sha174n commented on code in PR #38452:
URL: https://github.com/apache/superset/pull/38452#discussion_r2892633473
##########
superset/models/helpers.py:
##########
@@ -218,6 +219,32 @@ def validate_adhoc_subquery(
return parsed_statement.format()
+def validate_rls_clause(
+ sql: str,
+ engine: str,
+) -> None:
+ """
+ Ensure the RLS clause is a valid SQL fragment.
+ This is a lighter validation than validate_adhoc_subquery as it
+ is intended for administrator-defined security rules.
+
+ :param sql: RLS clause expression
+ :raise SupersetParseError if sql is syntactically invalid
+ """
+ from superset.sql.parse import SQLStatement
+
+ # We just need to ensure it parses correctly as a predicate/expression
+ parsed_statement = SQLStatement(sql, engine)
+ if parsed_statement.has_subquery():
+ raise SupersetSecurityException(
+ SupersetError(
+ error_type=SupersetErrorType.ADHOC_SUBQUERY_NOT_ALLOWED_ERROR,
+ message=_("Custom SQL fields cannot contain sub-queries."),
+ level=ErrorLevel.ERROR,
+ )
+ )
+
+
Review Comment:
@copilot Please check if this issue is fixed
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
