bito-code-review[bot] commented on code in PR #38777: URL: https://github.com/apache/superset/pull/38777#discussion_r2968299193
########## docs/admin_docs/configuration/sql-templating.mdx: ########## @@ -18,10 +18,19 @@ To enable templating, the `ENABLE_TEMPLATE_PROCESSING` [feature flag](/admin-doc :::warning[Security Warning] -While powerful, this feature executes template code on the server. Within the Superset security model, this is **intended functionality**, as users with permissions to edit charts and virtual datasets are considered **trusted users**. +This feature executes Jinja template code **on the server** at query time. Within the Superset security model, this is **intended functionality** — users who can edit charts or virtual datasets are explicitly treated as **trusted users**. -If you grant these permissions to untrusted users, this feature can be exploited as a **Server-Side Template Injection (SSTI)** vulnerability. Do not enable `ENABLE_TEMPLATE_PROCESSING` unless you fully understand and accept the associated security risks. +**Do not enable `ENABLE_TEMPLATE_PROCESSING` unless all users with chart/dataset write access are fully trusted.** Specifically: +- Any user with `can_write` permission on Datasets or Charts can embed arbitrary Jinja expressions in SQL templates. +- A malicious or compromised user can use this to perform **Server-Side Template Injection (SSTI)**, which can lead to **remote code execution (RCE)** on the Superset server — not just data exposure. +- The `url_param()` macro injects URL query-string values directly into SQL **without output escaping**. Any user who can construct or share a URL (including links to embedded dashboards) can influence the rendered SQL. Always validate or escape `url_param()` values in your templates when building SQL clauses. +- The Jinja sandbox is **not enabled** by default. Standard Python object traversal (`''.__class__.__mro__[...].__subclasses__()`) is available to template authors. Review Comment: <div> <div id="suggestion"> <div id="issue"><b>Security Documentation Inaccuracy</b></div> <div id="fix"> The documentation incorrectly states that the Jinja sandbox is not enabled by default. However, Superset's `jinja_context.py` uses `SandboxedEnvironment` for all templating operations, which blocks the mentioned object traversal attacks. This misstatement could mislead users about security risks. </div> </div> <small><i>Code Review Run #58ac87</i></small> </div> --- Should Bito avoid suggestions like this for future reviews? (<a href=https://alpha.bito.ai/home/ai-agents/review-rules>Manage Rules</a>) - [ ] Yes, avoid them -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
