Skip to content

Commit

Permalink
fix: check type of url before performing string actions (apache#19569)
Browse files Browse the repository at this point in the history
* ensure url is a string

* return url if param is a url
  • Loading branch information
eschutho authored and philipher29 committed Jun 9, 2022
1 parent a834ad0 commit 2d767c9
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 6 deletions.
18 changes: 12 additions & 6 deletions superset/databases/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
from typing import Any, Dict, List, Optional
from typing import Any, Dict, List, Optional, Union

from sqlalchemy.engine.url import make_url, URL

Expand Down Expand Up @@ -104,15 +104,21 @@ def get_table_metadata(
}


def make_url_safe(raw_url: str) -> URL:
def make_url_safe(raw_url: Union[str, URL]) -> URL:
"""
Wrapper for SQLAlchemy's make_url(), which tends to raise too detailed of
errors, which inevitably find their way into server logs. ArgumentErrors
tend to contain usernames and passwords, which makes them non-log-friendly
:param raw_url:
:return:
"""
try:
return make_url(raw_url.strip()) # noqa
except Exception:
raise DatabaseInvalidError() # pylint: disable=raise-missing-from

if isinstance(raw_url, str):
url = raw_url.strip()
try:
return make_url(url) # noqa
except Exception:
raise DatabaseInvalidError() # pylint: disable=raise-missing-from

else:
return raw_url
40 changes: 40 additions & 0 deletions tests/unit_tests/databases/utils_test.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.

from sqlalchemy.engine.url import make_url
from sqlalchemy.orm.session import Session

from superset.databases.utils import make_url_safe


def test_make_url_safe_string(app_context: None, session: Session) -> None:
"""
Test converting a string to a safe uri
"""
uri_string = "postgresql+psycopg2://superset:***@127.0.0.1:5432/superset"
uri_safe = make_url_safe(uri_string)
assert str(uri_safe) == uri_string
assert uri_safe == make_url(uri_string)


def test_make_url_safe_url(app_context: None, session: Session) -> None:
"""
Test converting a url to a safe uri
"""
uri = make_url("postgresql+psycopg2://superset:***@127.0.0.1:5432/superset")
uri_safe = make_url_safe(uri)
assert uri_safe == uri

0 comments on commit 2d767c9

Please sign in to comment.