From 14735d81c05a97b8c9b3941ea1290a2a040e7fbe Mon Sep 17 00:00:00 2001 From: Beto Dealmeida Date: Thu, 11 May 2023 11:52:09 -0700 Subject: [PATCH 1/2] chore: remove duplicates of validate_adhoc_subquery --- superset/connectors/sqla/models.py | 2 +- superset/connectors/sqla/utils.py | 35 ------------------------------ superset/models/helpers.py | 33 ---------------------------- 3 files changed, 1 insertion(+), 69 deletions(-) diff --git a/superset/connectors/sqla/models.py b/superset/connectors/sqla/models.py index 1a5dd0037e058..22d546424e8c5 100644 --- a/superset/connectors/sqla/models.py +++ b/superset/connectors/sqla/models.py @@ -88,7 +88,6 @@ get_columns_description, get_physical_table_metadata, get_virtual_table_metadata, - validate_adhoc_subquery, ) from superset.datasets.models import Dataset as NewDataset from superset.db_engine_specs.base import BaseEngineSpec, TimestampExpression @@ -113,6 +112,7 @@ ExploreMixin, QueryResult, QueryStringExtended, + validate_adhoc_subquery, ) from superset.sql_parse import ParsedQuery, sanitize_clause from superset.superset_typing import AdhocColumn, AdhocMetric, Metric, QueryObjectDict diff --git a/superset/connectors/sqla/utils.py b/superset/connectors/sqla/utils.py index 4cf20e5511ad3..e75e727ae2aad 100644 --- a/superset/connectors/sqla/utils.py +++ b/superset/connectors/sqla/utils.py @@ -166,41 +166,6 @@ def get_columns_description( raise SupersetGenericDBErrorException(message=str(ex)) from ex -def validate_adhoc_subquery( - sql: str, - database_id: int, - default_schema: str, -) -> str: - """ - Check if adhoc SQL contains sub-queries or nested sub-queries with table. - - If sub-queries are allowed, the adhoc SQL is modified to insert any applicable RLS - predicates to it. - - :param sql: adhoc sql expression - :raise SupersetSecurityException if sql contains sub-queries or - nested sub-queries with table - """ - # pylint: disable=import-outside-toplevel - from superset import is_feature_enabled - - statements = [] - for statement in sqlparse.parse(sql): - if has_table_query(statement): - if not is_feature_enabled("ALLOW_ADHOC_SUBQUERY"): - raise SupersetSecurityException( - SupersetError( - error_type=SupersetErrorType.ADHOC_SUBQUERY_NOT_ALLOWED_ERROR, - message=_("Custom SQL fields cannot contain sub-queries."), - level=ErrorLevel.ERROR, - ) - ) - statement = insert_rls(statement, database_id, default_schema) - statements.append(statement) - - return ";\n".join(str(statement) for statement in statements) - - @lru_cache(maxsize=LRU_CACHE_MAX_SIZE) def get_dialect_name(drivername: str) -> str: return SqlaURL.create(drivername).get_dialect().name diff --git a/superset/models/helpers.py b/superset/models/helpers.py index ec2a0a41d9553..532b97bea60a5 100644 --- a/superset/models/helpers.py +++ b/superset/models/helpers.py @@ -903,39 +903,6 @@ def _apply_cte(sql: str, cte: Optional[str]) -> str: sql = f"{cte}\n{sql}" return sql - @staticmethod - def validate_adhoc_subquery( - sql: str, - database_id: int, - default_schema: str, - ) -> str: - """ - Check if adhoc SQL contains sub-queries or nested sub-queries with table. - - If sub-queries are allowed, the adhoc SQL is modified to insert any applicable RLS - predicates to it. - - :param sql: adhoc sql expression - :raise SupersetSecurityException if sql contains sub-queries or - nested sub-queries with table - """ - - statements = [] - for statement in sqlparse.parse(sql): - if has_table_query(statement): - if not is_feature_enabled("ALLOW_ADHOC_SUBQUERY"): - raise SupersetSecurityException( - SupersetError( - error_type=SupersetErrorType.ADHOC_SUBQUERY_NOT_ALLOWED_ERROR, - message=_("Custom SQL fields cannot contain sub-queries."), - level=ErrorLevel.ERROR, - ) - ) - statement = insert_rls(statement, database_id, default_schema) - statements.append(statement) - - return ";\n".join(str(statement) for statement in statements) - def get_query_str_extended( self, query_obj: QueryObjectDict, mutate: bool = True ) -> QueryStringExtended: From 58dee780c4feea0d52df7472dc3903daab3deb19 Mon Sep 17 00:00:00 2001 From: Beto Dealmeida Date: Thu, 11 May 2023 15:42:54 -0700 Subject: [PATCH 2/2] Fix lint --- superset/connectors/sqla/utils.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/superset/connectors/sqla/utils.py b/superset/connectors/sqla/utils.py index e75e727ae2aad..698311dab65ef 100644 --- a/superset/connectors/sqla/utils.py +++ b/superset/connectors/sqla/utils.py @@ -32,7 +32,6 @@ ) from uuid import UUID -import sqlparse from flask_babel import lazy_gettext as _ from sqlalchemy.engine.url import URL as SqlaURL from sqlalchemy.exc import NoSuchTableError @@ -49,7 +48,7 @@ ) from superset.models.core import Database from superset.result_set import SupersetResultSet -from superset.sql_parse import has_table_query, insert_rls, ParsedQuery +from superset.sql_parse import ParsedQuery from superset.superset_typing import ResultSetColumnType if TYPE_CHECKING: