betodealmeida opened a new pull request #13185: URL: https://github.com/apache/superset/pull/13185
### SUMMARY <!--- Describe the change below, including rationale and design decisions --> [shillelagh](https://github.com/betodealmeida/shillelagh/) is a Python module that provides a SQLAlchemy dialect and DB API 2.0 implementation to a variety of non-SQL resources. For example, it can be used to query CSV files using SQL, fetch weather data from https://www.weatherapi.com/. The library has 100% unit test coverage and uses SQLite virtual tables to allow efficiently accessing the resources as if they were tables in a database. The current module that we use to access Google Spreadsheets is [gsheetsdb](https://github.com/betodealmeida/gsheets-db-api/), which depends on the unmaintained [moz-sql-parser](https://github.com/mozilla/moz-sql-parser). In addition to the dependency, `gsheetsdb` implements a code transpiler, and uses pre and post-processors to fetch data from the spreadsheet, making the code somewhat brittle. This week I implemented [a Google Spreadsheets adapter in shillelagh](https://github.com/betodealmeida/shillelagh/blob/master/src/shillelagh/adapters/api/gsheets.py), aiming to deprecate the `gsheetsdb` module. The implementation is a drop-in replacement, and users should be able to uninstall the `gsheetsdb` module and install the `shillelagh` module to have existing queries, datasets and charts continue working. This works because `shillelagh` [registers a SQLAlchemy dialect called "gsheets"](https://github.com/betodealmeida/shillelagh/blob/master/setup.cfg#L83). This way SQLAlchemy will use `shillelagh` for all engines with the URL "gsheets://". This is an in-memory only backend, without access to the filesystem, so it's safe to use. On the other hand, `shillelagh` also registers its own dialect (aptly named "shilleagh"). That dialect is unsafe, as a malicious user could use it to read data from the filesystem by enabling the CSV adapter. For security reasons, I disabled the "shillelagh" dialect unless `PREVENT_UNSAFE_DB_CONNECTIONS` is on. ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF <!--- Skip this if not applicable --> N/A ### TEST PLAN <!--- What steps should be taken to verify the changes --> Tested SQL Editor and charts reading from Google spreadsheets, everything works. ### ADDITIONAL INFORMATION <!--- Check any relevant boxes with "x" --> <!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue --> - [ ] Has associated issue: - [ ] Changes UI - [ ] Requires DB Migration. - [ ] Confirm DB Migration upgrade and downgrade tested. - [ ] Introduces new feature or API - [ ] Removes existing feature or API ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
