codeant-ai-for-open-source[bot] commented on code in PR #37516:
URL: https://github.com/apache/superset/pull/37516#discussion_r3579166017
##########
superset/commands/chart/data/streaming_export_command.py:
##########
@@ -66,12 +90,22 @@ def _get_sql_and_database(self) -> tuple[str, Any, str |
None, str | None]:
# Note: datasource should already be attached to a session from
query_context
datasource = self._query_context.datasource
query_obj = self._query_context.queries[0]
- sql_query = datasource.get_query_str(query_obj.to_dict())
- database = getattr(datasource, "database", None)
- catalog = getattr(datasource, "catalog", None)
- schema = getattr(datasource, "schema", None)
+ if (
+ not isinstance(datasource, _SQLDatasource)
+ or not callable(datasource.get_query_str_extended)
+ or datasource.database is None
+ ):
+ raise QueryObjectValidationError(
+ _("Streaming CSV export requires a SQL datasource")
+ )
+ database = datasource.database
+ sql_query = datasource.get_query_str_extended(query_obj.to_dict()).sql
+ if not isinstance(sql_query, str) or not sql_query.strip():
+ raise QueryObjectValidationError(
+ _("Streaming CSV export requires executable SQL")
Review Comment:
**Suggestion:** The new validation now raises `QueryObjectValidationError`
during streaming setup, but the chart data API path that invokes this command
does not catch that exception during response construction. For large CSV
exports this can surface as a 500 instead of a user-facing 4xx/fallback
behavior. Convert this to a handled chart-data exception (or catch it at the
API call site) so invalid/non-SQL streaming requests fail gracefully. [api
mismatch]
<details>
<summary><b>Severity Level:</b> Major ⚠️</summary>
```mdx
- ❌ Streaming CSV /api/v1/chart/data returns 500.
- ⚠️ Users see generic backend error, not validation message.
- ⚠️ Validation failures misclassified as server-side errors.
```
</details>
<details>
<summary><b>Steps of Reproduction ✅ </b></summary>
```mdx
1. The POST /api/v1/chart/data endpoint is implemented by
ChartDataRestApi.data in
superset/charts/data/api.py:59-155, which builds a QueryContext from the
incoming payload
and constructs a ChartDataCommand, then calls
self._get_data_response(command,
form_data=..., datasource=query_context.datasource, filename=...,
expected_rows=...) at
lines 148-155.
2. ChartDataRestApi._get_data_response (superset/charts/data/api.py:97-120)
executes the
ChartDataCommand with ChartDataExecutionOptions(force_cached=force_cached),
then passes
the ChartDataExecutionResult into self._send_chart_response(result,
form_data, datasource,
filename, expected_rows, dashboard_filter_context) at lines 238-247.
3. In _send_chart_response (superset/charts/data/api.py:238-323, 520-52),
when the
result_format is CSV and table-like, and the computed row count meets the
configured
streaming threshold, self._should_use_streaming(result, form_data) returns
True (logic at
superset/charts/data/api.py:102-121, 727-21), so _send_chart_response calls
self._create_streaming_csv_response(result, form_data, filename=filename,
expected_rows=expected_rows) at lines 520-23 and 539-542.
4. _create_streaming_csv_response (superset/charts/data/api.py:727-84)
constructs a
StreamingCSVExportCommand(query_context, chunk_size) for the query_context
embedded in the
ChartDataExecutionResult, calls command.validate(), and then calls
csv_generator_callable
= command.run(); BaseStreamingCSVExportCommand.run
(superset/commands/streaming_export/base.py:80-91) immediately calls
self._get_sql_and_database() to obtain the SQL string and Database object
before building
the generator.
5. StreamingCSVExportCommand._get_sql_and_database
(superset/commands/chart/data/streaming_export_command.py:80-108) now
validates that
query_context.datasource satisfies the _SQLDatasource Protocol and that
get_query_str_extended(...) produces a non-empty SQL string; if the
datasource is non-SQL
(missing get_query_str_extended or database) or returns an empty SQL, it
raises
QueryObjectValidationError(_("Streaming CSV export requires a SQL
datasource")) or
QueryObjectValidationError(_("Streaming CSV export requires executable
SQL")) at lines
93-105, which is not caught by _create_streaming_csv_response or
ChartDataRestApi.data.
6. Because ChartDataRestApi.data is decorated with @statsd_metrics but not
@handle_api_exception (superset/charts/data/api.py:50-58), the
QueryObjectValidationError
propagates out of the view; statsd_metrics
(superset/views/base_api.py:119-136) logs a
warning based on ex.status but re-raises, and the exception is finally
handled only by the
global Flask error handler in superset/views/error_handling.py:214-233,
where it is caught
under except Exception as ex and passed to json_error_response(...) with the
default
status=500, causing clients of /api/v1/chart/data streaming CSV exports to
receive a
generic 500 response instead of a 400-level validation error with a clear
message about
the invalid/non-SQL datasource.
```
</details>
[](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=0a0f902a4fd44427bc901672117c0712&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
[](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=0a0f902a4fd44427bc901672117c0712&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
*(Use Cmd/Ctrl + Click for best experience)*
<details>
<summary><b>Prompt for AI Agent 🤖 </b></summary>
```mdx
This is a comment left during a code review.
**Path:** superset/commands/chart/data/streaming_export_command.py
**Line:** 93:105
**Comment:**
*Api Mismatch: The new validation now raises
`QueryObjectValidationError` during streaming setup, but the chart data API
path that invokes this command does not catch that exception during response
construction. For large CSV exports this can surface as a 500 instead of a
user-facing 4xx/fallback behavior. Convert this to a handled chart-data
exception (or catch it at the API call site) so invalid/non-SQL streaming
requests fail gracefully.
Validate the correctness of the flagged issue. If correct, How can I resolve
this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask
user if the user wants to fix the rest of the comments as well. if said yes,
then fetch all the comments validate the correctness and implement a minimal fix
```
</details>
<a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F37516&comment_hash=c2bdba0322d7d857574d88cdacc2803fa37c37d58886fb04a276af24dc7877be&reaction=like'>👍</a>
| <a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F37516&comment_hash=c2bdba0322d7d857574d88cdacc2803fa37c37d58886fb04a276af24dc7877be&reaction=dislike'>👎</a>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]