You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by be...@apache.org on 2023/08/10 01:04:40 UTC
[superset] branch fix_dos updated (db56f2a6d9 -> ad89b839f5)
This is an automated email from the ASF dual-hosted git repository.
beto pushed a change to branch fix_dos
in repository https://gitbox.apache.org/repos/asf/superset.git
omit db56f2a6d9 Address comments
omit 27c2f3d837 chore: rate limit requests
add 1b5a6790f0 chore: Remove obsolete legacy visualizations (#24694)
add aa01b51177 chore: Bump pyyaml bounds (#24731)
add 068864b9ea build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 in /superset-embedded-sdk (#24734)
add 2785b8f11e build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 in /superset-frontend (#24735)
add b7dcc9f7e3 build(deps): bump word-wrap from 1.2.3 to 1.2.4 in /superset-frontend/cypress-base (#24733)
add 11bb8c35b0 chore: update deprecated arguments in schema (#24715)
add 2b0ffb01b6 feat: use Scarf Gateway for Superset helm charts/Docker compose downloads (#24432)
add 4c5ada421c fix(druid): Delete obsolete Druid NoSQL slice parameters (#24737)
add 837e3c55ca build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 in /superset-websocket (#24732)
add 5f49e0fdd0 fix(cache): Add cache warmup for non-legacy charts (#24671)
add 2d58dddbdc fix(range-slider): removed localization of metric key (#24716)
add 5878c117f2 feat: use Scarf Gateway for Superset npm downloads (#24433)
add 1a9724582f chore: turn off talisman for ephemeral environments in ci (#24627)
add cb9b865a53 fix: import database engine validation (#24697)
add d1d5ff6f9f chore: make antd table font size same as data table (#24741)
add 4086514fa5 fix(native filter): clean deleted parent filter ids (#24749)
add 317aa989c2 fix: Dashboard time grain in Table (#24746)
add 05e724f3d7 chore(native filters): Expandable filter config modal (#24559)
add 91e6f5cb9f chore(deps): bump pandas >=2.0 (#24705)
add df106aa708 fix(pvt2): migrations from legacy pivot table error when form_data have pieces of pvt2 (#24710)
add b2831b419e fix(datasets): Replace left panel layout by TableSelector (#24599)
add 7675e0db10 fix: `search_path` in RDS (#24739)
add 9b6ed315f8 docs(docker-compose): note the risk of running a Docker Postgres volume in production (#24461)
add 22a0fe555c chore: make control panel sub sections look better (#24736)
add 341b8d41c5 fix: column/metric type icons look too small (#24740)
add ac19f58cf6 fix: Tooltip no longer highlights hovered data series (#24756)
add a80ec15f4c fix(docs): respect no_proxy environment variable (#23816)
add d642288092 docs: Fix STANDARD_ROLES.md for Gamma role permissions on tableschemaview (#24766)
add e210da963d chore(docs): Adding link to additional visualization content (#24759)
add abb8e28e49 feat: migrate charts on import (#24703)
add f856ba246e fix: update svgr webpack config to use svg dimensions (#24747)
add e06004292a feat: add pandas performance dependencies (#24768)
add 0631a8086c chore(view_api): return application/json as content-type for api/v1/form_data endpoint (#24758)
add b8a3eeffdb docs: update AWS Athena and Redshift docs (#24751)
add 6089b5fdae fix: Select onChange is being fired without explicit selection (#24698)
add c43674e8f3 build(deps-dev): bump @types/node from 20.4.2 to 20.4.4 in /superset-websocket (#24779)
add c17accc0b4 chore: bump postgresql in docker-compose and github workflows (#24147)
add fc89718d48 chore: Update pylint to 2.17.4 (#24700)
add 4a81284056 fix(sqllab): Replace margin style by gap on query results (#24772)
add 761fec2574 fix(chore): switching between languages should be without timeout 60 seconds (#24798)
add ff7c1528db fix(dashboard): increase json_metadata field (#24510)
add a9c4472d25 fix: Department names fixed for CountryMap of France (#23988)
add 165afee55a docs: update security policy and add CVE info (#24769)
add af4a35741c docs(K8s): Add instructions for loading the examples (#19959)
add d1eb9ea982 fix: docs invalid client redirect (#24816)
add 83ad291053 build(deps-dev): bump @types/node from 20.4.4 to 20.4.5 in /superset-websocket (#24809)
add 77505173ae fix(sqllab): Replace autocomplete logic by a hook (#24677)
add 4b1f1d49d6 fix: Filters alert width (#24801)
add e5d626c304 feat: add empty state for Tags (#24702)
add ba508a786c fix: pass schema on dataset creation (#24815)
add d26ea980ac feat: Add line width unit control in deckgl Polygon and Path (#24755)
add 3b46511439 feat(Tags): Allow users to favorite Tags on CRUD Listview page (#24701)
add 7e26dc8c5b docs: fixing stack overflow link (#24820)
add a1396d00aa docs: Adding a couple links to contributing page (#24817)
add 7cd317fe2e chore: remove get_columns_description duplication (#24819)
add a50c43e0fa fix: Alembic migration head (#24832)
