From ee8edcf4b4fbb0820bf7d47d2e4785c4eb7dcbef Mon Sep 17 00:00:00 2001 From: Beto Dealmeida Date: Tue, 29 Apr 2025 10:27:03 -0400 Subject: [PATCH] fix: mask password on DB import (#33267) --- .../commands/database/importers/v1/utils.py | 4 ++++ .../databases/commands_tests.py | 19 ++++++++++++++----- .../commands/importers/v1/import_test.py | 3 ++- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/superset/commands/database/importers/v1/utils.py b/superset/commands/database/importers/v1/utils.py index a36c4113895..e06e9a0be75 100644 --- a/superset/commands/database/importers/v1/utils.py +++ b/superset/commands/database/importers/v1/utils.py @@ -69,7 +69,11 @@ def import_database( # Before it gets removed in import_from_dict ssh_tunnel_config = config.pop("ssh_tunnel", None) + # set SQLAlchemy URI via `set_sqlalchemy_uri` so that the password gets masked + sqlalchemy_uri = config.pop("sqlalchemy_uri") database: Database = Database.import_from_dict(config, recursive=False) + database.set_sqlalchemy_uri(sqlalchemy_uri) + if database.id is None: db.session.flush() diff --git a/tests/integration_tests/databases/commands_tests.py b/tests/integration_tests/databases/commands_tests.py index 4efe2dcbdc9..2bc3c433e65 100644 --- a/tests/integration_tests/databases/commands_tests.py +++ b/tests/integration_tests/databases/commands_tests.py @@ -421,7 +421,8 @@ class TestImportDatabasesCommand(SupersetTestCase): assert database.database_name == "imported_database" assert database.expose_in_sqllab assert database.extra == "{}" - assert database.sqlalchemy_uri == "postgresql://user:pass@host1" + assert database.sqlalchemy_uri == "postgresql://user:XXXXXXXXXX@host1" + assert database.password == "pass" # noqa: S105 db.session.delete(database) db.session.commit() @@ -461,7 +462,8 @@ class TestImportDatabasesCommand(SupersetTestCase): assert database.database_name == "imported_database" assert database.expose_in_sqllab assert database.extra == '{"schemas_allowed_for_file_upload": ["upload"]}' - assert database.sqlalchemy_uri == "postgresql://user:pass@host1" + assert database.sqlalchemy_uri == "postgresql://user:XXXXXXXXXX@host1" + assert database.password == "pass" # noqa: S105 db.session.delete(database) db.session.commit() @@ -732,7 +734,8 @@ class TestImportDatabasesCommand(SupersetTestCase): assert database.database_name == "imported_database" assert database.expose_in_sqllab assert database.extra == "{}" - assert database.sqlalchemy_uri == "postgresql://user:pass@host1" + assert database.sqlalchemy_uri == "postgresql://user:XXXXXXXXXX@host1" + assert database.password == "pass" # noqa: S105 model_ssh_tunnel = ( db.session.query(SSHTunnel) @@ -779,7 +782,8 @@ class TestImportDatabasesCommand(SupersetTestCase): assert database.database_name == "imported_database" assert database.expose_in_sqllab assert database.extra == "{}" - assert database.sqlalchemy_uri == "postgresql://user:pass@host1" + assert database.sqlalchemy_uri == "postgresql://user:XXXXXXXXXX@host1" + assert database.password == "pass" # noqa: S105 model_ssh_tunnel = ( db.session.query(SSHTunnel) @@ -1008,7 +1012,12 @@ class TestTestConnectionDatabaseCommand(SupersetTestCase): @patch("superset.db_engine_specs.base.is_hostname_valid") @patch("superset.db_engine_specs.base.is_port_open") @patch("superset.commands.database.validate.DatabaseDAO") -def test_validate(DatabaseDAO, is_port_open, is_hostname_valid, app_context): # noqa: N803 +def test_validate( + mock_database_dao, # noqa: N803 + is_port_open, + is_hostname_valid, + app_context, +) -> None: """ Test parameter validation. """ diff --git a/tests/unit_tests/databases/commands/importers/v1/import_test.py b/tests/unit_tests/databases/commands/importers/v1/import_test.py index b255dae28b3..e052037d7fc 100644 --- a/tests/unit_tests/databases/commands/importers/v1/import_test.py +++ b/tests/unit_tests/databases/commands/importers/v1/import_test.py @@ -45,7 +45,8 @@ def test_import_database(mocker: MockerFixture, session: Session) -> None: config = copy.deepcopy(database_config) database = import_database(config) assert database.database_name == "imported_database" - assert database.sqlalchemy_uri == "postgresql://user:pass@host1" + assert database.sqlalchemy_uri == "postgresql://user:XXXXXXXXXX@host1" + assert database.password == "pass" # noqa: S105 assert database.cache_timeout is None assert database.expose_in_sqllab is True assert database.allow_run_async is False