QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-04-19 08:04:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: User-provided Jinja template parameters causing SQL parsing errors (#34802)

Browse Source
This commit is contained in:
Michael S. Molina
2025-08-22 14:39:14 -03:00
committed by GitHub
parent 75af53dc3d
commit e1234b2264
10 changed files with 131 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
superset/db_engine_specs/postgres.py
View File

@@ -21,7 +21,7 @@ import logging
import re
from datetime import datetime
from re import Pattern
from typing import Any, TYPE_CHECKING
from typing import Any, Optional, TYPE_CHECKING
from flask_babel import gettext as __
from sqlalchemy.dialects.postgresql import DOUBLE_PRECISION, ENUM, JSON
@@ -35,7 +35,7 @@ from superset.db_engine_specs.base import BaseEngineSpec, BasicParametersMixin
from superset.errors import ErrorLevel, SupersetError, SupersetErrorType
from superset.exceptions import SupersetException, SupersetSecurityException
from superset.models.sql_lab import Query
from superset.sql.parse import SQLScript
from superset.sql.parse import process_jinja_sql
from superset.utils import core as utils, json
from superset.utils.core import GenericDataType, QuerySource
@@ -281,6 +281,7 @@ class PostgresEngineSpec(BasicParametersMixin, PostgresBaseEngineSpec):
cls,
database: Database,
query: Query,
template_params: Optional[dict[str, Any]] = None,
) -> str | None:
"""
Return the default schema for a given query.
@@ -288,7 +289,7 @@ class PostgresEngineSpec(BasicParametersMixin, PostgresBaseEngineSpec):
This method simply uses the parent method after checking that there are no
malicious path setting in the query.
"""
script = SQLScript(query.sql, engine=cls.engine)
script = process_jinja_sql(query.sql, database, template_params).script
settings = script.get_settings()
if "search_path" in settings:
raise SupersetSecurityException(
@@ -301,7 +302,7 @@ class PostgresEngineSpec(BasicParametersMixin, PostgresBaseEngineSpec):
)
)
return super().get_default_schema_for_query(database, query)
return super().get_default_schema_for_query(database, query, template_params)
@classmethod
def adjust_engine_params(