add 5bb8e0da89 fix: Removes unnecessary query on filters (#24814)
add e2d5046bb7 docs(Kubernetes): Fix typos, clarify language re: Scarf (#24834)
add 64ced60f62 fix(datasets): give possibility to add dataset with slashes in name (#24796)
add caffe3cb1f fix(migration): Ensure cascadeParentIds key exists (#24831)
add 77889b29fb fix: Allow chart import to update the dataset an existing chart points to (#24821)
add 5f103072b0 fix: Python3.11 (str, Enum) issue (#24803)
add 14a27b1ba3 chore(api): clean up API spec (#24838)
add 7f9b0380e0 fix(embedded): adding logic to check dataset used by filters (#24808)
add ea17dd637c fix: Links in tooltips of dashboard chart cards (#24846)
add 1c5971d3af fix(legacy-chart): corrupted raw chart data (#24850)
add 44e4fb1090 build(deps-dev): bump eslint from 8.45.0 to 8.46.0 in /superset-websocket (#24842)
add 434db0d686 fix: Ignores ResizeObserver errors in development mode (#24868)
add 1a9c559a8f fix(sqllab): Add docText for long keyword (#24847)
add f7e76d02b7 feat: Add currencies controls in control panels (#24718)
add bf1b1a4c46 fix: Explore misleading save action (#24862)
add b71541fb7f fix: validation errors appearing after ssh tunnel switch (#24849)
add cfadbeb353 chore: Bump cryptography (#24657)
add f05638ba84 fix(annotation): Address regression from #24694 (#24874)
add 371bffbfea fix(explore): invalid "No Filter" applied (#24876)
add aee2695413 fix: Ignores hot update files when generating the manifest (#24871)
add 6ff7fae0b0 fix(dataset): resizable dataset layout left column (#24829)
add 031e660506 feat(chart): Added Central Asia countries to countries map (#24870)
add 7edcbc974c docs(native-filters): Remove outdated statement (#24873)
add 868f55372f build(deps-dev): bump eslint-config-prettier from 8.8.0 to 8.10.0 in /superset-websocket (#24879)
add 554ef07eed build(deps-dev): bump @types/node from 20.4.5 to 20.4.6 in /superset-websocket (#24880)
add d23b20ea75 chore: add talisman env var to config (#24774)
add 8d1fd269e0 build(deps-dev): bump @types/node from 20.4.6 to 20.4.7 in /superset-websocket (#24888)
add 9f7f2c60d6 fix: revert "fix(embedded): adding logic to check dataset used by filters (#24808) (#24892)
add 7397ab36f2 fix: Dashboard aware RBAC dataset permission (#24789)
add 07992c11e7 fix: Migration to fix out of sync schema_perm in charts and datasets (#24884)
add f7e3b8b9f4 build(deps-dev): bump @types/node from 20.4.7 to 20.4.8 in /superset-websocket (#24901)
add 569d07db23 build(deps-dev): bump eslint-config-prettier from 8.10.0 to 9.0.0 in /superset-websocket (#24900)
add 3b81538e02 build(deps-dev): bump prettier from 2.8.8 to 3.0.1 in /superset-websocket (#24878)
add 85a7d5cb3e feat: improve SQLite DB engine spec (#24909)
add eb7c14561e fix(logs): increase json field for logs table (#24911)
add 340bfd88ae fix(explore): double resize triggered (#24886)
add 81bf2f01e2 docs: fix tip box in "Installing From Scratch" page (#24915)
add ec9e9a46f2 fix: Tooltip of area chart shows undefined total (#24916)
add 5522facdc6 chore: Refactor dashboard security access (#24804)
add cdf5652e5f build(deps-dev): bump @types/node from 20.4.8 to 20.4.9 in /superset-websocket (#24924)
add 34586648a5 chore: Refine native dashboard cleanup logic (#24864)
add f6c3f0cbbb fix: Dashboard aware RBAC "Save as" menu item (#24806)
add 9c54280d85 feat: add MotherDuck DB engine spec (#24934)
new 51e7e1bdc9 chore: rate limit requests
new 546230402a Address comments
new ad89b839f5 Add some comments and change values
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (db56f2a6d9)
\
N -- N -- N refs/heads/fix_dos (ad89b839f5)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.github/SECURITY.md | 38 +++
.github/workflows/ecs-task-definition.json | 8 +-
.github/workflows/superset-applitool-cypress.yml | 2 +-
.github/workflows/superset-cli.yml | 2 +-
.github/workflows/superset-e2e.yml | 2 +-
.../workflows/superset-python-integrationtest.yml | 2 +-
.github/workflows/superset-python-presto-hive.yml | 4 +-
.pylintrc | 58 +---
CONTRIBUTING.md | 12 +
RESOURCES/STANDARD_ROLES.md | 6 +-
UPDATING.md | 3 +-
.../.nojekyll => _update-notifier-last-checked | 0
docker-compose-non-dev.yml | 4 +-
docker-compose.yml | 4 +-
docs/.gitignore | 2 +
docs/docs/contributing/contributing-page.mdx | 6 +-
docs/docs/contributing/creating-viz-plugins.mdx | 2 +
docs/docs/databases/athena.mdx | 9 +-
docs/docs/databases/clickhouse.mdx | 4 +-
docs/docs/databases/redshift.mdx | 45 ++-
docs/docs/frequently-asked-questions.mdx | 6 +
docs/docs/installation/configuring-superset.mdx | 8 +-
.../installing-superset-from-scratch.mdx | 4 +-
.../installing-superset-using-docker-compose.mdx | 30 +-
docs/docs/installation/running-on-kubernetes.mdx | 15 +-
.../docs/miscellaneous/native-filter-migration.mdx | 9 -
docs/docs/security/_category_.json | 4 +
