You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by el...@apache.org on 2023/07/20 23:47:28 UTC
[superset] branch 2.1 updated (9a647de1a7 -> d6b14cbdc2)
This is an automated email from the ASF dual-hosted git repository.
elizabeth pushed a change to branch 2.1
in repository https://gitbox.apache.org/repos/asf/superset.git
omit 9a647de1a7 fix: import database engine validation (#24697)
omit b73751b01a update changelog
new 81eabcd35b fix: import database engine validation (#24697)
new d6b14cbdc2 update changelog
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (9a647de1a7)
\
N -- N -- N refs/heads/2.1 (d6b14cbdc2)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
CHANGELOG.md | 1 +
1 file changed, 1 insertion(+)
[superset] 02/02: update changelog
Posted by el...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
elizabeth pushed a commit to branch 2.1
in repository https://gitbox.apache.org/repos/asf/superset.git
commit d6b14cbdc271b7b466cba486eda577ffed7bfe0a
Author: Elizabeth Thompson <es...@gmail.com>
AuthorDate: Fri Jul 7 17:06:51 2023 -0700
update changelog
---
CHANGELOG.md | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6f67b4d5cf..66dd99f8b8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,7 +19,7 @@ under the License.
## Change Log
-- [2.1.1](#211-sun-apr-23-154421-2023--0100)
+- [2.1.1](#211-sun-apr-23-154421-2023-0100)
- [2.1.0](#210-thu-mar-16-211305-2023--0700)
- [2.0.1](#201-fri-nov-4-103402-2022--0400)
- [2.0.0](#200-tue-jun-28-085302-2022--0400)
@@ -38,10 +38,16 @@ under the License.
- [23888](https://github.com/apache/superset/pull/23888) chore(key-value): use json serialization for main resources (@villebro)
**Fixes**
+- [#24697](https://github.com/apache/superset/pull/24697) fix: import database engine validation (@dpgaspar)
+- [#23723](https://github.com/apache/superset/pull/23723) fix: add enforce URI query params with a specific for MySQL (@dpgaspar)
+- [#24390](https://github.com/apache/superset/pull/24390) fix: FAB CSS on Superset (@dpgaspar)
+- [#24249](https://github.com/apache/superset/pull/24249) fix: dashboard ownership check (@betodealmeida)
+- [#23801](https://github.com/apache/superset/pull/23801) fix(plugin-chart-handlebars): Fix TypeError when using handlebars columns raw mode (@fmannhardt)
+- [#23566](https://github.com/apache/superset/pull/23566) fix: Filter values are not updating when dependencies are set (@michael-s-molina)
+- [#23400](https://github.com/apache/superset/pull/23400) fix: Select all issue with "Dynamically search all filter values" in FilterBar (@geido)
- [#23865](https://github.com/apache/superset/pull/23865) fix: Native time range filter in legacy charts (@kgabryje)
- [#24054](https://github.com/apache/superset/pull/24054) fix: handle temporal columns in presto partitions (@giftig)
- [#23882](https://github.com/apache/superset/pull/23882) fix: handle comments in `has_table_query` (@betodealmeida)
-- [#24256](https://github.com/apache/superset/pull/24256) fix: enable strong session protection by default (@dpgaspar)
- [#24137](https://github.com/apache/superset/pull/24137) fix: disable SHOW_STACKTRACE by default (@dpgaspar)
- [#24185](https://github.com/apache/superset/pull/24185) fix: db validate parameters permission (@dpgaspar)
- [#23769](https://github.com/apache/superset/pull/23769) fix: allow db driver distinction on enforced URI params (@dpgaspar)
@@ -58,7 +64,7 @@ under the License.
