bito-code-review[bot] commented on PR #41285:
URL: https://github.com/apache/superset/pull/41285#issuecomment-4770418142
<!-- Bito Reply -->
The flagged issue is correct. Exposing internal backend integer IDs in a
public API can lead to security risks and tight coupling between the frontend
and backend data models. To resolve this, you should use a UUID or a
non-exported internal identifier for the tab state.
### Recommended Fix
In `superset-frontend/packages/superset-core/src/sqlLab/index.ts`, update
the `Tab` interface to use a UUID-based identifier instead of the backend
integer ID:
```typescript
/**
* The stable public identifier for this tab.
*/
publicId: string;
```
If you need to map this to the backend ID, keep the backend ID as a private
or internal property that is not exposed through the public extension API.
Would you like me to fetch all other comments on this PR to validate and
implement fixes for them as well?
**superset-frontend/packages/superset-core/src/sqlLab/index.ts**
```
/**
* The stable public identifier for this tab.
*/
publicId: string;
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
