Use case / motivation

Improving the experience of using the webserver and reducing the number of nukulars.

I hope that a thorough review of the entire web server code and completing the tests with negative paths will improve the overall health of the webserver.

If this is done by the Polidea team, it will be an opportunity to get to know the webserver better. My team has not focused on the webserver yet.

it will be an opportunity to find other health problems (e.g. side-effect, missing tests).

Related Issues

N/A

Issue Analytics

State:
Created 3 years ago
Reactions:2
Comments:11 (9 by maintainers)

Top GitHub Comments

1reaction

mik-lajcommented, Jun 7, 2020

I also invite you to read our guides: https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst https://github.com/apache/airflow/blob/master/BREEZE.rst https://github.com/apache/airflow/blob/master/LOCAL_VIRTUALENV.rst https://github.com/apache/airflow/blob/master/STATIC_CODE_CHECKS.rst https://github.com/apache/airflow/blob/master/TESTING.rst There is a lot of information about our work environment and community

0reactions

uranusjrcommented, Mar 24, 2021

I wonder if type checks can be used to catch these kinds of issues. There are a lot of current_app.dag_bag, current_app.appbuilder, etc., which are not covered by Mypy due to the dynamic nature of flask.current_app (basically any attributes on it is Any). Since we “know” what attributes to expect on the current_app instance within Airflow, maybe we can introduce a typing shim around it? Something like

# airflow/www/app.py

if TYPE_CHECKING:
    from airflow.models.dagbag import DagBag
    from airflow.www.security import AirflowSecurityManager

    class _AirflowAppBuilder(Protocol):
        sm: AirflowSecurityManager
        ...

    class _CurrentApp(Protocol):
        dag_bag: DagBag
        appbuilder: _AirflowAppBuilder
        ...

from flask import current_app as _current_app

current_app = cast("_CurrentApp", _current_app)

And then all code can import this instead of directly from Flask to be type checked.

We can alternatively supply a type stub flask.pyi to “lie to” Mypy flask.current_app is _CurrentApp.

Top Results From Across the Web

json object and Web method Invalid Web services call missing ...

Try sending Id and Order as integers as they are expected to be. var reminderObject = { Id: parseInt($(this).attr("id"), 10), ...

Fix “Parameter Missing or Invalid” errors - Shopify.dev

This error occurs when you don't submit a variant ID or quantity amount with your Add to Cart form.

"Code 0x80070057 The parameter is incorrect" error when ...

This problem occurs because the SECURITY_DESCRIPTOR structure that is returned by the server contains a NULL Owner field when the NetShareGetInfo call returns ......

List of Error Codes - Erply APIs

An error code is always returned in the "status" block, in field "errorCode" . If the error is related to a specific input...

API Response & Error Codes - Mambu support

4 INVALID_PARAMETERS, A required parameter for this API operation is invalid or has not ... does not match with the encoded key or...