- [#22851](https://github.com/apache/superset/pull/22851) fix: Validate jinja rendered query (@geido)
**Others**
-- [#23723](https://github.com/apache/superset/pull/23723) chore: add enforce URI query params with a specific for MySQL (@dpgaspar)
+- [#23113](https://github.com/apache/superset/pull/23113) chore(sqla): Address performance tradeoff with eager loading (@john-bodley)
- [#24294](https://github.com/apache/superset/pull/24294) chore: update UPDATING for 2.1.0 (@eschutho)
- [#24056](https://github.com/apache/superset/pull/24056) chore: Remove unnecessary information from response (@geido)
[superset] 01/02: fix: import database engine validation (#24697)
Posted by el...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
elizabeth pushed a commit to branch 2.1
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 81eabcd35ba4d6003f44b60c186c48447477b75c
Author: Daniel Vaz Gaspar <da...@gmail.com>
AuthorDate: Thu Jul 20 13:08:07 2023 +0100
fix: import database engine validation (#24697)
---
superset/databases/commands/importers/v1/utils.py | 12 ++++++++--
.../integration_tests/databases/commands_tests.py | 4 ++--
tests/integration_tests/fixtures/importexport.py | 24 +++++++++++++++----
.../databases/commands/importers/v1/import_test.py | 28 +++++++++++++++++++++-
4 files changed, 59 insertions(+), 9 deletions(-)
diff --git a/superset/databases/commands/importers/v1/utils.py b/superset/databases/commands/importers/v1/utils.py
index 5f7af41e6e..9cffc3d591 100644
--- a/superset/databases/commands/importers/v1/utils.py
+++ b/superset/databases/commands/importers/v1/utils.py
@@ -20,9 +20,12 @@ from typing import Any, Dict
from sqlalchemy.orm import Session
-from superset import security_manager
+from superset import app, security_manager
from superset.commands.exceptions import ImportFailedError
+from superset.databases.utils import make_url_safe
+from superset.exceptions import SupersetSecurityException
from superset.models.core import Database
+from superset.security.analytics_db_safety import check_sqlalchemy_uri
def import_database(
@@ -44,7 +47,12 @@ def import_database(
raise ImportFailedError(
"Database doesn't exist and user doesn't have permission to create databases"
)
-
+ # Check if this URI is allowed
+ if app.config["PREVENT_UNSAFE_DB_CONNECTIONS"]:
+ try:
+ check_sqlalchemy_uri(make_url_safe(config["sqlalchemy_uri"]))
+ except SupersetSecurityException as exc:
+ raise ImportFailedError(exc.message) from exc
# https://github.com/apache/superset/pull/16756 renamed ``csv`` to ``file``.
config["allow_file_upload"] = config.pop("allow_csv_upload")
if "schemas_allowed_for_csv_upload" in config["extra"]:
diff --git a/tests/integration_tests/databases/commands_tests.py b/tests/integration_tests/databases/commands_tests.py
index 22b5be492d..4c62c08124 100644
--- a/tests/integration_tests/databases/commands_tests.py
+++ b/tests/integration_tests/databases/commands_tests.py
@@ -414,7 +414,7 @@ class TestImportDatabasesCommand(SupersetTestCase):
assert database.database_name == "imported_database"
assert database.expose_in_sqllab
assert database.extra == "{}"
- assert database.sqlalchemy_uri == "sqlite:///test.db"
+ assert database.sqlalchemy_uri == "someengine://user:pass@host1"
db.session.delete(database)
db.session.commit()
@@ -453,7 +453,7 @@ class TestImportDatabasesCommand(SupersetTestCase):
assert database.database_name == "imported_database"
assert database.expose_in_sqllab
assert database.extra == '{"schemas_allowed_for_file_upload": ["upload"]}'
- assert database.sqlalchemy_uri == "sqlite:///test.db"
+ assert database.sqlalchemy_uri == "someengine://user:pass@host1"
db.session.delete(database)
db.session.commit()
diff --git a/tests/integration_tests/fixtures/importexport.py b/tests/integration_tests/fixtures/importexport.py
