QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-05-28 03:05:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: escape SQL identifiers in db engine spec prequeries and metadata queries (#39840)

Browse Source 
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Shaitan
2026-05-15 14:48:38 +01:00
committed by GitHub
parent a06e6ea19b
commit 2e7a2b1f2d
12 changed files with 152 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
superset/db_engine_specs/postgres.py
View File

@@ -694,7 +694,10 @@ class PostgresEngineSpec(BasicParametersMixin, PostgresBaseEngineSpec):
be anything, and we would have to block users from running any queries
referencing tables without an explicit schema.
"""
return [f'set search_path = "{schema}"'] if schema else []
if not schema:
return []
escaped = schema.replace('"', '""')
return [f'set search_path = "{escaped}"']
@classmethod
def get_allow_cost_estimate(cls, extra: dict[str, Any]) -> bool: