Copilot commented on code in PR #40668:
URL: https://github.com/apache/superset/pull/40668#discussion_r3338878094
##########
superset/extensions/utils.py:
##########
@@ -254,6 +254,20 @@ def build_extension_data(extension: LoadedExtension) ->
dict[str, Any]:
return extension_data
+def is_extension_blocked(extension: LoadedExtension) -> bool:
+ """
+ Return True if the extension is denied by the ``EXTENSION_BLOCKLIST``
config.
+
+ Each blocklist entry is either an extension id (blocks every version of
that
+ extension) or ``"<id>@<version>"`` (blocks only that exact version).
+ """
+ blocklist = set(current_app.config.get("EXTENSION_BLOCKLIST") or [])
+ if not blocklist:
+ return False
+ manifest = extension.manifest
+ return manifest.id in blocklist or f"{manifest.id}@{manifest.version}" in
blocklist
Review Comment:
`LoadedExtension` already exposes `id` and `version` fields; using
`extension.manifest.id/version` here duplicates the source of truth and makes
the function more brittle if those ever diverge. Prefer using `extension.id`
and `extension.version` directly.
##########
superset/config.py:
##########
@@ -2525,6 +2525,11 @@ class ExtraDynamicQueryFilters(TypedDict, total=False):
LOCAL_EXTENSIONS: list[str] = []
EXTENSIONS_PATH: str | None = None
+# Extensions that must not be loaded, even if present in LOCAL_EXTENSIONS or
+# EXTENSIONS_PATH. Each entry is an extension id (blocks every version) or
+# "<id>@<version>" (blocks a specific version). Use this to disable an
+# extension found to be vulnerable or otherwise undesirable.
+EXTENSION_BLOCKLIST: list[str] = []
Review Comment:
`EXTENSION_BLOCKLIST` introduces a new public config knob, but
`superset/config.py` consistently uses `*_DENYLIST` for operator-controlled
disable lists (e.g. `TIME_GRAIN_DENYLIST`, `VIZ_TYPE_DENYLIST`,
`DBS_AVAILABLE_DENYLIST`). To keep config naming consistent and avoid
introducing two terms for the same concept, consider renaming this to
`EXTENSION_DENYLIST` (and updating references/tests/docs accordingly).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
