QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-04-25 02:55:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(chart-data-api): ignore missing filters (#11112)

Browse Source
This commit is contained in:
Ville Brofeldt
2020-09-30 11:34:23 +03:00
committed by GitHub
parent fa5dab85c4
commit ada66e30dd
3 changed files with 16 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
tests/query_context_tests.py
View File

@@ -211,23 +211,6 @@ class TestQueryContext(SupersetTestCase):
query_payload = query_context.get_payload()
assert query_payload[0].get("error") is not None
def test_sql_injection_via_filters(self):
"""
Ensure that calling invalid columns names in filters are caught
"""
self.login(username="admin")
table_name = "birth_names"
table = self.get_table_by_name(table_name)
payload = get_query_context(table.name, table.id, table.type)
payload["queries"][0]["groupby"] = ["name"]
payload["queries"][0]["metrics"] = []
payload["queries"][0]["filters"] = [
{"col": "*", "op": FilterOperator.EQUALS.value, "val": ";"}
]
query_context = ChartDataQueryContextSchema().load(payload)
query_payload = query_context.get_payload()
assert query_payload[0].get("error") is not None
def test_sql_injection_via_metrics(self):
"""
Ensure that calling invalid columns names in filters are caught