docs/docs/security/cves.mdx | 27 ++
docs/docs/{ => security}/security.mdx | 4 +-
docs/docusaurus.config.js | 2 +-
docs/src/pages/community.tsx | 2 +-
helm/superset/Chart.yaml | 2 +-
helm/superset/README.md | 4 +-
helm/superset/values.yaml | 2 +-
requirements/base.txt | 23 +-
requirements/development.in | 2 +-
requirements/development.txt | 16 +-
requirements/docker.txt | 4 -
requirements/integration.txt | 13 +-
requirements/testing.txt | 6 +-
setup.py | 7 +-
superset-embedded-sdk/package-lock.json | 12 +-
superset-frontend/cypress-base/package-lock.json | 12 +-
superset-frontend/package-lock.json | 29 +-
superset-frontend/package.json | 4 +
.../components/ColumnTypeLabel/ColumnTypeLabel.tsx | 2 +
.../src/components/ControlForm/controls.tsx | 92 ------
.../src/components/ControlSubSectionHeader.tsx | 25 +-
.../superset-ui-chart-controls/src/index.ts | 1 +
.../src/sections/advancedAnalytics.tsx | 8 +-
.../src/sections/chartTitle.tsx | 10 +-
.../ColumnConfigControl/ColumnConfigPopover.tsx | 73 -----
.../src/shared-controls/components/index.tsx | 3 -
.../src/shared-controls/sharedControls.tsx | 7 +
.../superset-ui-chart-controls/src/types.ts | 64 ++++-
.../src/currency-format/CurrencyFormatter.ts | 2 +-
.../superset-ui-core/src/currency-format/utils.ts | 42 ++-
.../src/query/types/AnnotationLayer.ts | 3 +-
.../test/currency-format/utils.test.ts | 70 ++++-
.../test/query/types/AnnotationLayer.test.ts | 1 -
.../scripts/Country Map GeoJSON Generator.ipynb | 5 +
.../src/countries.ts | 10 +
.../src/countries/france.geojson | 4 +-
.../src/countries/kazakhstan.geojson | 22 ++
.../src/countries/kyrgyzstan.geojson | 14 +
.../src/countries/tajikistan.geojson | 11 +
.../src/countries/turkmenistan.geojson | 11 +
.../src/countries/uzbekistan.geojson | 20 ++
.../src/controlPanel.tsx | 1 +
.../src/transformProps.js | 2 +
.../src/controlPanel.tsx | 15 +-
.../legacy-plugin-chart-rose/src/controlPanel.tsx | 15 +-
.../src/controlPanel.ts | 5 +
.../src/transformProps.js | 5 +-
.../src/layers/Geojson/controlPanel.ts | 2 +-
.../src/layers/Path/Path.jsx | 1 +
.../src/layers/Path/controlPanel.ts | 21 +-
.../src/layers/Polygon/Polygon.jsx | 1 +
.../src/layers/Polygon/controlPanel.ts | 34 ++-
.../src/utilities/Shared_DeckGL.jsx | 2 +-
.../legacy-preset-chart-nvd3/src/NVD3Controls.tsx | 15 +-
.../legacy-preset-chart-nvd3/src/transformProps.js | 1 +
.../plugins/legacy-preset-chart-nvd3/src/utils.js | 9 +-
.../src/BigNumber/BigNumberTotal/controlPanel.ts | 1 +
.../src/BigNumber/BigNumberTotal/transformProps.ts | 2 +
.../BigNumberWithTrendline/controlPanel.tsx | 10 +-
.../BigNumberWithTrendline/transformProps.ts | 2 +
.../src/Funnel/controlPanel.tsx | 4 +-
.../src/Funnel/transformProps.ts | 2 +
.../src/Gauge/controlPanel.tsx | 10 +-
.../src/Gauge/transformProps.ts | 2 +
.../src/Graph/controlPanel.tsx | 3 +-
.../src/MixedTimeseries/EchartsMixedTimeseries.tsx | 7 +
.../src/MixedTimeseries/controlPanel.tsx | 17 +-
.../src/MixedTimeseries/transformProps.ts | 41 ++-
.../src/MixedTimeseries/types.ts | 1 +
.../plugin-chart-echarts/src/Pie/controlPanel.tsx | 6 +-
.../plugin-chart-echarts/src/Pie/transformProps.ts | 2 +
.../src/Radar/controlPanel.tsx | 5 +-
.../src/Sunburst/controlPanel.tsx | 4 +-
.../src/Sunburst/transformProps.ts | 3 +
.../src/Timeseries/Area/controlPanel.tsx | 6 +-
.../src/Timeseries/EchartsTimeseries.tsx | 7 +
.../src/Timeseries/Regular/Bar/controlPanel.tsx | 10 +-
.../src/Timeseries/Regular/Line/controlPanel.tsx | 6 +-
.../Timeseries/Regular/Scatter/controlPanel.tsx | 6 +-
.../Timeseries/Regular/SmoothLine/controlPanel.tsx | 6 +-
.../src/Timeseries/Step/controlPanel.tsx | 6 +-
.../src/Timeseries/transformProps.ts | 25 +-
.../plugin-chart-echarts/src/Timeseries/types.ts | 1 +
.../plugin-chart-echarts/src/Tree/controlPanel.tsx | 3 +-
.../src/Treemap/controlPanel.tsx | 4 +-
.../src/Treemap/transformProps.ts | 2 +
.../plugins/plugin-chart-echarts/src/controls.tsx | 7 +-
.../src/utils/getYAxisFormatter.ts | 5 +-
.../test/utils/annotation.test.ts | 1 -
.../plugins/plugin-chart-handlebars/src/types.ts | 2 -
.../src/PivotTableChart.tsx | 15 +-
.../src/plugin/controlPanel.tsx | 1 +
.../src/plugin/transformProps.ts | 2 +
.../plugins/plugin-chart-pivot-table/src/types.ts | 1 +
.../test/plugin/buildQuery.test.ts | 1 +
.../test/plugin/transformProps.test.ts | 2 +
.../plugins/plugin-chart-table/src/buildQuery.ts | 13 +-
.../plugin-chart-table/src/controlPanel.tsx | 2 +
.../plugin-chart-table/src/transformProps.ts | 10 +-
.../plugins/plugin-chart-table/src/types.ts | 20 +-
.../plugin-chart-table/test/buildQuery.test.ts | 42 ++-
superset-frontend/spec/helpers/testing-library.tsx | 2 +-
superset-frontend/src/GlobalStyles.tsx | 24 ++
superset-frontend/src/SqlLab/App.jsx | 6 +-
.../SqlLab/components/AceEditorWrapper/index.tsx | 174 ++----------
