codeant-ai-for-open-source[bot] commented on PR #36850: URL: https://github.com/apache/superset/pull/36850#issuecomment-3695023134
## Nitpicks 🔍 <table> <tr><td>🔒 <strong>No security issues identified</strong></td></tr> <tr><td>⚡ <strong>Recommended areas for review</strong><br><br> - [ ] <a href='https://github.com/apache/superset/pull/36850/files#diff-4de7ed14a617a2aeae101734c998bbd3c08a41b2100f9a032b82cdb87ee5293cR317-R349'><strong>Unsafe flask.g access</strong></a><br>The new `needs_oauth2` implementations directly reference `g` in a boolean expression (`if not (g and hasattr(g, "user")):`). Accessing `flask.g` outside a request/app context raises a RuntimeError; the current guard triggers that access and can cause crashes during CLI/background tasks. Use `flask.has_request_context()` (or equivalent) to guard usage of `g`.<br> - [ ] <a href='https://github.com/apache/superset/pull/36850/files#diff-4de7ed14a617a2aeae101734c998bbd3c08a41b2100f9a032b82cdb87ee5293cR46-R56'><strong>Missing dummy method on ParamEscaper</strong></a><br>A dummy `ParamEscaper` class is declared when `databricks.sql.utils` cannot be imported, but it doesn't implement `escape_string`. Calls to `self.pe.escape_string(...)` will raise AttributeError when the real module isn't available. Either provide a no-op `escape_string` implementation or guard usage when the real module is absent.<br> - [ ] <a href='https://github.com/apache/superset/pull/36850/files#diff-4de7ed14a617a2aeae101734c998bbd3c08a41b2100f9a032b82cdb87ee5293cR873-R889'><strong>Fragile host extraction</strong></a><br>In `DatabricksPythonConnectorEngineSpec.get_oauth2_authorization_uri`/`get_oauth2_token_uri` the code indexes `["host"]` from `get_parameters_from_uri(...)`, which can raise a KeyError if the host key is missing; ODBC variant uses `.get(...)` with a fallback to `make_url_safe`, which is safer and should be reused.<br> </td></tr> </table> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
