Abdulrehman-PIAIC80387 opened a new pull request, #40495:
URL: https://github.com/apache/superset/pull/40495
### SUMMARY
Addresses **Bug 1** of #40465. The streaming CSV export path (added in
#35478) sends raw chart SQL directly to `connection.execute(text(sql))` without
first calling `database.mutate_sql_based_on_config()`. Every other Superset
execution site (SQL Lab, chart-data JSON, alerts, validators, helpers) routes
SQL through that mutator so engine-spec / config transforms are applied.
The most visible consequence is on **Trino**: the SQL Superset generates for
a chart ends with `LIMIT N;`, and Trino's HTTP statement endpoint rejects
trailing semicolons with `mismatched input ';'. Expecting: <EOF>`. Because the
streaming response has already flushed headers by the time the exception fires,
the user receives an HTTP 200 with the sentinel `__STREAM_ERROR__: Export
failed...` written into what should have been their CSV file.
### Fix
In `superset/commands/streaming_export/base.py::_execute_query_and_stream`,
run the SQL through the same mutator the non-streaming paths use:
```diff
+ mutated_sql = merged_database.mutate_sql_based_on_config(sql)
with merged_database.get_sqla_engine(...) as engine:
with engine.connect() as connection:
result_proxy = connection.execution_options(
stream_results=True
- ).execute(text(sql))
+ ).execute(text(mutated_sql))
```
### TESTING INSTRUCTIONS
```bash
pytest tests/unit_tests/commands/chart/streaming_export_command_test.py \
tests/unit_tests/commands/sql_lab/streaming_export_command_test.py -v
```
- **New regression test** `test_streaming_sql_is_mutated_before_execute`
confirms `mutate_sql_based_on_config` is called with the raw chart SQL and that
the *mutated* string is what `connection.execute` receives.
- Both shared test fixtures stub the mutator as a passthrough so the
existing 27 streaming-export tests continue to pass unchanged.
Result locally: **28 / 28 pass**.
### Out of scope (Bug 2 from #40465)
The issue also reports that **user impersonation is bypassed** on the
streaming path — every export shows up in the Trino query log as the service
principal regardless of which Superset user triggered it. Verifying that
requires reproducing against an impersonation-enabled Trino, which is out of
scope for this PR. Tracking separately so the security-sensitive change gets
its own review.
### ADDITIONAL INFORMATION
- [x] Has associated issue: #40465
- [ ] Required feature flags:
- [ ] Changes UI
- [ ] Includes DB Migration
- [ ] Introduces new feature or API
- [ ] Removes existing feature or API
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
