bito-code-review[bot] commented on code in PR #39756: URL: https://github.com/apache/superset/pull/39756#discussion_r3377858725
########## superset/semantic_layers/mapper.py: ########## @@ -56,6 +56,7 @@ from superset.connectors.sqla.models import BaseDatasource from superset.constants import NO_TIME_RANGE from superset.models.helpers import QueryResult +from superset.result_set import stringify_extension_columns Review Comment: <div> <div id="suggestion"> <div id="issue"><b>Missing test coverage for extension columns</b></div> <div id="fix"> The new import `stringify_extension_columns` is used in 3 locations (lines 125, 159, 233) but no existing test exercises this code path. All mapper_test.py tests create `SemanticResult` via `pa.Table.from_pandas()` which produces plain tables without extension types, so `stringify_extension_columns` is never invoked. Add a test with `pa.ExtensionArray.from_storage(pa.uuid(), ...)` to cover this branch. </div> </div> <small><i>Code Review Run #055a37</i></small> </div> --- Should Bito avoid suggestions like this for future reviews? (<a href=https://alpha.bito.ai/home/ai-agents/review-rules>Manage Rules</a>) - [ ] Yes, avoid them ########## requirements/base.in: ########## @@ -30,7 +30,7 @@ cryptography>=46.0.7,<47.0.0 # Security: Snyk - XSS vulnerability in Mako templates mako>=1.3.11,<2.0.0 # Security: CVE-2024-52338 (CRITICAL) - Deserialization of untrusted data in IPC/Parquet readers -pyarrow>=20.0.0,<21.0.0 +pyarrow>=24.0.0,<25.0.0 Review Comment: <div> <div id="suggestion"> <div id="issue"><b>CWE-20: Incorrect CVE Citation</b></div> <div id="fix"> The comment incorrectly cites CVE-2024-52338 as a PyArrow vulnerability. This CVE affects the Apache Arrow R package (versions 4.0.0-16.1.0), not PyArrow (Python bindings). PyArrow 20.0.0 is already patched against CVE-2023-47248 (the actual PyArrow deserialization RCE, fixed in 14.0.1). Snyk reports no known security issues for pyarrow 24.0.0. If upgrading for security reasons, either correct the CVE reference or clarify the actual motivation. (See also: [CWE-20](https://cwe.mitre.org/data/definitions/20.html)) </div> </div> <small><i>Code Review Run #055a37</i></small> </div> --- Should Bito avoid suggestions like this for future reviews? (<a href=https://alpha.bito.ai/home/ai-agents/review-rules>Manage Rules</a>) - [ ] Yes, avoid them -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
