codeant-ai-for-open-source[bot] commented on code in PR #40647:
URL: https://github.com/apache/superset/pull/40647#discussion_r3464142723
##########
tests/unit_tests/config_test.py:
##########
@@ -312,3 +312,123 @@ def test_full_setting(
assert dttm_col.is_dttm
assert dttm_col.python_date_format == "epoch_s"
assert dttm_col.expression == "CAST(dttm as INTEGER)"
+
+
+def test_smtp_ssl_server_auth_defaults_to_true() -> None:
+ """
+ The shipped default for SMTP_SSL_SERVER_AUTH validates the SMTP server's
+ TLS certificate. Operators can still opt out by overriding it to False.
+ """
+ from superset import config
+
+ assert config.SMTP_SSL_SERVER_AUTH is True
+
+
+def _smtp_config(**overrides: Any) -> dict[str, Any]:
+ """
+ Build a minimal SMTP config dict for ``send_mime_email`` tests, with
+ plaintext transport defaults; keyword ``overrides`` replace any key.
+ """
+ config = {
+ "SMTP_HOST": "localhost",
+ "SMTP_PORT": 25,
+ "SMTP_USER": "",
+ "SMTP_PASSWORD": "",
+ "SMTP_STARTTLS": False,
+ "SMTP_SSL": False,
+ "SMTP_SSL_SERVER_AUTH": True,
+ }
+ config.update(overrides)
+ return config
+
+
+def test_send_mime_email_ssl_server_auth_passes_context(
+ mocker: MockerFixture,
+) -> None:
+ """
+ With SMTP_SSL and SMTP_SSL_SERVER_AUTH enabled, ``send_mime_email`` builds
a
+ default SSL context and threads it through to ``smtplib.SMTP_SSL`` so the
+ server certificate is validated.
+ """
+ from email.mime.multipart import MIMEMultipart
+
+ from superset.utils import core as utils
+
+ create_default_context = mocker.patch(
+ "superset.utils.core.ssl.create_default_context"
+ )
+ smtp_ssl = mocker.patch("smtplib.SMTP_SSL")
+ smtp = mocker.patch("smtplib.SMTP")
+
+ utils.send_mime_email(
+ "from",
+ ["to"],
+ MIMEMultipart(),
+ _smtp_config(SMTP_SSL=True, SMTP_SSL_SERVER_AUTH=True),
+ dryrun=False,
+ )
+
+ create_default_context.assert_called_once_with()
+ assert not smtp.called
+ smtp_ssl.assert_called_once_with(
+ "localhost", 25, context=create_default_context.return_value
+ )
Review Comment:
**Suggestion:** This assertion is missing the `timeout` keyword argument,
but `send_mime_email` always calls `smtplib.SMTP_SSL(..., timeout=...)`
(defaulting to 30 when not provided). The mock expectation will fail even when
SSL context behavior is correct. Include the expected timeout (or assert on
specific kwargs) so the test validates the intended contract instead of failing
on a signature mismatch. [api mismatch]
<details>
<summary><b>Severity Level:</b> Critical 🚨</summary>
```mdx
- ❌ Test `test_send_mime_email_ssl_server_auth_passes_context` always fails.
- ⚠️ CI for email-notification changes can be blocked by failure.
```
</details>
<details>
<summary><b>Steps of Reproduction ✅ </b></summary>
```mdx
1. Run the unit test `test_send_mime_email_ssl_server_auth_passes_context` in
`tests/unit_tests/config_test.py:345-376` (e.g. `pytest
tests/unit_tests/config_test.py::test_send_mime_email_ssl_server_auth_passes_context`).
2. Inside the test, `utils.send_mime_email(...)` from
`superset/utils/core.py:927-973` is
called with `_smtp_config(SMTP_SSL=True, SMTP_SSL_SERVER_AUTH=True)` so
`smtp_ssl` is
truthy and `smtp_ssl_server_auth` is True.
3. In `send_mime_email` the code at `superset/utils/core.py:941-960` computes
`smtp_timeout = config.get("SMTP_TIMEOUT", 30)` and then calls
`smtplib.SMTP_SSL(smtp_host, smtp_port, context=ssl_context,
timeout=smtp_timeout)` (line
955-958), which with the test config becomes `SMTP_SSL("localhost", 25,
context=<ctx>,
timeout=30)`.
4. Back in the test, the assertion at
`tests/unit_tests/config_test.py:371-375` executes
`smtp_ssl.assert_called_once_with("localhost", 25,
context=create_default_context.return_value)`, which omits the `timeout`
keyword argument;
pytest raises an `AssertionError` because the recorded mock call includes
`timeout=30`, so
the test fails even though the SSL context behavior is correct.