.../AceEditorWrapper/useKeywords.test.ts | 315 +++++++++++++++++++++
.../components/AceEditorWrapper/useKeywords.ts | 217 ++++++++++++++
.../src/SqlLab/components/ResultSet/index.tsx | 11 +-
.../SaveDatasetModal/SaveDatasetModal.test.tsx | 42 ++-
.../SqlLab/components/SaveDatasetModal/index.tsx | 1 +
.../src/SqlLab/components/SouthPane/index.tsx | 2 -
.../SqlLab/components/SqlEditor/SqlEditor.test.jsx | 3 +
superset-frontend/src/SqlLab/fixtures.ts | 1 +
.../src/components/AsyncAceEditor/index.tsx | 57 ++--
.../src/components/Datasource/DatasourceEditor.jsx | 54 +---
.../Datasource/DatasourceEditor.test.jsx | 8 +-
.../src/components/ErrorMessage/types.ts | 1 +
.../src/components/FilterableTable/index.tsx | 1 -
.../src/components/ListView/ListView.test.jsx | 2 +-
.../src/components/Select/AsyncSelect.test.tsx | 23 +-
.../src/components/Select/AsyncSelect.tsx | 76 ++++-
.../src/components/Select/Select.stories.tsx | 2 +
.../src/components/Select/Select.test.tsx | 19 ++
superset-frontend/src/components/Select/Select.tsx | 202 +++++++++----
superset-frontend/src/components/Select/types.ts | 1 +
superset-frontend/src/components/Select/utils.tsx | 4 +-
.../src/components/Table/VirtualTable.tsx | 5 +-
superset-frontend/src/components/Table/index.tsx | 4 +
.../src/components/TableSelector/index.tsx | 8 +-
superset-frontend/src/components/Tooltip/index.tsx | 3 +
.../components/WarningIconWithTooltip/index.tsx | 4 +-
superset-frontend/src/dashboard/actions/hydrate.js | 7 +-
.../components/AddSliceCard/AddSliceCard.test.tsx | 21 +-
.../components/AddSliceCard/AddSliceCard.tsx | 26 +-
.../HeaderActionsDropdown.test.tsx | 4 +-
.../src/dashboard/components/SaveModal.tsx | 2 +-
.../dashboard/components/gridComponents/Chart.jsx | 14 +-
.../nativeFilters/FilterCard/FilterCard.test.tsx | 7 -
.../FiltersConfigModal/FilterTitleContainer.tsx | 8 +-
.../FiltersConfigModal/FiltersConfigModal.test.tsx | 83 +++++-
.../FiltersConfigModal/FiltersConfigModal.tsx | 121 ++++++--
.../Footer/CancelConfirmationAlert.tsx | 1 +
.../src/dashboard/util/permissionUtils.test.ts | 91 +++++-
.../src/dashboard/util/permissionUtils.ts | 12 +
.../src/explore/actions/saveModalActions.js | 9 +-
.../src/explore/components/ControlHeader.tsx | 2 +-
.../src/explore/components/SaveModal.test.jsx | 55 ++--
.../src/explore/components/SaveModal.tsx | 205 +++++++-------
.../ColumnConfigControl/ColumnConfigControl.tsx | 14 +-
.../ColumnConfigControl/ColumnConfigItem.tsx | 8 +-
.../ColumnConfigControl/ColumnConfigPopover.tsx | 95 +++++++
.../ControlForm/ControlFormItem.tsx | 28 +-
.../ColumnConfigControl/ControlForm/controls.ts} | 28 +-
.../ColumnConfigControl}/ControlForm/index.tsx | 2 +-
.../controls}/ColumnConfigControl/constants.tsx | 68 +++--
.../controls}/ColumnConfigControl/index.tsx | 0
.../controls}/ColumnConfigControl/types.ts | 24 +-
.../controls/CurrencyControl/CurrencyControl.tsx | 129 +++++++++
.../components/controls/CurrencyControl/index.ts | 3 +
.../src/explore/components/controls/index.js | 4 +
.../src/explore/controlPanels/sections.tsx | 19 +-
.../src/explore/reducers/saveModalReducer.js | 3 -
.../src/features/alerts/AlertReportModal.test.jsx | 2 +-
.../DatabaseConnectionForm/CommonParameters.tsx | 3 +
.../DatabaseModal/DatabaseConnectionForm/index.tsx | 4 +
.../databases/DatabaseModal/SqlAlchemyForm.tsx | 25 +-
.../src/features/databases/DatabaseModal/index.tsx | 13 +-
superset-frontend/src/features/databases/types.ts | 1 +
.../AddDataset/LeftPanel/LeftPanel.test.tsx | 286 +++++++++++--------
.../datasets/AddDataset/LeftPanel/index.tsx | 259 +++--------------
.../datasets/DatasetLayout/DatasetLayout.test.tsx | 2 +-
.../src/features/datasets/DatasetLayout/index.tsx | 20 +-
.../src/features/datasets/hooks/useDatasetLists.ts | 7 +-
superset-frontend/src/features/datasets/styles.ts | 21 +-
.../src/filters/components/Range/buildQuery.ts | 5 +-
.../components/Select/SelectFilterPlugin.test.tsx | 47 ++-
.../components/Select/SelectFilterPlugin.tsx | 17 +-
.../src/hooks/apiResources/schemas.ts | 9 +-
superset-frontend/src/hooks/apiResources/tables.ts | 1 +
superset-frontend/src/pages/Tags/index.tsx | 45 ++-
superset-frontend/src/views/CRUD/hooks.ts | 7 +-
superset-frontend/src/views/types.ts | 1 +
superset-frontend/webpack.config.js | 17 +-
superset-websocket/package-lock.json | 172 +++++------
superset-websocket/package.json | 9 +-
.../client-ws-app/public/stylesheets/style.css | 6 +-
superset/advanced_data_type/api.py | 13 +-
superset/annotation_layers/annotations/api.py | 30 +-
superset/annotation_layers/annotations/schemas.py | 13 +-
superset/annotation_layers/api.py | 20 +-
superset/annotation_layers/schemas.py | 12 +-
superset/async_events/api.py | 3 +-
superset/available_domains/api.py | 5 +-
