-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Server-side parameter validation #3315
Merged
Merged
Changes from all commits
Commits
Show all changes
61 commits
Select commit
Hold shift + click to select a range
4a557c7
stop testing `collect_query_parameters`, it's an implementation detail
856e61c
add tests for `missing_query_params`
5bd751f
rename SQLQuery -> ParameterizedSqlQuery
f43c5f7
rename sql_query.py to parameterized_query.py
b608c5b
split to parameterized queries and parameterized SQL queries, where
ced3239
Merge branch 'tests-for-find-missing-params' into run-tree-validation…
8798475
Merge branch 'master' into run-tree-validations-only-on-sql-dialects
e49884d
move missing parameter detection to ParameterizedQuery
07df144
get rid of some old code
36b3045
fix tests
a72f781
Merge branch 'master' into run-tree-validations-only-on-sql-dialects
360f85c
set syntax to `custom`
5239eba
Merge branch 'master' into run-tree-validations-only-on-sql-dialects
a94f5d9
Merge branch 'run-tree-validations-only-on-sql-dialects' of github.co…
b0b7164
Merge branch 'master' into run-tree-validations-only-on-sql-dialects
23af64e
Merge branch 'master' into run-tree-validations-only-on-sql-dialects
a136cd0
Merge branch 'master' into run-tree-validations-only-on-sql-dialects
639c76f
revert the max-age-related refactoring
c18675a
Merge branch 'master' into run-tree-validations-only-on-sql-dialects
6abcedf
👋 tree validations 😢
5a12c23
BaseQueryRunner is no longer a factory for ParameterizedQuery, for now
bf41cc9
Merge branch 'master' into validate-parameters
71e249c
Merge branch 'master' into validate-parameters
8b7c9c4
add an endpoint for running a query by its id and (optional) parameters
866d4e2
Merge branch 'master' into textless-query-result-endpoint
27cd9af
Merge branch 'master' into textless-query-result-endpoint
d0d0fc4
Merge branch 'textless-query-result-endpoint' into validate-parameters
61ae426
adds parameter schema to ParameterizedQuery
6d74494
adds parameter schema validation (currently for strings)
07fb716
validate number parameters
80b06e9
validate date parameters
a685de9
validate parameters on POST /api/queries/<id>/results
f801b58
validate enum parameters
42e28e2
validate date range parameters
5829497
validate query-based dropdowns by preprocessing them at the handler
f9d1eb5
change _is_date_range to be a tad more succinct
4eb3935
a single assignment with a `map` is sufficiently explanatory
1e31775
Update redash/utils/parameterized_query.py
jezdez 6c0387b
Update redash/utils/parameterized_query.py
jezdez fb81066
Update redash/utils/parameterized_query.py
jezdez f3cb6eb
Update redash/utils/parameterized_query.py
jezdez c23add1
Update redash/handlers/query_results.py
jezdez 271cab6
Update redash/utils/parameterized_query.py
jezdez f7bfde9
build error message inside the error
3785f09
support all types of numbers as number parameters
8d8d1f8
check for permissions when populating query-based dropdowns
4625d31
Merge branch 'master' into textless-query-result-endpoint
3a8c18b
check for access to query before running it
ab60338
Merge branch 'master' into validate-parameters
d737c56
check for empty rows when populating query-based enums
944f6c1
don't bother loading query results if user doesn't have access
5e719d4
💥 on unexpected parameter types
855be00
parameter schema default is a list, not a dictionary
074c872
Merge branch 'textless-query-result-endpoint' into validate-parameters
7ba9f19
Merge branch 'master' into validate-parameters
2d841ea
Merge branch 'validate-parameters' of github.com:getredash/redash int…
37d0fe4
remove redundant null guards
e261149
Merge branch 'master' into validate-parameters
11fc681
Merge branch 'master' into validate-parameters
8509b6b
Merge branch 'master' into validate-parameters
87f1dc4
Merge branch 'master' into validate-parameters
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You removed the handling of the
None
case here, because I assume that the callers will always pass aparameter_schema
? If that's the case, then should probably remove the default value.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is actually intentional. Handling of
None
is done inParameterizedQuery
.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought that's the case, but didn't find it. Apparently I was looking in the wrong place. 🤦🏻♂️