QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-05-29 20:29:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: escape SQL identifiers in db engine spec prequeries and metadata queries (#39840)

Browse Source 
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Shaitan
2026-05-15 14:48:38 +01:00
committed by GitHub
parent a06e6ea19b
commit 2e7a2b1f2d
12 changed files with 152 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
tests/unit_tests/db_engine_specs/test_starrocks.py
View File

@@ -169,6 +169,11 @@ def test_impersonation_username(mocker: MockerFixture) -> None:
'EXECUTE AS "alice" WITH NO REVERT;'
]
database.get_effective_user.return_value = 'evil" WITH NO REVERT; DROP TABLE x--'
assert StarRocksEngineSpec.get_prequeries(database) == [
'EXECUTE AS "evil"" WITH NO REVERT; DROP TABLE x--" WITH NO REVERT;'
]
def test_impersonation_disabled(mocker: MockerFixture) -> None:
"""