superset/cachekeys/api.py | 10 +-
superset/charts/api.py | 59 ++--
superset/charts/commands/delete.py | 2 +-
superset/charts/commands/export.py | 2 +-
superset/charts/commands/importers/v1/utils.py | 55 +++-
superset/charts/commands/warm_up_cache.py | 73 +++--
superset/charts/data/api.py | 18 +-
superset/charts/filters.py | 3 +-
superset/charts/post_processing.py | 4 +-
superset/charts/schemas.py | 14 +-
superset/cli/importexport.py | 4 -
superset/cli/main.py | 9 +-
superset/cli/native_filters.py | 39 +--
superset/cli/update.py | 2 +-
superset/commands/exceptions.py | 2 +-
superset/commands/importers/v1/examples.py | 6 +-
superset/common/chart_data.py | 6 +-
superset/common/db_query_status.py | 4 +-
superset/common/query_context_factory.py | 1 -
superset/common/query_context_processor.py | 71 +++--
superset/common/query_object_factory.py | 2 +-
superset/config.py | 22 +-
superset/connectors/base/models.py | 6 +-
superset/connectors/sqla/models.py | 8 +-
superset/connectors/sqla/utils.py | 19 +-
superset/connectors/sqla/views.py | 6 +-
superset/constants.py | 8 +-
superset/css_templates/api.py | 5 +-
superset/css_templates/schemas.py | 12 +-
superset/daos/base.py | 2 +-
superset/daos/dashboard.py | 20 +-
superset/daos/database.py | 8 +-
superset/daos/dataset.py | 2 +-
superset/daos/tag.py | 108 ++++++-
superset/dashboards/api.py | 96 +++----
superset/dashboards/commands/delete.py | 2 +-
superset/dashboards/filter_sets/api.py | 28 +-
superset/dashboards/filter_sets/commands/delete.py | 3 +-
superset/dashboards/filter_sets/schemas.py | 3 +-
superset/dashboards/filter_state/api.py | 20 +-
superset/dashboards/permalink/api.py | 10 +-
superset/dashboards/schemas.py | 20 +-
superset/databases/api.py | 109 ++++---
superset/databases/commands/create.py | 1 +
superset/databases/commands/delete.py | 2 +-
superset/databases/commands/importers/v1/utils.py | 12 +-
superset/databases/commands/validate_sql.py | 6 +-
superset/databases/schemas.py | 42 ++-
superset/databases/ssh_tunnel/commands/create.py | 1 +
superset/datasets/api.py | 58 ++--
superset/datasets/columns/api.py | 5 +-
superset/datasets/commands/importers/v0.py | 8 +-
superset/datasets/commands/importers/v1/utils.py | 4 +-
superset/datasets/metrics/api.py | 5 +-
superset/datasets/schemas.py | 19 +-
superset/datasource/api.py | 2 +-
superset/db_engine_specs/base.py | 60 +++-
superset/db_engine_specs/databricks.py | 4 +-
superset/db_engine_specs/duckdb.py | 7 +
superset/db_engine_specs/gsheets.py | 7 +-
superset/db_engine_specs/hive.py | 17 +-
superset/db_engine_specs/ocient.py | 2 +-
superset/db_engine_specs/postgres.py | 90 ++++--
superset/db_engine_specs/presto.py | 20 +-
superset/db_engine_specs/shillelagh.py | 18 ++
superset/db_engine_specs/sqlite.py | 175 +++++++++++-
superset/db_engine_specs/starrocks.py | 6 +-
superset/embedded/api.py | 6 +-
superset/errors.py | 9 +-
superset/examples/birth_names.py | 10 +
superset/examples/deck.py | 2 +
superset/exceptions.py | 4 +
superset/explore/api.py | 12 +-
superset/explore/form_data/api.py | 20 +-
superset/explore/permalink/api.py | 10 +-
superset/extensions/__init__.py | 12 +-
superset/extensions/ssh.py | 2 +-
superset/importexport/api.py | 9 +-
superset/initialization/__init__.py | 2 +-
superset/key_value/types.py | 6 +-
superset/legacy.py | 6 +-
superset/migrations/shared/migrate_viz/base.py | 6 +
.../migrations/shared/migrate_viz/processors.py | 12 +
...06-27_08-43_27ae655e4247_make_creator_owners.py | 2 +-
...1c4c6_migrate_num_period_compare_and_period_.py | 4 +-
...2023-06-28_19-49_bf646a0c1501_json_metadata.py} | 41 ++-
...0-34_e0f6f91c2055_create_user_favorite_table.py | 53 ++++
...delete_obsolete_druid_nosql_slice_parameters.py | 103 +++++++
...6f8b1280_cleanup_erroneous_parent_filter_ids.py | 81 ++++++
...9_17-54_ee179a490af9_deckgl_path_width_units.py | 70 +++++
...23_0769ef90fddd_fix_schema_perm_for_datasets.py | 108 +++++++
.../2023-08-08_14-14_2e826adca42c_log_json.py} | 41 ++-
superset/models/core.py | 91 +++---
superset/models/dashboard.py | 11 +-
superset/models/helpers.py | 24 +-
superset/models/sql_lab.py | 5 +-
superset/models/sql_types/presto_sql_types.py | 4 +-
superset/queries/api.py | 4 +-
superset/queries/saved_queries/api.py | 13 +-
superset/queries/saved_queries/schemas.py | 16 +-
superset/queries/schemas.py | 6 +-
superset/reports/api.py | 20 +-
superset/reports/commands/alert.py | 7 +-
superset/reports/commands/execute.py | 4 +-
superset/reports/logs/api.py | 10 +-
superset/reports/logs/schemas.py | 5 +-
superset/reports/models.py | 17 +-
superset/reports/notifications/__init__.py | 4 +-
superset/reports/notifications/slack.py | 11 +-
superset/reports/schemas.py | 18 +-
superset/row_level_security/api.py | 19 +-
superset/row_level_security/schemas.py | 78 +++--
superset/security/api.py | 14 +-
