codeant-ai-for-open-source[bot] commented on PR #25176: URL: https://github.com/apache/superset/pull/25176#issuecomment-3673666094
## Nitpicks 🔍 <table> <tr><td>🔒 <strong>No security issues identified</strong></td></tr> <tr><td>⚡ <strong>Recommended areas for review</strong><br><br> - [ ] <a href='https://github.com/apache/superset/pull/25176/files#diff-c320155d4d1897c6db7537287db470fd88c9e9b3badaf7e62927a0d4dc9cb12bR55-R203'><strong>Sensitive token in URI</strong></a><br>The new SeqsLab connection examples embed an access token directly in the SQLAlchemy URI. URIs containing secrets can be logged, exposed in the UI, or leak via process arguments — this should be reviewed and the docs should advise secure alternatives (Secure Extra, env vars, or external password store).<br> - [ ] <a href='https://github.com/apache/superset/pull/25176/files#diff-c320155d4d1897c6db7537287db470fd88c9e9b3badaf7e62927a0d4dc9cb12bR194-R206'><strong>Missing read-only guidance</strong></a><br>The PR description mentions queries are restricted to read-only, but the newly added Atgenomix SeqsLab subsection does not state that DML is disallowed. Add an explicit note to avoid confusion and accidental attempts to run data-modifying statements.<br> </td></tr> </table> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
