Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Validate jinja rendered query #22851

Merged
merged 13 commits into from
Feb 21, 2023
Merged

fix: Validate jinja rendered query #22851

Changes from 7 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
2ed9279
Merge branch 'master' of https://github.com/apache/superset into fix/…
geido Jan 25, 2023
c78943f
Validate rendered query
geido Jan 25, 2023
5a65aed
Shallow copy query validation
geido Jan 25, 2023
a635478
Merge branch 'master' of https://github.com/apache/superset into fix/…
geido Jan 27, 2023
0cd6854
Merge branch 'master' of https://github.com/apache/superset into fix/…
geido Jan 30, 2023
5900096
Sort
geido Jan 30, 2023
a9203ab
Merge branch 'master' of https://github.com/apache/superset into fix/…
geido Jan 30, 2023
94f1ce1
Add tests
geido Feb 1, 2023
94218b3
Merge branch 'master' of https://github.com/apache/superset into fix/…
geido Feb 16, 2023
b4a2fce
Update tests
geido Feb 16, 2023
0ec1c5b
Update templated param
geido Feb 16, 2023
298badc
Fix assertion
geido Feb 16, 2023
031e452
Move tests
geido Feb 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion superset/sqllab/commands/execute.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
# pylint: disable=too-few-public-methods, too-many-arguments
from __future__ import annotations

import copy
import logging
from typing import Any, Dict, Optional, TYPE_CHECKING

Expand Down Expand Up @@ -142,9 +143,12 @@ def _run_sql_json_exec_from_scratch(self) -> SqlJsonExecutionStatus:
self._save_new_query(query)
try:
logger.info("Triggering query_id: %i", query.id)
self._validate_access(query)

self._execution_context.set_query(query)
rendered_query = self._sql_query_render.render(self._execution_context)
validate_rendered_query = copy.copy(query)
validate_rendered_query.sql = rendered_query
self._validate_access(validate_rendered_query)
self._set_query_limit_if_required(rendered_query)
self._query_dao.update(
query, {"limit": self._execution_context.query.limit}
Expand Down