codeant-ai-for-open-source[bot] commented on code in PR #40746:
URL: https://github.com/apache/superset/pull/40746#discussion_r3404576202
##########
superset/mcp_service/user/schemas.py:
##########
@@ -104,6 +107,31 @@ class UserInfo(BaseModel):
"access via get_user_info; not available in list_users because roles "
"is a relationship, not a selectable column)",
)
+
+ @field_validator("roles", mode="before")
+ @classmethod
+ def _extract_role_names(cls, v: Any) -> list[str] | None:
+ """Coerce Role ORM objects to their .name strings."""
+ if v is None:
+ return None
+ if isinstance(v, str):
+ # Preserve Pydantic's default rejection of bare strings for
list[str].
+ raise ValueError("roles must be a list, not a string")
+ result: list[str] = []
+ for item in v:
+ if isinstance(item, str):
+ result.append(item)
+ continue
+ try:
+ if hasattr(item, "name") and isinstance(item.name, str):
+ result.append(item.name)
+ except DetachedInstanceError:
+ logger.debug(
+ "Skipping role with detached instance in UserInfo.roles
coercion"
+ )
+ continue
+ return result
Review Comment:
**🟠Architect Review — HIGH**
The new roles coercion path returns raw role names without LLM-context
sanitization, and serialize_user_object now forwards those values directly,
regressing from the prior behavior where each role string was sanitized before
exposure to MCP clients; role names are admin-editable and can contain
delimiter or prompt-injection content.
**Suggestion:** Restore the previous sanitization contract for roles by
running each coerced role name through sanitize_for_llm_context (either inside
_extract_role_names or when setting roles in serialize_user_object) so role
strings are wrapped like other user-controlled text before being placed into
LLM context.
[Fix in
Cursor](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=406ddbe30a0f4bc99307ef8085222b6c&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
| [Fix in VSCode
Claude](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=406ddbe30a0f4bc99307ef8085222b6c&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
*(Use Cmd/Ctrl + Click for best experience)*
<details>
<summary><b>Prompt for AI Agent 🤖 </b></summary>
```mdx
This is an **Architect / Logical Review** comment left during a code review.
These reviews are first-class, important findings — not optional suggestions.
Do NOT dismiss this as a 'big architectural change' just because the title says
architect review; most of these can be resolved with a small, localized fix
once the intent is understood.
**Path:** superset/mcp_service/user/schemas.py
**Line:** 111:133
**Comment:**
*HIGH: The new roles coercion path returns raw role names without
LLM-context sanitization, and serialize_user_object now forwards those values
directly, regressing from the prior behavior where each role string was
sanitized before exposure to MCP clients; role names are admin-editable and can
contain delimiter or prompt-injection content.
Validate the correctness of the flagged issue. If correct, How can I resolve
this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative
instruction. If no explicit code suggestion is given, you MUST still draft and
apply your own minimal, localized fix — do not punt back with 'no suggestion
provided, review manually'. Keep the change as small as possible: add a guard
clause, gate on a loading state, reorder an await, wrap in a conditional, etc.
Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask
user if the user wants to fix the rest of the comments as well. if said yes,
then fetch all the comments validate the correctness and implement a minimal fix
```
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
