codeant-ai-for-open-source[bot] commented on code in PR #40801:
URL: https://github.com/apache/superset/pull/40801#discussion_r3362360810
##########
superset/views/base.py:
##########
@@ -727,12 +727,21 @@ def apply(self, query: Query, value: Any) -> Query:
class CsvResponse(Response):
"""
- Override Response to take into account csv encoding from config.py
+ Response that encodes its body with the configured CSV_EXPORT encoding.
+
+ Werkzeug 3.0 removed ``Response.charset``, which this class relied on,
+ so the configured encoding (e.g. the default "utf-8-sig") was silently
+ ignored and bodies were always plain utf-8.
"""
- charset = app.config["CSV_EXPORT"].get("encoding", "utf-8")
default_mimetype = "text/csv"
+ def __init__(self, response: Any = None, *args: Any, **kwargs: Any) ->
None:
+ encoding = app.config["CSV_EXPORT"].get("encoding", "utf-8")
+ if isinstance(response, str):
+ response = response.encode(encoding)
Review Comment:
**Suggestion:** This now unconditionally reads `CSV_EXPORT` from config
before checking the payload type. If `CSV_EXPORT` is absent in a minimal/custom
app config, `CsvResponse` raises `KeyError` even for byte payloads that do not
need re-encoding. Read the config defensively (with `.get`) and only resolve
the encoding inside the `str` branch so byte responses remain pass-through.
[incorrect condition logic]
<details>
<summary><b>Severity Level:</b> Major ⚠️</summary>
```mdx
- ❌ Chart CSV exports crash if CSV_EXPORT missing.
- ❌ SQL Lab CSV exports crash under misconfigured CSV_EXPORT.
- ⚠️ Reusing CsvResponse in minimal Flask apps unsafe.
- ⚠️ Byte payload responses can raise unexpected KeyError.
```
</details>
<details>
<summary><b>Steps of Reproduction ✅ </b></summary>
```mdx
1. Create a minimal Flask app modeled after
`tests/unit_tests/sqllab/api_test.py:10-17`,
but omit the configuration line `app.config["CSV_EXPORT"] = {"encoding":
"utf-8"}` so the
Flask app has no `CSV_EXPORT` key in its config.
2. Within this app (inside `app.app_context()`), import `CsvResponse` from
`superset/views/base.py` (class defined at `superset/views/base.py:728-744`)
and construct
a response with a bytes payload, e.g. `CsvResponse(b"test")`, similar to how
`CsvResponse`
is used in `tests/unit_tests/views/test_base.py:22-26`.
3. When `CsvResponse.__init__` runs at `superset/views/base.py:739-743`, it
executes
`encoding = app.config["CSV_EXPORT"].get("encoding", "utf-8")` (line 740 in
the PR hunk),
which attempts to index `app.config["CSV_EXPORT"]` before checking
`isinstance(response,
str)` at line 741.
4. Because `app.config` has no `"CSV_EXPORT"` key in this minimal/custom
setup, Python
raises a `KeyError` at `superset/views/base.py:740`, causing the
request/test to fail even
though the payload is already bytes and does not need re-encoding; this
demonstrates that
unconditional config access can crash CSV responses for byte payloads when
`CSV_EXPORT` is
absent.
```
</details>
[Fix in
Cursor](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=b44245f233b243bd8757d73ab73e3e32&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
| [Fix in VSCode
Claude](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=b44245f233b243bd8757d73ab73e3e32&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
*(Use Cmd/Ctrl + Click for best experience)*
<details>
<summary><b>Prompt for AI Agent 🤖 </b></summary>
```mdx
This is a comment left during a code review.
**Path:** superset/views/base.py
**Line:** 740:742
**Comment:**
*Incorrect Condition Logic: This now unconditionally reads `CSV_EXPORT`
from config before checking the payload type. If `CSV_EXPORT` is absent in a
minimal/custom app config, `CsvResponse` raises `KeyError` even for byte
payloads that do not need re-encoding. Read the config defensively (with
`.get`) and only resolve the encoding inside the `str` branch so byte responses
remain pass-through.
Validate the correctness of the flagged issue. If correct, How can I resolve
this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask
user if the user wants to fix the rest of the comments as well. if said yes,
then fetch all the comments validate the correctness and implement a minimal fix
```
</details>
<a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40801&comment_hash=cf8b67200424c5cd336c67aa5da23ad11673001192cedcae3948e4e2aa394288&reaction=like'>👍</a>
| <a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40801&comment_hash=cf8b67200424c5cd336c67aa5da23ad11673001192cedcae3948e4e2aa394288&reaction=dislike'>👎</a>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
