Skip to content

Snowflake Apps: gate deprecated Snowpark processor behind a feature flag [SNOW-3417033]#2987

Draft
sfc-gh-olorek wants to merge 1 commit into
mainfrom
proactive/SNOW-3417033-gate-snowpark-processor
Draft

Snowflake Apps: gate deprecated Snowpark processor behind a feature flag [SNOW-3417033]#2987
sfc-gh-olorek wants to merge 1 commit into
mainfrom
proactive/SNOW-3417033-gate-snowpark-processor

Conversation

@sfc-gh-olorek
Copy link
Copy Markdown
Contributor

@sfc-gh-olorek sfc-gh-olorek commented May 7, 2026
edited by atlassian Bot
Loading

Pre-review checklist

  • I've confirmed that instructions included in README.md are still correct after my changes in the codebase.
  • I've added or updated automated unit tests to verify correctness of my new code.
  • I've added or updated integration tests to verify correctness of my new code.
  • I've confirmed that my changes are working by executing CLI's commands manually on MacOS.
  • I've confirmed that my changes are working by executing CLI's commands manually on Windows.
  • I've confirmed that my changes are up-to-date with the target branch.
  • I've described my changes in the release notes.
  • I've described my changes in the section below.
  • I've described my changes in the documentation.

Changes description

Referenced Jira: SNOW-3417033.

The Snowpark annotation processor (processors: [snowpark] in a Native App project definition) has been deprecated for several releases and emits a warning on every invocation:

Snowpark processor is not supported and will be removed soon.

Despite the deprecation, the processor still runs by default whenever a project's artifacts declare it. Its job is to execute every annotated .py artifact in a subprocess (via execute_script_in_sandboximportlib.util.exec_module) so that module-level objects can be introspected to emit SQL. That implicit code execution during snow app bundle / snow app deploy is a gratuitous source of arbitrary-code-execution risk for any flow that pulls a repository before building it (review automation, CI pipelines where the repo is attacker-influenced, etc.).

This PR applies the Jira-recommended mitigation: gate the processor behind an explicit opt-in feature flag, matching the existing pattern used by NativeAppSetupProcessor / ENABLE_NATIVE_APP_PYTHON_SETUP.

What changed

  • New feature flag ENABLE_SNOWPARK_ANNOTATION_PROCESSOR (default False) in snowflake.cli.api.feature_flags.
  • SnowparkAnnotationProcessor now exposes a static is_enabled() method that returns the flag's value. The compiler already honours is_enabled() on registered processors and silently skips disabled ones (see compiler._is_enabled), so no compiler changes are required — invoking a snowpark processor while the flag is off is now a no-op.
  • Release-notes entry under Backward incompatibility, describing the opt-in path (config or env var).
  • Unit test mirroring the existing ENABLE_NATIVE_APP_PYTHON_SETUP test.

Behaviour for users who still rely on the processor

Opt in with one of:

  • config.toml: 
    [cli.features]
enable_snowpark_annotation_processor = true
  • env var: SNOWFLAKE_CLI_FEATURES_ENABLE_SNOWPARK_ANNOTATION_PROCESSOR=1

Scope

  • Does not address the secondary vector being tracked on #2974 (raw-string py_file path injection into the sandbox Jinja template); that is complementary hardening and remains useful even with this gate.
  • Does not modify _execute_in_sandbox or the Jinja template.
  • No CI/CD configuration changes.

Tests

  • tests/nativeapp/test_feature_flags.py::test_feature_snowpark_annotation_processor_enabled — covers both truthy and falsy config values and verifies the correct config key.
  • Full tests/nativeapp/ suite passes (3345 tests) on Python 3.10.
  • Pre-commit (ruff, black, mypy, codespell, license checks) passes.

@sfc-gh-olorek
Snowflake Apps: gate deprecated Snowpark processor behind a feature f…
11906df 
…lag [SNOW-3417033]

The Snowpark annotation processor has been deprecated for several releases
and emits a warning on every invocation (`Snowpark processor is not supported
and will be removed soon.`). However, by default it still runs whenever a
Native App project declares `processors: [snowpark]`, and its job is to
execute every annotated `.py` artifact in a subprocess so that module-level
objects can be introspected. That implicit code execution during `snow app
bundle`/`deploy` is a gratuitous source of arbitrary-code-execution risk for
any flow that pulls a repository before building it (e.g. review automation,
CI where the repo is attacker-influenced).

Following the pattern already used by `NativeAppSetupProcessor` +
`ENABLE_NATIVE_APP_PYTHON_SETUP`, this change introduces
`ENABLE_SNOWPARK_ANNOTATION_PROCESSOR` (default off) and wires it through
`SnowparkAnnotationProcessor.is_enabled()`, which the compiler already
honours to skip disabled processors. Users who still rely on the processor
can opt in via config (`snowflake.cli.features.enable_snowpark_annotation_processor = true`)
or env (`SNOWFLAKE_CLI_FEATURES_ENABLE_SNOWPARK_ANNOTATION_PROCESSOR=1`),
which is the same mechanism documented for every other feature flag.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sfc-gh-olorek