sha174n commented on code in PR #40499: URL: https://github.com/apache/superset/pull/40499#discussion_r3406285754
########## superset/sql/parse.py: ########## @@ -54,6 +55,43 @@ logger = logging.getLogger(__name__) +# Fallback parse-length bound applied when no Flask app context is active +# (Alembic migrations, scripts, isolated unit tests). The runtime value is +# read from `SQL_MAX_PARSE_LENGTH` in app config; keep these two in sync. +_DEFAULT_MAX_PARSE_LENGTH: int = 1_000_000 + + +def _check_script_length(script: str, engine: str | None) -> None: + """ + Reject scripts whose UTF-8 byte length exceeds the configured maximum + before they reach sqlglot. Sits at every code path in this module that + hands a string to ``sqlglot.parse`` or ``sqlglot.parse_one`` so the + bound cannot be bypassed by a direct caller. + + The check is in bytes, not Unicode code points, because the + threat model is parser memory and CPU on the encoded payload that + sqlglot ingests. + """ + if has_app_context(): + max_length = current_app.config.get( + "SQL_MAX_PARSE_LENGTH", _DEFAULT_MAX_PARSE_LENGTH + ) + else: + max_length = _DEFAULT_MAX_PARSE_LENGTH Review Comment: Fixed in 90493ef955: the no-app-context branch now sources the fallback from `superset.config.SQL_MAX_PARSE_LENGTH` instead of a duplicated hardcoded constant, so the default tracks configuration. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
