Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: remove duplicates of validate_adhoc_subquery #24023

Merged
merged 2 commits into from
May 12, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion superset/connectors/sqla/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,6 @@
get_columns_description,
get_physical_table_metadata,
get_virtual_table_metadata,
validate_adhoc_subquery,
)
from superset.datasets.models import Dataset as NewDataset
from superset.db_engine_specs.base import BaseEngineSpec, TimestampExpression
Expand All @@ -113,6 +112,7 @@
ExploreMixin,
QueryResult,
QueryStringExtended,
validate_adhoc_subquery,
)
from superset.sql_parse import ParsedQuery, sanitize_clause
from superset.superset_typing import AdhocColumn, AdhocMetric, Metric, QueryObjectDict
Expand Down
38 changes: 1 addition & 37 deletions superset/connectors/sqla/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@
)
from uuid import UUID

import sqlparse
from flask_babel import lazy_gettext as _
from sqlalchemy.engine.url import URL as SqlaURL
from sqlalchemy.exc import NoSuchTableError
Expand All @@ -49,7 +48,7 @@
)
from superset.models.core import Database
from superset.result_set import SupersetResultSet
from superset.sql_parse import has_table_query, insert_rls, ParsedQuery
from superset.sql_parse import ParsedQuery
from superset.superset_typing import ResultSetColumnType

if TYPE_CHECKING:
Expand Down Expand Up @@ -166,41 +165,6 @@ def get_columns_description(
raise SupersetGenericDBErrorException(message=str(ex)) from ex


def validate_adhoc_subquery(
sql: str,
database_id: int,
default_schema: str,
) -> str:
"""
Check if adhoc SQL contains sub-queries or nested sub-queries with table.

If sub-queries are allowed, the adhoc SQL is modified to insert any applicable RLS
predicates to it.

:param sql: adhoc sql expression
:raise SupersetSecurityException if sql contains sub-queries or
nested sub-queries with table
"""
# pylint: disable=import-outside-toplevel
from superset import is_feature_enabled

statements = []
for statement in sqlparse.parse(sql):
if has_table_query(statement):
if not is_feature_enabled("ALLOW_ADHOC_SUBQUERY"):
raise SupersetSecurityException(
SupersetError(
error_type=SupersetErrorType.ADHOC_SUBQUERY_NOT_ALLOWED_ERROR,
message=_("Custom SQL fields cannot contain sub-queries."),
level=ErrorLevel.ERROR,
)
)
statement = insert_rls(statement, database_id, default_schema)
statements.append(statement)

return ";\n".join(str(statement) for statement in statements)


@lru_cache(maxsize=LRU_CACHE_MAX_SIZE)
def get_dialect_name(drivername: str) -> str:
return SqlaURL.create(drivername).get_dialect().name
Expand Down
33 changes: 0 additions & 33 deletions superset/models/helpers.py
Original file line number Diff line number Diff line change
Expand Up @@ -903,39 +903,6 @@ def _apply_cte(sql: str, cte: Optional[str]) -> str:
sql = f"{cte}\n{sql}"
return sql

@staticmethod
def validate_adhoc_subquery(
sql: str,
database_id: int,
default_schema: str,
) -> str:
"""
Check if adhoc SQL contains sub-queries or nested sub-queries with table.

If sub-queries are allowed, the adhoc SQL is modified to insert any applicable RLS
predicates to it.

:param sql: adhoc sql expression
:raise SupersetSecurityException if sql contains sub-queries or
nested sub-queries with table
"""

statements = []
for statement in sqlparse.parse(sql):
if has_table_query(statement):
if not is_feature_enabled("ALLOW_ADHOC_SUBQUERY"):
raise SupersetSecurityException(
SupersetError(
error_type=SupersetErrorType.ADHOC_SUBQUERY_NOT_ALLOWED_ERROR,
message=_("Custom SQL fields cannot contain sub-queries."),
level=ErrorLevel.ERROR,
)
)
statement = insert_rls(statement, database_id, default_schema)
statements.append(statement)

return ";\n".join(str(statement) for statement in statements)

def get_query_str_extended(
self, query_obj: QueryObjectDict, mutate: bool = True
) -> QueryStringExtended:
Expand Down