Copilot commented on code in PR #36783: URL: https://github.com/apache/superset/pull/36783#discussion_r2638093116
########## tests/unit_tests/models/test_core_database_password_encoding.py: ########## @@ -0,0 +1,193 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +"""Unit tests for database password encoding in sqlalchemy_uri_decrypted.""" + +from __future__ import annotations + +from unittest.mock import MagicMock, patch + +import pytest +from sqlalchemy.engine.url import make_url + +from superset.models.core import Database + + +def _create_db_with_password(password: str | None) -> Database: + """Helper to create a Database with a password.""" + return Database( + database_name="test_db", + sqlalchemy_uri="postgresql://user@localhost:5432/testdb", + password=password, + ) + + +@patch("superset.models.core.has_app_context") +def test_password_with_percent_literal(mock_has_app_context: MagicMock) -> None: + """Test password with literal percent character.""" + mock_has_app_context.return_value = False + password = "pass%123" # noqa: S105 + + db = _create_db_with_password(password) + decrypted_uri = db.sqlalchemy_uri_decrypted + parsed = make_url(decrypted_uri) + + assert parsed.password == password + + +@patch("superset.models.core.has_app_context") +def test_password_with_single_percent(mock_has_app_context: MagicMock) -> None: + """Test password with single percent.""" + mock_has_app_context.return_value = False + password = "%" # noqa: S105 + + db = _create_db_with_password(password) + decrypted_uri = db.sqlalchemy_uri_decrypted + parsed = make_url(decrypted_uri) + + assert parsed.password == password + + +@patch("superset.models.core.has_app_context") [email protected]( + "password", + [ + "p@ss!word", # noqa: S105 + "pass#word", # noqa: S105 + "pass&word", # noqa: S105 + "pass:word", # noqa: S105 + "pass/word", # noqa: S105 + "pass?word", # noqa: S105 + "pass=word", # noqa: S105 + "p@ss%w0rd", # noqa: S105 + "p@ss%25", # noqa: S105 + ], Review Comment: Consider adding test cases for additional edge cases such as passwords containing spaces, backslashes, and unicode characters to ensure comprehensive coverage of the encoding logic. For example: "pass word" (with space), "pass\\word" (with backslash), or "pässwörd" (with unicode). ########## superset/models/core.py: ########## @@ -1149,20 +1149,36 @@ def get_schema_access_for_file_upload( # pylint: disable=invalid-name @property def sqlalchemy_uri_decrypted(self) -> str: + """Return the decrypted SQLAlchemy URI with properly encoded password.""" try: conn = make_url_safe(self.sqlalchemy_uri) except DatabaseInvalidError: # if the URI is invalid, ignore and return a placeholder url # (so users see 500 less often) return "dialect://invalid_uri" + + # Determine plaintext password from config or model if has_app_context(): if custom_password_store := app.config["SQLALCHEMY_CUSTOM_PASSWORD_STORE"]: - conn = conn.set(password=custom_password_store(conn)) + raw_password = custom_password_store(conn) else: - conn = conn.set(password=self.password) + raw_password = self.password else: - conn = conn.set(password=self.password) - return str(conn) + raw_password = self.password + + # Encode the password such that special characters + # are preserved when rendering to string and reparsing the URL. + if raw_password is not None: + from urllib.parse import quote Review Comment: The `urllib.parse.quote` import should be moved to the top of the file with other imports rather than being imported inline within the conditional block. Inline imports can impact performance when this property is accessed frequently and reduce code readability. ########## tests/unit_tests/models/test_core_database_password_encoding.py: ########## @@ -0,0 +1,193 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +"""Unit tests for database password encoding in sqlalchemy_uri_decrypted.""" + +from __future__ import annotations + +from unittest.mock import MagicMock, patch + +import pytest +from sqlalchemy.engine.url import make_url + +from superset.models.core import Database + + +def _create_db_with_password(password: str | None) -> Database: + """Helper to create a Database with a password.""" + return Database( + database_name="test_db", + sqlalchemy_uri="postgresql://user@localhost:5432/testdb", + password=password, + ) + + +@patch("superset.models.core.has_app_context") +def test_password_with_percent_literal(mock_has_app_context: MagicMock) -> None: + """Test password with literal percent character.""" + mock_has_app_context.return_value = False + password = "pass%123" # noqa: S105 + + db = _create_db_with_password(password) + decrypted_uri = db.sqlalchemy_uri_decrypted + parsed = make_url(decrypted_uri) + + assert parsed.password == password + + +@patch("superset.models.core.has_app_context") +def test_password_with_single_percent(mock_has_app_context: MagicMock) -> None: + """Test password with single percent.""" + mock_has_app_context.return_value = False + password = "%" # noqa: S105 + + db = _create_db_with_password(password) + decrypted_uri = db.sqlalchemy_uri_decrypted + parsed = make_url(decrypted_uri) + + assert parsed.password == password + + +@patch("superset.models.core.has_app_context") [email protected]( + "password", + [ + "p@ss!word", # noqa: S105 + "pass#word", # noqa: S105 + "pass&word", # noqa: S105 + "pass:word", # noqa: S105 + "pass/word", # noqa: S105 + "pass?word", # noqa: S105 + "pass=word", # noqa: S105 + "p@ss%w0rd", # noqa: S105 + "p@ss%25", # noqa: S105 + ], +) +def test_password_with_special_chars( + mock_has_app_context: MagicMock, password: str +) -> None: + """Test password with various special characters.""" + mock_has_app_context.return_value = False + + db = _create_db_with_password(password) + decrypted_uri = db.sqlalchemy_uri_decrypted + parsed = make_url(decrypted_uri) + + assert parsed.password == password + + +@patch("superset.models.core.has_app_context") +def test_password_empty(mock_has_app_context: MagicMock) -> None: + """Test empty password handling.""" + mock_has_app_context.return_value = False + db = _create_db_with_password("") + decrypted_uri = db.sqlalchemy_uri_decrypted + parsed = make_url(decrypted_uri) + + assert parsed.password in ("", None) + + +@patch("superset.models.core.has_app_context") +def test_password_none(mock_has_app_context: MagicMock) -> None: + """Test None password handling.""" + mock_has_app_context.return_value = False + db = _create_db_with_password(None) + decrypted_uri = db.sqlalchemy_uri_decrypted + parsed = make_url(decrypted_uri) + + assert parsed.password is None or parsed.password == "" + + +@patch("superset.models.core.has_app_context") +def test_roundtrip_invariant(mock_has_app_context: MagicMock) -> None: + """Test password survives roundtrip""" Review Comment: The docstring is missing a period at the end. Docstrings should end with proper punctuation for consistency. ```suggestion """Test password survives roundtrip.""" ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
