rusackas commented on code in PR #41306:
URL: https://github.com/apache/superset/pull/41306#discussion_r3456943242
##########
superset/views/base_api.py:
##########
@@ -223,6 +223,27 @@ def incr_stats(self, action: str, func_name: str) -> None:
f"{self.__class__.__name__}.{func_name}.{action}"
)
+ def log_rejected_field_access(self, func_name: str, column_name: str) ->
None:
+ """Emit a security log event when a related/distinct field is rejected.
+
+ The allowlist check itself blocks the request; this records the attempt
+ in the structured log (alongside the existing statsd counter) so that
+ rejected field access is visible to security monitoring and forensics,
+ with the caller's identity, the endpoint, and the attempted value.
+ """
+ # Sanitize the user-supplied column name to a single, bounded token so
+ # it cannot inject newlines or forge extra log lines.
+ sanitized_column = "".join(
+ ch for ch in str(column_name) if ch.isprintable() and ch not in
"\r\n"
+ )[:200]
Review Comment:
Fair point — `=` and spaces could forge a fake token. Tightened the
sanitizer to alphanumeric plus `_-.` and replaced anything else with `?`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