```
</details>
[](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=b2519db7d433413ca0207caa56ce8b6c&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
[](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=b2519db7d433413ca0207caa56ce8b6c&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
*(Use Cmd/Ctrl + Click for best experience)*
<details>
<summary><b>Prompt for AI Agent 🤖 </b></summary>
```mdx
This is a comment left during a code review.
**Path:** tests/unit_tests/config_test.py
**Line:** 373:375
**Comment:**
*Api Mismatch: This assertion is missing the `timeout` keyword
argument, but `send_mime_email` always calls `smtplib.SMTP_SSL(...,
timeout=...)` (defaulting to 30 when not provided). The mock expectation will
fail even when SSL context behavior is correct. Include the expected timeout
(or assert on specific kwargs) so the test validates the intended contract
instead of failing on a signature mismatch.
Validate the correctness of the flagged issue. If correct, How can I resolve
this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask
user if the user wants to fix the rest of the comments as well. if said yes,
then fetch all the comments validate the correctness and implement a minimal fix
```
</details>
<a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40647&comment_hash=9b3bb1e2006eca6c59efab88e28e727d223853272641ca559112ad1932eb2351&reaction=like'>👍</a>
| <a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40647&comment_hash=9b3bb1e2006eca6c59efab88e28e727d223853272641ca559112ad1932eb2351&reaction=dislike'>👎</a>
##########
tests/unit_tests/config_test.py:
##########
@@ -312,3 +312,123 @@ def test_full_setting(
assert dttm_col.is_dttm
assert dttm_col.python_date_format == "epoch_s"
assert dttm_col.expression == "CAST(dttm as INTEGER)"
+
+
+def test_smtp_ssl_server_auth_defaults_to_true() -> None:
+ """
+ The shipped default for SMTP_SSL_SERVER_AUTH validates the SMTP server's
+ TLS certificate. Operators can still opt out by overriding it to False.
+ """
+ from superset import config
+
+ assert config.SMTP_SSL_SERVER_AUTH is True
+
+
+def _smtp_config(**overrides: Any) -> dict[str, Any]:
+ """
+ Build a minimal SMTP config dict for ``send_mime_email`` tests, with
+ plaintext transport defaults; keyword ``overrides`` replace any key.
+ """
+ config = {
+ "SMTP_HOST": "localhost",
+ "SMTP_PORT": 25,
+ "SMTP_USER": "",
+ "SMTP_PASSWORD": "",
+ "SMTP_STARTTLS": False,
+ "SMTP_SSL": False,
+ "SMTP_SSL_SERVER_AUTH": True,
+ }
+ config.update(overrides)
+ return config
+
+
+def test_send_mime_email_ssl_server_auth_passes_context(
+ mocker: MockerFixture,
+) -> None:
+ """
+ With SMTP_SSL and SMTP_SSL_SERVER_AUTH enabled, ``send_mime_email`` builds
a
+ default SSL context and threads it through to ``smtplib.SMTP_SSL`` so the
+ server certificate is validated.
+ """
+ from email.mime.multipart import MIMEMultipart
+
+ from superset.utils import core as utils
+
+ create_default_context = mocker.patch(
+ "superset.utils.core.ssl.create_default_context"
+ )
+ smtp_ssl = mocker.patch("smtplib.SMTP_SSL")
+ smtp = mocker.patch("smtplib.SMTP")
+
+ utils.send_mime_email(
+ "from",
+ ["to"],
+ MIMEMultipart(),
+ _smtp_config(SMTP_SSL=True, SMTP_SSL_SERVER_AUTH=True),
+ dryrun=False,
+ )
+
+ create_default_context.assert_called_once_with()
+ assert not smtp.called
+ smtp_ssl.assert_called_once_with(
+ "localhost", 25, context=create_default_context.return_value
+ )
+
+
+def test_send_mime_email_starttls_server_auth_passes_context(
+ mocker: MockerFixture,
+) -> None:
+ """
+ With STARTTLS and SMTP_SSL_SERVER_AUTH enabled, ``send_mime_email`` builds
a
+ default SSL context and threads it through to ``starttls`` so the server
+ certificate is validated.
