diff --git a/airflow-ctl/src/airflowctl/api/client.py b/airflow-ctl/src/airflowctl/api/client.py index 0ef5d7cb16441..e8eb87e7d54e7 100644 --- a/airflow-ctl/src/airflowctl/api/client.py +++ b/airflow-ctl/src/airflowctl/api/client.py @@ -23,6 +23,7 @@ import json import logging import os +import re import sys from collections.abc import Callable from functools import wraps @@ -160,7 +161,13 @@ def __init__( ): self.api_url = api_url self.api_token = api_token - self.api_environment = os.getenv("AIRFLOW_CLI_ENVIRONMENT") or api_environment + raw_env = os.getenv("AIRFLOW_CLI_ENVIRONMENT") or api_environment + if not re.match(r'^[a-zA-Z0-9_.-]+$', raw_env): + raise ValueError( + f"Invalid environment name: '{raw_env}'. " + "Only alphanumeric characters, dashes, and underscores are allowed." + ) + self.api_environment = raw_env self.client_kind = client_kind @property