superset/security/manager.py | 177 +++++-------
superset/sql_lab.py | 8 +-
superset/sql_parse.py | 10 +-
superset/sql_validators/presto_db.py | 4 +-
superset/sqllab/api.py | 20 +-
superset/sqllab/limiting_factor.py | 4 +-
superset/sqllab/query_render.py | 2 +-
superset/sqllab/sql_json_executer.py | 5 +-
superset/sqllab/sqllab_execution_context.py | 2 +-
superset/tables/models.py | 4 +-
superset/tags/api.py | 171 ++++++++++-
superset/tags/models.py | 18 +-
superset/tags/schemas.py | 13 +-
superset/tasks/async_queries.py | 15 +-
superset/tasks/cache.py | 2 +-
superset/tasks/scheduler.py | 7 +-
superset/tasks/types.py | 5 +-
superset/utils/async_query_manager.py | 2 +-
.../limiting_factor.py => utils/backports.py} | 15 +-
superset/utils/core.py | 44 +--
superset/utils/csv.py | 5 +-
.../utils/dashboard_filter_scopes_converter.py | 17 +-
superset/utils/encrypt.py | 12 +-
superset/utils/machine_auth.py | 2 +-
superset/utils/mock_data.py | 2 +-
superset/utils/profiler.py | 4 +-
superset/utils/public_interfaces.py | 2 +-
superset/utils/webdriver.py | 8 +-
superset/views/api.py | 12 +-
superset/views/base.py | 15 +-
superset/views/base_api.py | 6 +-
superset/views/base_schemas.py | 2 +-
superset/views/core.py | 98 +++----
superset/views/dashboard/mixin.py | 2 +-
superset/views/dashboard/views.py | 4 +-
superset/views/database/mixins.py | 14 +-
superset/views/database/views.py | 5 +-
superset/views/datasource/schemas.py | 4 +-
superset/views/dynamic_plugins.py | 1 -
superset/views/key_value.py | 4 +-
superset/views/log/api.py | 6 +-
superset/views/log/schemas.py | 12 +
superset/views/sql_lab/views.py | 32 +--
superset/views/tags.py | 2 +-
superset/views/users/api.py | 12 +-
superset/views/utils.py | 1 -
superset/viz.py | 238 +---------------
tests/integration_tests/cache_tests.py | 4 +-
tests/integration_tests/charts/api_tests.py | 119 +++++++-
tests/integration_tests/charts/commands_tests.py | 50 +---
tests/integration_tests/core_tests.py | 103 ++++---
.../dashboards/security/security_rbac_tests.py | 93 +++++-
tests/integration_tests/databases/api_tests.py | 151 +++++++++-
.../integration_tests/databases/commands_tests.py | 8 +-
tests/integration_tests/fixtures/importexport.py | 21 +-
tests/integration_tests/fixtures/pyodbcRow.py | 2 +-
...ef90fddd_fix_schema_perm_for_datasets__tests.py | 56 ++++
.../security/guest_token_security_tests.py | 52 +---
tests/integration_tests/security_tests.py | 49 +++-
tests/integration_tests/tags/api_tests.py | 85 ++++++
tests/integration_tests/utils_tests.py | 2 +-
tests/integration_tests/viz_tests.py | 309 +-------------------
.../charts/commands/importers/v1/utils_test.py | 165 +++++++++++
tests/unit_tests/dao/tag_test.py | 146 ++++++++++
.../databases/commands/importers/v1/import_test.py | 28 +-
tests/unit_tests/db_engine_specs/test_postgres.py | 48 +++-
tests/unit_tests/db_engine_specs/test_sqlite.py | 88 ++++--
tests/unit_tests/models/core_test.py | 18 ++
.../pandas_postprocessing/test_rolling.py | 28 +-
tests/unit_tests/utils/test_core.py | 39 +++
tests/unit_tests/utils/test_decorators.py | 4 +-
404 files changed, 6609 insertions(+), 3452 deletions(-)
create mode 100644 .github/SECURITY.md
copy docs/static/.nojekyll => _update-notifier-last-checked (100%)
create mode 100644 docs/docs/security/_category_.json
create mode 100644 docs/docs/security/cves.mdx
rename docs/docs/{ => security}/security.mdx (99%)
delete mode 100644 superset-frontend/packages/superset-ui-chart-controls/src/components/ControlForm/controls.tsx
copy superset-websocket/utils/client-ws-app/public/stylesheets/style.css => superset-frontend/packages/superset-ui-chart-controls/src/components/ControlSubSectionHeader.tsx (72%)
delete mode 100644 superset-frontend/packages/superset-ui-chart-controls/src/shared-controls/components/ColumnConfigControl/ColumnConfigPopover.tsx
create mode 100644 superset-frontend/plugins/legacy-plugin-chart-country-map/src/countries/kazakhstan.geojson
create mode 100644 superset-frontend/plugins/legacy-plugin-chart-country-map/src/countries/kyrgyzstan.geojson
create mode 100644 superset-frontend/plugins/legacy-plugin-chart-country-map/src/countries/tajikistan.geojson
create mode 100644 superset-frontend/plugins/legacy-plugin-chart-country-map/src/countries/turkmenistan.geojson
create mode 100644 superset-frontend/plugins/legacy-plugin-chart-country-map/src/countries/uzbekistan.geojson
create mode 100644 superset-frontend/src/SqlLab/components/AceEditorWrapper/useKeywords.test.ts
create mode 100644 superset-frontend/src/SqlLab/components/AceEditorWrapper/useKeywords.ts
rename superset-frontend/{packages/superset-ui-chart-controls/src/shared-controls/components => src/explore/components/controls}/ColumnConfigControl/ColumnConfigControl.tsx (94%)
