codeant-ai-for-open-source[bot] commented on code in PR #41127:
URL: https://github.com/apache/superset/pull/41127#discussion_r3565610617
##########
superset/sql_lab.py:
##########
@@ -474,12 +474,24 @@ def execute_sql_statements( # noqa: C901
for statement in parsed_script.statements:
apply_limit(query, statement)
- # some databases (like BigQuery and Kusto) do not persist state across
mmultiple
+ # some databases (like BigQuery and Kusto) do not persist state across
multiple
# statements if they're run separately (especially when using `NullPool`),
so we run
# the query as a single block.
if db_engine_spec.run_multiple_statements_as_one:
blocks =
[parsed_script.format(comments=db_engine_spec.allows_sql_comments)]
else:
+ if not app.config["MUTATE_AFTER_SPLIT"]:
+ # `MUTATE_AFTER_SPLIT=False` means the mutator should see the
whole,
+ # un-split query, but this engine executes statements individually.
+ # Mutate the whole block up front and re-parse it, so the
per-statement
+ # split below (and the per-block mutation call further down, which
is a
+ # no-op here since its `is_split=True` no longer matches the
config)
+ # operate on the already-mutated SQL.
+ mutated_sql = database.mutate_sql_based_on_config(
+
parsed_script.format(comments=db_engine_spec.allows_sql_comments),
+ is_split=False,
+ )
+ parsed_script = SQLScript(mutated_sql,
engine=db_engine_spec.engine)
Review Comment:
**Suggestion:** After mutating and re-parsing the SQL, this path does not
validate that at least one executable statement remains. If a mutator returns
only comments/whitespace (or otherwise strips all statements), `blocks` becomes
empty, the execution loop is skipped, and the function later dereferences an
uninitialized `result_set`, causing a runtime failure instead of a controlled
SQL error. Add a post-parse guard that raises a proper SQL Lab exception when
no statements remain. [logic error]
<details>
<summary><b>Severity Level:</b> Major ⚠️</summary>
```mdx
- ❌ SQL Lab query fails with UnboundLocalError on execution.
- ⚠️ Error message confusing; no indication mutator stripped statements.
- ⚠️ Governance mutators can't cleanly deny queries via mutation.
```
</details>
<details>
<summary><b>Steps of Reproduction ✅ </b></summary>
```mdx
1. Configure a SQL query mutator via `app.config["SQL_QUERY_MUTATOR"]` that,
for certain
inputs, returns only comments or whitespace (no executable statements), and
set
`app.config["MUTATE_AFTER_SPLIT"] = False` so it is invoked on the unsplit
script (see
`Database.mutate_sql_based_on_config` in `superset/models/core.py:700-724`,
which calls
the mutator and returns its output without validating it).
2. Use a database engine whose
`db_engine_spec.run_multiple_statements_as_one` is False
(multi-statement execution) and submit a SQL Lab query through the UI so
that Celery task
`get_sql_results` in `superset/sql_lab.py:170-28` is invoked with a rendered
SQL script
that the mutator will strip down to comments/whitespace.
3. In `get_sql_results`, the request flows into `execute_sql_statements`
defined in
`superset/sql_lab.py:391-569`; when building statement blocks for execution,
the code hits
the new mutation-and-reparse block at `superset/sql_lab.py:490-494`, where
`mutated_sql =
database.mutate_sql_based_on_config(...)` returns a comment/whitespace-only
script and
`parsed_script = SQLScript(mutated_sql, engine=db_engine_spec.engine)`
constructs a
`SQLScript` whose `statements` list is empty (see `SQLScript.__init__` in
`superset/sql/parse.py:15-23`, which uses `SQLStatement.split_script` and
allows 0
statements).
4. Back in `execute_sql_statements`, `blocks` is built from
`parsed_script.statements` at
`superset/sql_lab.py:66-69`, producing an empty list; `block_count =
len(blocks)` at line
85 is 0, the `for i, block in enumerate(blocks)` loop at lines 86-131 is
skipped so
`result_set` is never assigned, and the function then reaches the success
path at
`superset/sql_lab.py:137-140` where `query.rows = result_set.size`
dereferences
`result_set` and raises an `UnboundLocalError: local variable 'result_set'
referenced
before assignment`, resulting in an internal runtime error instead of a
controlled “no
statements to execute” SQL Lab error.
```
</details>
[](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=7e038721c68546df877261e448a14b25&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
[](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=7e038721c68546df877261e448a14b25&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
*(Use Cmd/Ctrl + Click for best experience)*
<details>
<summary><b>Prompt for AI Agent 🤖 </b></summary>
```mdx
This is a comment left during a code review.
**Path:** superset/sql_lab.py
**Line:** 490:494
**Comment:**
*Logic Error: After mutating and re-parsing the SQL, this path does not
validate that at least one executable statement remains. If a mutator returns
only comments/whitespace (or otherwise strips all statements), `blocks` becomes
empty, the execution loop is skipped, and the function later dereferences an
uninitialized `result_set`, causing a runtime failure instead of a controlled
SQL error. Add a post-parse guard that raises a proper SQL Lab exception when
no statements remain.
Validate the correctness of the flagged issue. If correct, How can I resolve
this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask
user if the user wants to fix the rest of the comments as well. if said yes,
then fetch all the comments validate the correctness and implement a minimal fix
```
</details>
<a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F41127&comment_hash=3072117d16ac4c9178cc938fbd20b9cc75d077c8899f9a3148c09f48f93445c8&reaction=like'>👍</a>
| <a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F41127&comment_hash=3072117d16ac4c9178cc938fbd20b9cc75d077c8899f9a3148c09f48f93445c8&reaction=dislike'>👎</a>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]