bito-code-review[bot] commented on PR #41017:
URL: https://github.com/apache/superset/pull/41017#issuecomment-4700730192
<!-- Bito Reply -->
The flagged issue is correct. The current `freeze_value` implementation only
handles top-level dictionary keys and fails to normalize nested structures like
`orderby` tuples containing adhoc column dictionaries, which causes legitimate
Time Grain changes to be incorrectly flagged as tampering.
To resolve this, you should implement a recursive normalization function
that traverses dictionaries, lists, and tuples to strip the
`GUEST_OVERRIDABLE_VALUE_KEYS` from any nested dictionaries before
serialization. Here is a concise implementation:
```python
def freeze_value(value: Any) -> str:
def normalize(val: Any) -> Any:
if isinstance(val, dict):
return {k: normalize(v) for k, v in val.items() if k not in
GUEST_OVERRIDABLE_VALUE_KEYS}
if isinstance(val, (list, tuple)):
return [normalize(item) for item in val]
return val
return json.dumps(normalize(value), sort_keys=True)
```
Regarding other comments on this PR: there are no other review comments in
the provided `pr_comments.csv` file.
**superset/security/manager.py**
```
def freeze_value(value: Any) -> str:
def normalize(val: Any) -> Any:
if isinstance(val, dict):
return {k: normalize(v) for k, v in val.items() if k not in
GUEST_OVERRIDABLE_VALUE_KEYS}
if isinstance(val, (list, tuple)):
return [normalize(item) for item in val]
return val
return json.dumps(normalize(value), sort_keys=True)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
