rusackas opened a new pull request, #40863: URL: https://github.com/apache/superset/pull/40863
### SUMMARY Two legacy viz code paths iterate a user-supplied list and issue one or more database queries per entry, with no bound on the list length: - `NVD3TimeSeriesViz.run_extra_queries()` over `form_data['time_compare']` - `DeckGLMultiLayer.get_data()` over `form_data['deck_slices']` A single request with a large list therefore fans out into many queries. This adds two configurable upper bounds, checked **before** the loop runs: | Config | Default | |--------|---------| | `VIZ_TIME_COMPARE_MAX_LIST_SIZE` | `10` | | `VIZ_DECK_SLICES_MAX_LIST_SIZE` | `10` | Set either to `0` to disable the bound. An over-limit list raises a clear `QueryObjectValidationError` instead of issuing the queries. The default of 10 is well above normal usage for these (deprecated) chart types. ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF N/A — backend validation. ### TESTING INSTRUCTIONS ``` pytest tests/unit_tests/test_viz_get_df_payload.py ``` New tests: an over-limit `time_compare` and an over-limit `deck_slices` each raise; a `time_compare` within the limit proceeds normally. ### ADDITIONAL INFORMATION - [ ] Has associated issue: - [ ] Required feature flags: - [ ] Changes UI - [ ] Includes DB Migration - [x] Introduces new feature or API - [ ] Removes existing feature or API 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
