rusackas opened a new pull request, #40655:
URL: https://github.com/apache/superset/pull/40655
### SUMMARY
Five small, low-risk hardening / correctness fixes:
1. **Temporary cache create command contract** —
`CreateTemporaryCacheCommand.run()` now calls `self.validate()` before
`self.create()`, honoring the `BaseCommand` contract. `validate()` is a no-op
today, but this ensures future validation cannot be silently bypassed.
2. **Async chart-data job init guard** —
`CreateAsyncChartDataJobCommand.run()` relied on `validate()` having populated
`_async_channel_id`. It now raises a clear `RuntimeError` if called before
`validate()`, instead of surfacing a bare `AttributeError`.
3. **Export filename sanitization** — the chart-data CSV export builds a
`Content-Disposition` header from a client-provided `filename`. The
client-provided value is now passed through Werkzeug's `secure_filename()`
(with a safe fallback) before being placed in the header, matching the
sanitization already applied to the generated filename branch.
4. **Export token validation** — the database and dataset export endpoints
echo a client-provided `token` query param back as a cookie name. A shared
`sanitize_cookie_token()` helper (in `superset/utils/core.py`) now validates it
against `^[A-Za-z0-9_-]{1,128}$`; invalid tokens are ignored.
5. **Explicit cache TTLs** — the filter-state and explore form-data create
commands called `cache.set(...)` with no timeout. They now pass an explicit
timeout sourced from `FILTER_STATE_CACHE_CONFIG` /
`EXPLORE_FORM_DATA_CACHE_CONFIG` `CACHE_DEFAULT_TIMEOUT`, so behavior no longer
relies on the backend default.
### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
N/A — backend-only changes.
### TESTING INSTRUCTIONS
Unit tests added/extended and passing:
```
python -m pytest \
tests/unit_tests/commands/explore/form_data/test_create.py \
tests/unit_tests/commands/dashboard/filter_state_create_test.py \
tests/unit_tests/commands/temporary_cache_create_test.py \
tests/unit_tests/commands/chart/create_async_job_command_test.py \
tests/unit_tests/charts/data/streaming_filename_test.py \
tests/unit_tests/utils/test_core.py
```
Covers: validate() is invoked before create(); run() guard before
validate(); client filename is sanitized in the header; invalid cookie tokens
are rejected; `cache.set` receives an explicit timeout.
`python -m ruff check` passes on all changed files.
### ADDITIONAL INFORMATION
- [ ] Has associated issue:
- [ ] Required feature flags:
- [ ] Changes UI
- [ ] Includes DB Migration (follow approval process in
[SIP-59](https://github.com/apache/superset/issues/13351))
- [ ] Migration is atomic, supports rollback & is backwards-compatible
- [ ] Confirm DB migration upgrade and downgrade tested
- [ ] Runtime estimates and downtime expectations provided
- [ ] Introduces new feature or API
- [ ] Removes existing feature or API
🤖 Generated with [Claude Code](https://claude.com/claude-code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
