fix(cache): ensure SQL is sanitized before cache key generation (#35419)

2026-04-26 11:34:27 +00:00 · 2025-10-02 13:25:54 -04:00
parent 6ad8d29fcd
commit 62dc5c0306
6 changed files with 158 additions and 9 deletions
--- a/superset/common/query_context_processor.py
+++ b/superset/common/query_context_processor.py
@@ -129,6 +129,11 @@ class QueryContextProcessor:
        self, query_obj: QueryObject, force_cached: bool | None = False
    ) -> dict[str, Any]:
        """Handles caching around the df payload retrieval"""
+        if query_obj:
+            # Always validate the query object before generating cache key
+            # This ensures sanitize_clause() is called and extras are normalized
+            query_obj.validate()
+
        cache_key = self.query_cache_key(query_obj)
        timeout = self.get_cache_timeout()
        force_query = self._query_context.force or timeout == CACHE_DISABLED_TIMEOUT
@@ -139,10 +144,6 @@ class QueryContextProcessor:
            force_cached=force_cached,
        )

-        if query_obj:
-            # Always validate the query object before processing
-            query_obj.validate()
-
        if query_obj and cache_key and not cache.is_loaded:
            try:
                if invalid_columns := [