index 0f695f044e..ab9bee4776 100644
--- a/tests/integration_tests/fixtures/importexport.py
+++ b/tests/integration_tests/fixtures/importexport.py
@@ -346,7 +346,7 @@ saved_queries_metadata_config: Dict[str, Any] = {
"type": "SavedQuery",
"timestamp": "2021-03-30T20:37:54.791187+00:00",
}
-database_config: Dict[str, Any] = {
+database_config_sqlite: dict[str, Any] = {
"allow_csv_upload": True,
"allow_ctas": True,
"allow_cvas": True,
@@ -360,7 +360,8 @@ database_config: Dict[str, Any] = {
"uuid": "b8a1ccd3-779d-4ab7-8ad8-9ab119d7fe89",
"version": "1.0.0",
}
-database_with_ssh_tunnel_config_private_key: Dict[str, Any] = {
+
+database_config: dict[str, Any] = {
"allow_csv_upload": True,
"allow_ctas": True,
"allow_cvas": True,
@@ -370,7 +371,22 @@ database_with_ssh_tunnel_config_private_key: Dict[str, Any] = {
"database_name": "imported_database",
"expose_in_sqllab": True,
"extra": {},
- "sqlalchemy_uri": "sqlite:///test.db",
+ "sqlalchemy_uri": "someengine://user:pass@host1",
+ "uuid": "b8a1ccd3-779d-4ab7-8ad8-9ab119d7fe89",
+ "version": "1.0.0",
+}
+
+database_with_ssh_tunnel_config_private_key: dict[str, Any] = {
+ "allow_csv_upload": True,
+ "allow_ctas": True,
+ "allow_cvas": True,
+ "allow_dml": True,
+ "allow_run_async": False,
+ "cache_timeout": None,
+ "database_name": "imported_database",
+ "expose_in_sqllab": True,
+ "extra": {},
+ "sqlalchemy_uri": "someengine://user:pass@host1",
"uuid": "b8a1ccd3-779d-4ab7-8ad8-9ab119d7fe89",
"ssh_tunnel": {
"server_address": "localhost",
@@ -392,7 +408,7 @@ database_with_ssh_tunnel_config_password: Dict[str, Any] = {
"database_name": "imported_database",
"expose_in_sqllab": True,
"extra": {},
- "sqlalchemy_uri": "sqlite:///test.db",
+ "sqlalchemy_uri": "someengine://user:pass@host1",
"uuid": "b8a1ccd3-779d-4ab7-8ad8-9ab119d7fe89",
"ssh_tunnel": {
"server_address": "localhost",
diff --git a/tests/unit_tests/databases/commands/importers/v1/import_test.py b/tests/unit_tests/databases/commands/importers/v1/import_test.py
index f9d2695f26..b8bd24d94d 100644
--- a/tests/unit_tests/databases/commands/importers/v1/import_test.py
+++ b/tests/unit_tests/databases/commands/importers/v1/import_test.py
@@ -42,7 +42,7 @@ def test_import_database(mocker: MockFixture, session: Session) -> None:
config = copy.deepcopy(database_config)
database = import_database(session, config)
assert database.database_name == "imported_database"
- assert database.sqlalchemy_uri == "sqlite:///test.db"
+ assert database.sqlalchemy_uri == "someengine://user:pass@host1"
assert database.cache_timeout is None
assert database.expose_in_sqllab is True
assert database.allow_run_async is False
@@ -65,6 +65,32 @@ def test_import_database(mocker: MockFixture, session: Session) -> None:
assert database.allow_dml is False
+def test_import_database_sqlite_invalid(mocker: MockFixture, session: Session) -> None:
+ """
+ Test importing a database.
+ """
+ from superset import app, security_manager
+ from superset.databases.commands.importers.v1.utils import import_database
+ from superset.models.core import Database
+ from tests.integration_tests.fixtures.importexport import database_config_sqlite
+
+ app.config["PREVENT_UNSAFE_DB_CONNECTIONS"] = True
+ mocker.patch.object(security_manager, "can_access", return_value=True)
+
+ engine = session.get_bind()
+ Database.metadata.create_all(engine) # pylint: disable=no-member
+
+ config = copy.deepcopy(database_config_sqlite)
+ with pytest.raises(ImportFailedError) as excinfo:
+ _ = import_database(session, config)
+ assert (
+ str(excinfo.value)
+ == "SQLiteDialect_pysqlite cannot be used as a data source for security reasons."
+ )
+ # restore app config
+ app.config["PREVENT_UNSAFE_DB_CONNECTIONS"] = True
+
+
def test_import_database_managed_externally(
mocker: MockFixture,
session: Session,