rename superset-frontend/{packages/superset-ui-chart-controls/src/shared-controls/components => src/explore/components/controls}/ColumnConfigControl/ColumnConfigItem.tsx (91%)
create mode 100644 superset-frontend/src/explore/components/controls/ColumnConfigControl/ColumnConfigPopover.tsx
rename superset-frontend/{packages/superset-ui-chart-controls/src/components => src/explore/components/controls/ColumnConfigControl}/ControlForm/ControlFormItem.tsx (83%)
copy superset-frontend/{packages/superset-ui-chart-controls/src/shared-controls/components/index.tsx => src/explore/components/controls/ColumnConfigControl/ControlForm/controls.ts} (52%)
rename superset-frontend/{packages/superset-ui-chart-controls/src/components => src/explore/components/controls/ColumnConfigControl}/ControlForm/index.tsx (99%)
rename superset-frontend/{packages/superset-ui-chart-controls/src/shared-controls/components => src/explore/components/controls}/ColumnConfigControl/constants.tsx (79%)
rename superset-frontend/{packages/superset-ui-chart-controls/src/shared-controls/components => src/explore/components/controls}/ColumnConfigControl/index.tsx (100%)
rename superset-frontend/{packages/superset-ui-chart-controls/src/shared-controls/components => src/explore/components/controls}/ColumnConfigControl/types.ts (68%)
create mode 100644 superset-frontend/src/explore/components/controls/CurrencyControl/CurrencyControl.tsx
create mode 100644 superset-frontend/src/explore/components/controls/CurrencyControl/index.ts
copy superset/{legacy.py => migrations/versions/2023-06-28_19-49_bf646a0c1501_json_metadata.py} (50%)
create mode 100644 superset/migrations/versions/2023-07-12_20-34_e0f6f91c2055_create_user_favorite_table.py
create mode 100644 superset/migrations/versions/2023-07-18_15-30_863adcf72773_delete_obsolete_druid_nosql_slice_parameters.py
create mode 100644 superset/migrations/versions/2023-07-19_16-48_a23c6f8b1280_cleanup_erroneous_parent_filter_ids.py
create mode 100644 superset/migrations/versions/2023-07-19_17-54_ee179a490af9_deckgl_path_width_units.py
create mode 100644 superset/migrations/versions/2023-08-02_15-23_0769ef90fddd_fix_schema_perm_for_datasets.py
copy superset/{legacy.py => migrations/versions/2023-08-08_14-14_2e826adca42c_log_json.py} (50%)
copy superset/{sqllab/limiting_factor.py => utils/backports.py} (79%)
create mode 100644 tests/integration_tests/migrations/0769ef90fddd_fix_schema_perm_for_datasets__tests.py
create mode 100644 tests/unit_tests/charts/commands/importers/v1/utils_test.py
create mode 100644 tests/unit_tests/dao/tag_test.py
[superset] 01/03: chore: rate limit requests
Posted by be...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
beto pushed a commit to branch fix_dos
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 51e7e1bdc9fb058cca854b9774a9529ae7f350c8
Author: Beto Dealmeida <ro...@dealmeida.net>
AuthorDate: Thu Jun 1 15:57:36 2023 -0700
chore: rate limit requests
---
superset/config.py | 6 ++++++
superset/models/dashboard.py | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/superset/config.py b/superset/config.py
index 75fda6eb37..d430273008 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -266,6 +266,12 @@ PROXY_FIX_CONFIG = {"x_for": 1, "x_proto": 1, "x_host": 1, "x_port": 1, "x_prefi
# Configuration for scheduling queries from SQL Lab.
SCHEDULED_QUERIES: dict[str, Any] = {}
+# Rate limiting
+RATELIMIT_ENABLED = True
+AUTH_RATE_LIMITED = True
+AUTH_RATE_LIMIT = "2 per 5 second"
+RATELIMIT_APPLICATION = "50 per second"
+
# ------------------------------
# GLOBALS FOR APP Builder
# ------------------------------
diff --git a/superset/models/dashboard.py b/superset/models/dashboard.py
index 0fecf15a55..18aab8f9e6 100644
--- a/superset/models/dashboard.py
+++ b/superset/models/dashboard.py
@@ -377,7 +377,7 @@ class Dashboard(Model, AuditMixinNullable, ImportExportMixin):
) -> str:
copied_dashboards = []
datasource_ids = set()
- for dashboard_id in dashboard_ids:
+ for dashboard_id in set(dashboard_ids):
# make sure that dashboard_id is an integer
dashboard_id = int(dashboard_id)
dashboard = (
[superset] 03/03: Add some comments and change values
Posted by be...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
beto pushed a commit to branch fix_dos
in repository https://gitbox.apache.org/repos/asf/superset.git
commit ad89b839f5ebc638fe9a32e384b5ce5c40c8c100
Author: Beto Dealmeida <ro...@dealmeida.net>
AuthorDate: Wed Aug 9 18:02:26 2023 -0700
Add some comments and change values
---
superset/config.py | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/superset/config.py b/superset/config.py
index 18cbccfd05..0b70328e0b 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -266,11 +266,19 @@ PROXY_FIX_CONFIG = {"x_for": 1, "x_proto": 1, "x_host": 1, "x_port": 1, "x_prefi
