bito-code-review[bot] commented on code in PR #40567:
URL: https://github.com/apache/superset/pull/40567#discussion_r3345139558
##########
superset/models/helpers.py:
##########
@@ -1412,6 +1414,23 @@ def query(self, query_obj: QueryObjectDict) ->
QueryResult:
qry_start_dttm = datetime.now()
query_str_ext = self.get_query_str_extended(query_obj)
sql = query_str_ext.sql
+
+ # Mirror the DISALLOWED_SQL_* gate that sql_lab.execute_sql_statement
+ # enforces so both query surfaces honour the same denylist.
+ engine = self.db_engine_spec.engine
+ disallowed_functions =
app.config["DISALLOWED_SQL_FUNCTIONS"].get(engine, set())
+ disallowed_tables = app.config["DISALLOWED_SQL_TABLES"].get(engine,
set())
+ if disallowed_functions or disallowed_tables:
+ parsed_script = SQLScript(sql, engine=engine)
+ if disallowed_functions and parsed_script.check_functions_present(
+ disallowed_functions
+ ):
+ raise
SupersetDisallowedSQLFunctionException(disallowed_functions)
+ if disallowed_tables and parsed_script.check_tables_present(
+ disallowed_tables
+ ):
+ raise SupersetDisallowedSQLTableException(disallowed_tables)
Review Comment:
<div>
<div id="suggestion">
<div id="issue"><b>Inconsistent table error reporting</b></div>
<div id="fix">
The `SupersetDisallowedSQLTableException` receives the full
`disallowed_tables` set rather than only the tables actually found in the
query. Compare with `sql_lab.py:420-427` which correctly filters to
`found_tables`. This produces misleading error messages showing all configured
denylisted tables instead of just the ones used.
</div>
<details>
<summary>
<b>Code suggestion</b>
</summary>
<blockquote>Check the AI-generated fix before applying</blockquote>
<div id="code">
```
--- a/superset/models/helpers.py
+++ b/superset/models/helpers.py
@@ -1427,8 +1427,15 @@ class Query(ExposableAsync):
):
raise
SupersetDisallowedSQLFunctionException(disallowed_functions)
if disallowed_tables and parsed_script.check_tables_present(
disallowed_tables
):
- raise
SupersetDisallowedSQLTableException(disallowed_tables)
+ # Report only the tables actually found in the query
+ found_tables = set()
+ for statement in parsed_script.statements:
+ present = {table.table.lower() for table in
statement.tables}
+ for table in disallowed_tables:
+ if table.lower() in present:
+ found_tables.add(table)
+ raise SupersetDisallowedSQLTableException(found_tables or
disallowed_tables)
status = QueryStatus.SUCCESS
errors = None
```
</div>
</details>
</div>
<small><i>Code Review Run #7244fd</i></small>
</div>
---
Should Bito avoid suggestions like this for future reviews? (<a
href=https://alpha.bito.ai/home/ai-agents/review-rules>Manage Rules</a>)
- [ ] Yes, avoid them
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
