bito-code-review[bot] commented on code in PR #40963:
URL: https://github.com/apache/superset/pull/40963#discussion_r3436038358
##########
superset/sql/execution/executor.py:
##########
@@ -691,16 +716,36 @@ def _check_disallowed_functions(self, script: SQLScript)
-> set[str] | None:
if not engine_disallowed:
return None
- # Check each statement for disallowed functions
- found = set()
- for statement in script.statements:
- # Use the statement's AST to check for function calls
- statement_str = str(statement).upper()
- for func in engine_disallowed:
- if func.upper() in statement_str:
- found.add(func)
+ present = script.get_present_functions()
+ found = {func for func in engine_disallowed if func.upper() in present}
+ return found or None
+
+ def _check_disallowed_functions_in_raw_sql(self, sql: str) -> set[str] |
None:
+ """
+ Fallback, text-based disallowed-function check for SQL that failed
+ to parse entirely.
+
+ This is intentionally only used when AST parsing fails (see
+ ``_prepare_sql``) — using a word-boundary regex on raw SQL as the
+ primary check would reintroduce the false positives the AST-based
+ ``_check_disallowed_functions`` was built to avoid.
+
+ :param sql: Raw (rendered) SQL that could not be parsed
+ :returns: Set of disallowed functions found, or None if none found
+ """
+ disallowed_config = app.config.get("DISALLOWED_SQL_FUNCTIONS", {})
+ engine_name = self.database.db_engine_spec.engine
+
+ engine_disallowed = disallowed_config.get(engine_name, set())
+ if not engine_disallowed:
+ return None
- return found if found else None
+ found = {
+ func
+ for func in engine_disallowed
+ if re.search(rf"\b{re.escape(func)}\b", sql, re.IGNORECASE)
+ }
+ return found or None
Review Comment:
<div>
<div id="suggestion">
<div id="issue"><b>Missing test for parse-failure fallback</b></div>
<div id="fix">
The new `_check_disallowed_functions_in_raw_sql` fallback path lacks test
coverage. The existing `test_execute_disallowed_mysql_kill_function` test
exercises the normal AST-based path, but the new fallback triggered when
`SQLScript` raises `SupersetParseError` is not exercised. Add a test that mocks
`SQLScript` parsing to fail and verifies the raw-SQL regex fallback correctly
detects disallowed functions.
</div>
</div>
<small><i>Code Review Run #149501</i></small>
</div>
---
Should Bito avoid suggestions like this for future reviews? (<a
href=https://alpha.bito.ai/home/ai-agents/review-rules>Manage Rules</a>)
- [ ] Yes, avoid them
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
