villebro opened a new pull request #17419: URL: https://github.com/apache/superset/pull/17419
### SUMMARY A recent PR #17111 that fixed 500s being returned when a virtual table query contained a word prefixed by a colon (e.g. ":foo") caused a regression that unnecessarily also escaped similar strings that contained/ended in a colon (e.g. ":foo:" or ":foo:bar"). The relevant pieces of the SQLAlchemy codebase: Replacement logic: https://github.com/sqlalchemy/sqlalchemy/blob/main/lib/sqlalchemy/sql/elements.py#L1781-L1787 Regular expression that is used for identifying bind parameters: https://github.com/sqlalchemy/sqlalchemy/blob/6206f0ff74e95c9339dc0f0e26caab55e9bcda45/lib/sqlalchemy/sql/elements.py#L1756 The problem with the regular expression above `(?<![:\w\x5c]):(\w+)(?!:)` is that it falsely identifies bind parameters that contain a colon as the string until the penultimate character before the colon. For example, the string ":foo:bar" is flagged as the bind parameter "fo", as it matches the string up until the last character that isn't a colon, leaving out the last o in the string (all while it shouldn't even identify the string as a bind parameter). Downstream in the code these false positives are apparently somehow excluded, but I was unable to see how this is done. ### AFTER Now all strings including colons are properly either escaped or left unescaped for SQLAlchemy, so they can be rendered without escaping characters in the final query:  ### BEFORE Before the virtual table was incorrectly escaped in multiple places:  ## TESTING INSTRUCTIONS <!--- Required! What steps can be taken to manually verify the changes? --> ### ADDITIONAL INFORMATION <!--- Check any relevant boxes with "x" --> <!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue --> - [ ] Has associated issue: - [ ] Required feature flags: - [ ] Changes UI - [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351)) - [ ] Migration is atomic, supports rollback & is backwards-compatible - [ ] Confirm DB migration upgrade and downgrade tested - [ ] Runtime estimates and downtime expectations provided - [ ] Introduces new feature or API - [ ] Removes existing feature or API -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