+ """
+ from email.mime.multipart import MIMEMultipart
+
+ from superset.utils import core as utils
+
+ create_default_context = mocker.patch(
+ "superset.utils.core.ssl.create_default_context"
+ )
+ smtp = mocker.patch("smtplib.SMTP")
+
+ utils.send_mime_email(
+ "from",
+ ["to"],
+ MIMEMultipart(),
+ _smtp_config(SMTP_STARTTLS=True, SMTP_SSL_SERVER_AUTH=True),
+ dryrun=False,
+ )
+
+ create_default_context.assert_called_once_with()
+ smtp.return_value.starttls.assert_called_once_with(
+ context=create_default_context.return_value
+ )
+
+
+def test_send_mime_email_server_auth_disabled_skips_context(
+ mocker: MockerFixture,
+) -> None:
+ """
+ When SMTP_SSL_SERVER_AUTH is disabled no SSL context is built and ``None``
is
+ passed through, preserving the opt-out (certificate validation skipped).
+ """
+ from email.mime.multipart import MIMEMultipart
+
+ from superset.utils import core as utils
+
+ create_default_context = mocker.patch(
+ "superset.utils.core.ssl.create_default_context"
+ )
+ smtp_ssl = mocker.patch("smtplib.SMTP_SSL")
+
+ utils.send_mime_email(
+ "from",
+ ["to"],
+ MIMEMultipart(),
+ _smtp_config(SMTP_SSL=True, SMTP_SSL_SERVER_AUTH=False),
+ dryrun=False,
+ )
+
+ assert not create_default_context.called
+ smtp_ssl.assert_called_once_with("localhost", 25, context=None)
Review Comment:
**Suggestion:** This assertion also omits the `timeout` keyword, but
`send_mime_email` invokes `SMTP_SSL` with `timeout` in all paths. As written,
the test will fail despite correctly verifying that server-auth is disabled.
Add the timeout expectation (or inspect call kwargs) to match the real function
contract. [api mismatch]
<details>
<summary><b>Severity Level:</b> Critical 🚨</summary>
```mdx
- ❌ Test `test_send_mime_email_server_auth_disabled_skips_context` fails.
- ⚠️ Weakens verification of SMTP SSL server-auth opt-out.
```
</details>
<details>
<summary><b>Steps of Reproduction ✅ </b></summary>
```mdx
1. Run the unit test
`test_send_mime_email_server_auth_disabled_skips_context` in
`tests/unit_tests/config_test.py:409-434` (e.g. `pytest
tests/unit_tests/config_test.py::test_send_mime_email_server_auth_disabled_skips_context`).
2. The test calls `utils.send_mime_email(...)` from
`superset/utils/core.py:927-973` with
`_smtp_config(SMTP_SSL=True, SMTP_SSL_SERVER_AUTH=False)`, so `smtp_ssl` is
truthy and
`smtp_ssl_server_auth` is False.
3. In `send_mime_email`, `smtp_timeout = config.get("SMTP_TIMEOUT", 30)` is
computed at
`superset/utils/core.py:941-945`; since `smtp_ssl_server_auth` is False,
`ssl_context` is
set to `None` at line 954, and then `smtplib.SMTP_SSL(smtp_host, smtp_port,
context=ssl_context, timeout=smtp_timeout)` is invoked at lines 955-958, i.e.
`SMTP_SSL("localhost", 25, context=None, timeout=30)` in this test.
4. The assertion at `tests/unit_tests/config_test.py:433-434` executes
`smtp_ssl.assert_called_once_with("localhost", 25, context=None)`, which
omits the
`timeout` keyword argument present in the actual mock call, causing pytest
to raise an
`AssertionError` and the test to fail despite correctly skipping SSL context
creation.
```
</details>
[](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=09430e40b593419ca0866089a53cb997&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
[](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=09430e40b593419ca0866089a53cb997&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
*(Use Cmd/Ctrl + Click for best experience)*
<details>
<summary><b>Prompt for AI Agent 🤖 </b></summary>
```mdx
This is a comment left during a code review.
**Path:** tests/unit_tests/config_test.py
**Line:** 434:434
**Comment:**
*Api Mismatch: This assertion also omits the `timeout` keyword, but
`send_mime_email` invokes `SMTP_SSL` with `timeout` in all paths. As written,
the test will fail despite correctly verifying that server-auth is disabled.
Add the timeout expectation (or inspect call kwargs) to match the real function
contract.
Validate the correctness of the flagged issue. If correct, How can I resolve
this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask
user if the user wants to fix the rest of the comments as well. if said yes,
then fetch all the comments validate the correctness and implement a minimal fix
```
</details>
<a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40647&comment_hash=66494096deaffd91d80db90f8a22934646a5901bfb6780a533d86048a2e4d6c2&reaction=like'>👍</a>
| <a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40647&comment_hash=66494096deaffd91d80db90f8a22934646a5901bfb6780a533d86048a2e4d6c2&reaction=dislike'>👎</a>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
