fix: add disallowed query params for engines specs (#23217)

Co-authored-by: Ville Brofeldt <33317356+villebro@users.noreply.github.com> (cherry picked from commit b479e93b49)
2026-05-12 19:35:17 +00:00 · 2023-02-28 12:00:22 +00:00
parent b14e53e492
commit 2f3758278f
4 changed files with 38 additions and 0 deletions
--- a/superset/db_engine_specs/base.py
+++ b/superset/db_engine_specs/base.py
@@ -354,6 +354,8 @@ class BaseEngineSpec:  # pylint: disable=too-many-public-methods
    # This set will give the keywords for data limit statements
    # to consider for the engines with TOP SQL parsing
    top_keywords: Set[str] = {"TOP"}
+    # A set of disallowed connection query parameters
+    disallow_uri_query_params: Set[str] = set()

    force_column_alias_quotes = False
    arraysize = 0
@@ -1724,6 +1726,19 @@ class BaseEngineSpec:  # pylint: disable=too-many-public-methods
            "disable_ssh_tunneling": cls.disable_ssh_tunneling,
        }

+    @classmethod
+    def validate_database_uri(cls, sqlalchemy_uri: URL) -> None:
+        """
+        Validates a database SQLAlchemy URI per engine spec.
+        Use this to implement a final validation for unwanted connection configuration
+
+        :param sqlalchemy_uri:
+        """
+        if existing_disallowed := cls.disallow_uri_query_params.intersection(
+            sqlalchemy_uri.query
+        ):
+            raise ValueError(f"Forbidden query parameter(s): {existing_disallowed}")
+

 # schema for adding a database by providing parameters instead of the
 # full SQLAlchemy URI