This is an automated email from the ASF dual-hosted git repository.
dpgaspar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new 0e0028260f fix: add more disallowed pg functions (#29454)
0e0028260f is described below
commit 0e0028260fc8a2099250701524a489f3c9aa146f
Author: Daniel Vaz Gaspar <[email protected]>
AuthorDate: Mon Jul 8 14:40:15 2024 +0100
fix: add more disallowed pg functions (#29454)
---
superset/config.py | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/superset/config.py b/superset/config.py
index fa31fd069a..4e5f707edd 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -1276,7 +1276,16 @@ DB_SQLA_URI_VALIDATOR: Callable[[URL], None] | None =
None
# unsafe SQL functions in SQL Lab and Charts. The keys of the dictionary are
the engine
# names, and the values are sets of disallowed functions.
DISALLOWED_SQL_FUNCTIONS: dict[str, set[str]] = {
- "postgresql": {"version", "query_to_xml", "inet_server_addr",
"inet_client_addr"},
+ "postgresql": {
+ "database_to_xml",
+ "inet_client_addr",
+ "inet_server_addr",
+ "query_to_xml",
+ "query_to_xml_and_xmlschema",
+ "table_to_xml",
+ "table_to_xml_and_xmlschema",
+ "version",
+ },
"clickhouse": {"url"},
"mysql": {"version"},
}
