Copilot commented on code in PR #2163:
URL: https://github.com/apache/sedona/pull/2163#discussion_r2233780910
##########
python/tests/geopandas/test_geoseries.py:
##########
@@ -1471,7 +1584,7 @@ def test_contains_properly(self):
pass
def test_set_crs(self):
- geo_series = sgpd.GeoSeries(self.geoseries)
+ geo_series = sgpd.GeoSeries([Point(0, 0), Point(1, 1)],
name="geometry")
assert geo_series.crs == None
geo_series = geo_series.set_crs(epsg=4326)
Review Comment:
[nitpick] The test creates a new GeoSeries instead of using the existing
self.geoseries, which makes the test less consistent and harder to maintain.
Consider reusing the existing test data.
```suggestion
self.geoseries.name = "geometry"
assert self.geoseries.crs == None
geo_series = self.geoseries.set_crs(epsg=4326)
```
##########
python/sedona/geopandas/geoseries.py:
##########
@@ -3877,7 +2004,8 @@ def _create_from_select(
if isinstance(data, list) and not isinstance(data[0], (tuple, list)):
data = [(obj,) for obj in data]
- select = f"{select} as geometry"
+ name = kwargs.get("name", SPARK_DEFAULT_SERIES_NAME)
+ select = f"{select} as `{name}`"
Review Comment:
The name parameter is being directly interpolated into an SQL string without
proper escaping or validation, which could lead to SQL injection
vulnerabilities if the name contains malicious SQL code.
```suggestion
select = f"{select} as {_escape_sql_identifier(name)}"
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
