QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-04-20 16:44:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: dataset safe URL for explore_url (#24686)

Browse Source
This commit is contained in:
Daniel Vaz Gaspar
2023-08-23 13:31:44 +01:00
committed by GitHub
parent c92a975e4b
commit a9efd4b2e3
12 changed files with 85 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
tests/unit_tests/utils/urls_tests.py
View File

@@ -39,27 +39,3 @@ def test_convert_dashboard_link() -> None:
def test_convert_dashboard_link_with_integer() -> None:
test_url = modify_url_query(EXPLORE_DASHBOARD_LINK, standalone=0)
assert test_url == "http://localhost:9000/superset/dashboard/3/?standalone=0"
@pytest.mark.parametrize(
"url,is_safe",
[
("http://localhost/", True),
("http://localhost/superset/1", True),
("https://localhost/", False),
("https://localhost/superset/1", False),
("localhost/superset/1", False),
("ftp://localhost/superset/1", False),
("http://external.com", False),
("https://external.com", False),
("external.com", False),
("///localhost", False),
("xpto://localhost:[3/1/", False),
],
)
def test_is_safe_url(url: str, is_safe: bool) -> None:
from superset import app
from superset.utils.urls import is_safe_url
with app.test_request_context("/"):
assert is_safe_url(url) == is_safe