codeant-ai-for-open-source[bot] commented on code in PR #41196:
URL: https://github.com/apache/superset/pull/41196#discussion_r3434647430
##########
superset/mcp_service/sql_lab/tool/execute_sql.py:
##########
@@ -108,13 +112,28 @@ async def execute_sql(request: ExecuteSqlRequest, ctx:
Context) -> ExecuteSqlRes
error_type=SupersetErrorType.DATABASE_NOT_FOUND_ERROR.value,
)
- if not security_manager.can_access_database(database):
+ # Mirror the SQL Lab UI's access check
(CanAccessQueryValidatorImpl):
+ # a blanket `database_access` grant is sufficient, but in its
+ # absence a user who owns or has `datasource_access` on every
+ # dataset referenced by the SQL is also allowed through. Using
+ # the narrower can_access_database() check alone here previously
+ # rejected MCP callers that the web UI would have let through.
+ try:
+ security_manager.raise_for_access(
+ database=database,
+ sql=request.sql,
+ schema=request.schema_name,
+ catalog=request.catalog,
+ template_params=request.template_params,
+ force_dataset_match=True,
+ )
+ except SupersetSecurityException as security_exc:
Review Comment:
**Suggestion:** The new access pre-check only handles
`SupersetSecurityException`, but `raise_for_access(...)` can also raise
non-security exceptions during SQL/Jinja parsing (for example template/parsing
failures). Those exceptions now bypass this block and hit the outer generic
`except Exception` path, which re-raises and turns a user input error into an
unhandled tool failure. Catch and map the known access-check parse/template
exceptions to a structured `ExecuteSqlResponse` (as done for other validation
failures) instead of letting them escape. [api mismatch]
<details>
<summary><b>Severity Level:</b> Major ⚠️</summary>
```mdx
- ❌ MCP execute_sql crashes on malformed Jinja-templated SQL.
- ⚠️ SQL exploration via MCP returns opaque tool failures.
- ⚠️ Inconsistent error handling vs DDL parse validation.
```
</details>
<details>
<summary><b>Steps of Reproduction ✅ </b></summary>
```mdx
1. Invoke the MCP `execute_sql` tool as documented in
`superset/mcp_service/app.py:81-99`
(e.g. via an MCP client) using the `execute_sql(request={{\"database_id\":
<id>, \"sql\":
\"SELECT {{ foo }}\"}})` workflow.
2. Ensure the target database exists and is accessible, then call
`execute_sql()` in
`superset/mcp_service/sql_lab/tool/execute_sql.py:72-138` with `request.sql`
containing
invalid or unrenderable Jinja (e.g. `SELECT {{ missing_var }}`) and
`request.template_params={}` or mismatched params.
3. Inside `execute_sql`, the code enters the DB validation block at
`execute_sql.py:97-139` and calls
`security_manager.raise_for_access(database=database,
sql=request.sql, schema=request.schema_name, catalog=request.catalog,
template_params=request.template_params, force_dataset_match=True)` within
the inner
`try:` at lines 121-129.
4. `SupersetSecurityManager.raise_for_access` in
`superset/security/manager.py:3115-3225`
constructs a SQL Lab `Query` and calls `process_jinja_sql(sql_for_parse,
database,
parse_template_params)` at `manager.py:135-139`, which is implemented in
`superset/sql/parse.py:1744-69` and documented to raise
`jinja2.exceptions.TemplateError`
when the Jinja SQL cannot be rendered.
5. When `process_jinja_sql` raises `TemplateError` (or another
non-`SupersetSecurityException` parsing error), this exception is not caught
by the inner
`except SupersetSecurityException as security_exc:` at
`execute_sql.py:130-138`, so it
bubbles up to the outer `except Exception as e:` at
`execute_sql.py:256-259`, which logs
`"SQL execution failed"` and then re-raises, causing the MCP tool call to
fail with an
unhandled server error instead of returning a structured
`ExecuteSqlResponse` like the DDL
parse block does at `execute_sql.py:145-181`.
```
</details>
[](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=88e9af2f2aba4e949e32e66f7516b89d&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
[](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=88e9af2f2aba4e949e32e66f7516b89d&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
*(Use Cmd/Ctrl + Click for best experience)*
<details>
<summary><b>Prompt for AI Agent 🤖 </b></summary>
```mdx
This is a comment left during a code review.
**Path:** superset/mcp_service/sql_lab/tool/execute_sql.py
**Line:** 121:130
**Comment:**
*Api Mismatch: The new access pre-check only handles
`SupersetSecurityException`, but `raise_for_access(...)` can also raise
non-security exceptions during SQL/Jinja parsing (for example template/parsing
failures). Those exceptions now bypass this block and hit the outer generic
`except Exception` path, which re-raises and turns a user input error into an
unhandled tool failure. Catch and map the known access-check parse/template
exceptions to a structured `ExecuteSqlResponse` (as done for other validation
failures) instead of letting them escape.
Validate the correctness of the flagged issue. If correct, How can I resolve
this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask
user if the user wants to fix the rest of the comments as well. if said yes,
then fetch all the comments validate the correctness and implement a minimal fix
```
</details>
<a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F41196&comment_hash=c8202ac2eba5bfe70f1d3c398a2b8064a7a674ac6771e5e08379c973dfae0acc&reaction=like'>👍</a>
| <a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F41196&comment_hash=c8202ac2eba5bfe70f1d3c398a2b8064a7a674ac6771e5e08379c973dfae0acc&reaction=dislike'>👎</a>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
