fix: prevent anonymous code in Postgres (#34412)

2026-06-08 17:19:20 +00:00 · 2025-07-31 08:33:34 -04:00
parent 762a11b0bb
commit 6fc734da51
2 changed files with 47 additions and 0 deletions
--- a/superset/sql/parse.py
+++ b/superset/sql/parse.py
@@ -654,6 +654,16 @@ class SQLStatement(BaseSQLStatement[exp.Expression]):
        if isinstance(self._parsed, exp.Command) and self._parsed.name == "ALTER":
            return True  # pragma: no cover

+        if (
+            self._dialect == Dialects.POSTGRES
+            and isinstance(self._parsed, exp.Command)
+            and self._parsed.name == "DO"
+        ):
+            # anonymous blocks can be written in many different languages (the default
+            # is PL/pgSQL), so parsing them it out of scope of this class; we just
+            # assume the anonymous block is mutating
+            return True
+
        # Postgres runs DMLs prefixed by `EXPLAIN ANALYZE`, see
        # https://www.postgresql.org/docs/current/sql-explain.html
        if (