Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Validate jinja rendered query #22851

Merged
merged 13 commits into from
Feb 21, 2023
6 changes: 5 additions & 1 deletion superset/sqllab/commands/execute.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
# pylint: disable=too-few-public-methods, too-many-arguments
from __future__ import annotations

import copy
import logging
from typing import Any, Dict, Optional, TYPE_CHECKING

Expand Down Expand Up @@ -142,9 +143,12 @@ def _run_sql_json_exec_from_scratch(self) -> SqlJsonExecutionStatus:
self._save_new_query(query)
try:
logger.info("Triggering query_id: %i", query.id)
self._validate_access(query)

self._execution_context.set_query(query)
rendered_query = self._sql_query_render.render(self._execution_context)
validate_rendered_query = copy.copy(query)
validate_rendered_query.sql = rendered_query
self._validate_access(validate_rendered_query)
self._set_query_limit_if_required(rendered_query)
self._query_dao.update(
query, {"limit": self._execution_context.query.limit}
Expand Down