QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-04-21 00:54:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add customizable brand spinners with theme integration (#34764)

Browse Source 
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Evan Rusackas <evan@preset.io>
This commit is contained in:
Maxime Beauchemin
2025-09-03 08:28:59 -07:00
committed by GitHub
parent b7a193d53e
commit b0d3f0f0d4
31 changed files with 987 additions and 167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
superset/utils/core.py
View File

@@ -530,6 +530,80 @@ def markdown(raw: str, markup_wrap: bool | None = False) -> str:
return safe
def sanitize_svg_content(svg_content: str) -> str:
"""Basic SVG protection - remove obvious XSS vectors, trust admin input otherwise.
Minimal protection approach that removes scripts and javascript: URLs while
preserving all legitimate SVG features. Assumes admin-provided content.
Args:
svg_content: Raw SVG content string
Returns:
str: SVG content with obvious XSS vectors removed
"""
if not svg_content or not svg_content.strip():
return ""
# Minimal protection: remove obvious malicious content, preserve all SVG features
content = re.sub(
r"<script[^>]*>.*?</script>", "", svg_content, flags=re.IGNORECASE | re.DOTALL
)
content = re.sub(r"javascript:", "", content, flags=re.IGNORECASE)
content = re.sub(r"data:[^;]*;[^,]*,.*javascript", "", content, flags=re.IGNORECASE)
# Remove event handlers (simple catch-all approach)
content = re.sub(r"\bon\w+\s*=", "", content, flags=re.IGNORECASE)
# Remove other suspicious patterns
content = re.sub(
r"<iframe[^>]*>.*?</iframe>", "", content, flags=re.IGNORECASE | re.DOTALL
)
content = re.sub(
r"<object[^>]*>.*?</object>", "", content, flags=re.IGNORECASE | re.DOTALL
)
content = re.sub(r"<embed[^>]*>", "", content, flags=re.IGNORECASE)
return content
def sanitize_url(url: str) -> str:
"""Sanitize URL using urllib.parse to block dangerous schemes.
Simple validation using standard library. Allows relative URLs and
safe absolute URLs while blocking javascript: and other dangerous schemes.
Args:
url: Raw URL string
Returns:
str: Sanitized URL or empty string if dangerous
"""
if not url or not url.strip():
return ""
url = url.strip()
# Relative URLs are safe
if url.startswith("/"):
return url
try:
from urllib.parse import urlparse
parsed = urlparse(url)
# Allow safe schemes only
if parsed.scheme.lower() in {"http", "https", ""}:
return url
# Block everything else (javascript:, data:, etc.)
return ""
except Exception:
return ""
def readfile(file_path: str) -> str | None:
with open(file_path) as f:
content = f.read()

115
superset/utils/version.py Normal file
View File

@@ -0,0 +1,115 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
"""
Centralized version metadata utilities for Apache Superset.
"""
import os
import subprocess
from typing import Any
from flask import current_app as app
def get_version_metadata() -> dict[str, Any]:
"""
Get version metadata with backward compatibility.
Returns all the fields that existing code expects.
"""
# Start with app config for backward compatibility
metadata = {
"version_string": app.config.get("VERSION_STRING", "unknown"),
"version_sha": app.config.get("VERSION_SHA", ""),
"build_number": app.config.get("BUILD_NUMBER"),
}
# Get Git info from GitHub Actions or local git
if github_sha := os.environ.get("GITHUB_SHA"):
metadata["full_sha"] = github_sha
if not metadata["version_sha"]:
metadata["version_sha"] = github_sha[:8]
# Get branch name
branch_name = (
os.environ.get("GITHUB_HEAD_REF")
or os.environ.get("GITHUB_REF_NAME")
or _get_local_branch()
)
if branch_name:
metadata["branch_name"] = branch_name
return metadata
def get_dev_env_label() -> str:
"""
Generate development environment label with branch/SHA info.
No Flask app dependency - safe to call during config loading.
Returns:
Simple string like "branch@sha" or just "@sha" or ""
"""
# Get branch and SHA from environment or git
branch = (
os.environ.get("GITHUB_HEAD_REF")
or os.environ.get("GITHUB_REF_NAME")
or _get_local_branch()
)
sha = os.environ.get("GITHUB_SHA") or _get_local_sha()
if sha:
sha = sha[:8] # Short SHA
# Build label
if branch and sha:
return f"{branch}@{sha}"
elif sha:
return f"@{sha}"
elif branch:
return branch
else:
return ""
def _get_local_branch() -> str | None:
"""Get branch from local git as fallback."""
try:
output = subprocess.check_output( # noqa: S603
["git", "rev-parse", "--abbrev-ref", "HEAD"], # noqa: S607
stderr=subprocess.DEVNULL,
timeout=5,
)
branch = output.decode().strip()
return None if branch == "HEAD" else branch
except Exception: # pylint: disable=broad-except
return None
def _get_local_sha() -> str | None:
"""Get SHA from local git as fallback."""
try:
output = subprocess.check_output( # noqa: S603
["git", "rev-parse", "HEAD"], # noqa: S607
stderr=subprocess.DEVNULL,
timeout=5,
)
return output.decode().strip()
except Exception: # pylint: disable=broad-except
return None