# Configuration for scheduling queries from SQL Lab.
SCHEDULED_QUERIES: dict[str, Any] = {}
-# FAB Rate limiting
+# FAB Rate limiting: this is a security feature for preventing DDOS attacks. The
+# feature is on by default to make Superset secure by default, but you should
+# fine tune the limits to your needs. You can read more about the different
+# parameters here: https://flask-limiter.readthedocs.io/en/stable/configuration.html
RATELIMIT_ENABLED = True
-AUTH_RATE_LIMITED = True
-AUTH_RATE_LIMIT = "2 per 5 second"
RATELIMIT_APPLICATION = "50 per second"
+AUTH_RATE_LIMITED = True
+AUTH_RATE_LIMIT = "5 per second"
+# A storage location conforming to the scheme in storage-scheme. See the limits
+# library for allowed values: https://limits.readthedocs.io/en/stable/storage.html
+# RATELIMIT_STORAGE_URI = "redis://host:port"
+# A callable that returns the unique identity of the current request.
+# RATELIMIT_REQUEST_IDENTIFIER = flask.Request.endpoint
# ------------------------------
# GLOBALS FOR APP Builder
[superset] 02/03: Address comments
Posted by be...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
beto pushed a commit to branch fix_dos
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 546230402ae4a925dcf6014bade9a3a58645ff73
Author: Beto Dealmeida <ro...@dealmeida.net>
AuthorDate: Thu Jul 6 17:47:52 2023 -0700
Address comments
---
superset/config.py | 2 +-
superset/dashboards/api.py | 2 +-
superset/models/dashboard.py | 5 +++--
superset/utils/dashboard_import_export.py | 4 ++--
superset/views/dashboard/views.py | 2 +-
5 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/superset/config.py b/superset/config.py
index d430273008..18cbccfd05 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -266,7 +266,7 @@ PROXY_FIX_CONFIG = {"x_for": 1, "x_proto": 1, "x_host": 1, "x_port": 1, "x_prefi
# Configuration for scheduling queries from SQL Lab.
SCHEDULED_QUERIES: dict[str, Any] = {}
-# Rate limiting
+# FAB Rate limiting
RATELIMIT_ENABLED = True
AUTH_RATE_LIMITED = True
AUTH_RATE_LIMIT = "2 per 5 second"
diff --git a/superset/dashboards/api.py b/superset/dashboards/api.py
index 1602c8e2f9..b2aa43b0ee 100644
--- a/superset/dashboards/api.py
+++ b/superset/dashboards/api.py
@@ -817,7 +817,7 @@ class DashboardRestApi(BaseSupersetModelRestApi):
Dashboard.id.in_(requested_ids)
)
query = self._base_filters.apply_all(query)
- ids = [item.id for item in query.all()]
+ ids = {item.id for item in query.all()}
if not ids:
return self.response_404()
export = Dashboard.export_dashboards(ids)
diff --git a/superset/models/dashboard.py b/superset/models/dashboard.py
index 18aab8f9e6..54aee779d2 100644
--- a/superset/models/dashboard.py
+++ b/superset/models/dashboard.py
@@ -373,11 +373,12 @@ class Dashboard(Model, AuditMixinNullable, ImportExportMixin):
@classmethod
def export_dashboards( # pylint: disable=too-many-locals
- cls, dashboard_ids: list[int]
+ cls,
+ dashboard_ids: set[int],
) -> str:
copied_dashboards = []
datasource_ids = set()
- for dashboard_id in set(dashboard_ids):
+ for dashboard_id in dashboard_ids:
# make sure that dashboard_id is an integer
dashboard_id = int(dashboard_id)
dashboard = (
diff --git a/superset/utils/dashboard_import_export.py b/superset/utils/dashboard_import_export.py
index fc61d0a422..eef8cbe6df 100644
--- a/superset/utils/dashboard_import_export.py
+++ b/superset/utils/dashboard_import_export.py
@@ -27,8 +27,8 @@ def export_dashboards(session: Session) -> str:
"""Returns all dashboards metadata as a json dump"""
logger.info("Starting export")
dashboards = session.query(Dashboard)
- dashboard_ids = []
+ dashboard_ids = set()
for dashboard in dashboards:
- dashboard_ids.append(dashboard.id)
+ dashboard_ids.add(dashboard.id)
data = Dashboard.export_dashboards(dashboard_ids)
return data
diff --git a/superset/views/dashboard/views.py b/superset/views/dashboard/views.py
index a96d56fc14..ce5e8f1e07 100644
--- a/superset/views/dashboard/views.py
+++ b/superset/views/dashboard/views.py
@@ -78,7 +78,7 @@ class DashboardModelView(
@expose("/export_dashboards_form")
def download_dashboards(self) -> FlaskResponse:
if request.args.get("action") == "go":
- ids = request.args.getlist("id")
+ ids = set(request.args.getlist("id"))
return Response(
DashboardModel.export_dashboards(ids),
headers=generate_download_headers("json"),