[PR] fix(mcp): escape LIKE wildcards in MCP list tool search filters [superset]

Tue, 02 Jun 2026 07:53:03 -0700 


aminghadersohi opened a new pull request, #40682:
URL: https://github.com/apache/superset/pull/40682

   ### SUMMARY
   
   All 10+ MCP list tools (`list_users`, `list_rls_filters`, `list_roles`, 
`list_reports`, etc.) delegate to `BaseDAO._build_query()` and `BaseDAO.list()` 
in `superset/daos/base.py`. Both methods build search filters with:
   
   ```python
   cast(column, Text).ilike(f"%{search}%")
   ```
   
   `search="%"` is a single character that passes every existing Pydantic 
validator. The resulting pattern `ILIKE '%%'` matches **every row**, allowing 
an admin to enumerate all records regardless of the intended search intent — 
LIKE wildcard injection.
   
   **Fix:** Added a `_escape_like()` static method that escapes `\`, `%`, and 
`_` before interpolation, and passes `escape="\\"` to `ilike()`. Applied at 
**both** call sites.
   
   ```python
   @staticmethod
   def _escape_like(value: str) -> str:
       return value.replace("\\", "\\\\").replace("%", "\\%").replace("_", 
"\\_")
   
   # usage
   cast(column, Text).ilike(f"%{cls._escape_like(search)}%", escape="\\")
   ```
   
   All affected tools are admin-only (the MCP API enforces admin 
authentication), so blast radius is limited. Related prior fix for 
`find_users`: #40631.
   
   ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
   
   N/A — backend-only change.
   
   ### TESTING INSTRUCTIONS
   
   1. Run the new regression test:
      ```bash
      pytest 
tests/integration_tests/dao/base_dao_test.py::test_base_dao_list_search_wildcard_injection
 -v
      ```
   2. Verify `search="%"` returns 0 results for an admin with no users whose 
username contains a literal `%`.
   3. Verify `search="admin"` still returns users matching "admin" normally.
   
   ### ADDITIONAL INFORMATION
   
   - [ ] Has associated issue:
   - [ ] Required feature flags:
   - [ ] Changes UI
   - [ ] Includes DB Migration
   - [ ] Introduces new feature or API
   - [ ] Removes existing feature or API


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to