codeant-ai-for-open-source[bot] commented on code in PR #38374:
URL: https://github.com/apache/superset/pull/38374#discussion_r2943607424
##########
superset-frontend/plugins/legacy-plugin-chart-map-box/src/transformProps.ts:
##########
@@ -116,5 +129,9 @@ export default function transformProps(chartProps:
ChartProps) {
pointRadiusUnit,
renderWhileDragging,
rgb,
+ viewportLongitude: toFiniteNumber(viewportLongitude),
+ viewportLatitude: toFiniteNumber(viewportLatitude),
+ viewportZoom: toFiniteNumber(viewportZoom),
Review Comment:
**Suggestion:** The new viewport parsing accepts any finite number, so
out-of-range values (especially latitude outside [-90, 90]) can be passed
through to the map component and cause runtime failures in the underlying map
library. Clamp viewport coordinates/zoom to valid map ranges before returning
props. [logic error]
<details>
<summary><b>Severity Level:</b> Major ⚠️</summary>
```mdx
- ⚠️ Viewport controls accept invalid coordinates without bounds.
- ⚠️ MapBox Explore render may break on bad viewport.
- ⚠️ User-entered typos can destabilize map interaction.
```
</details>
```suggestion
viewportLongitude:
toFiniteNumber(viewportLongitude) === undefined
? undefined
: Math.min(180, Math.max(-180, toFiniteNumber(viewportLongitude)!)),
viewportLatitude:
toFiniteNumber(viewportLatitude) === undefined
? undefined
: Math.min(90, Math.max(-90, toFiniteNumber(viewportLatitude)!)),
viewportZoom:
toFiniteNumber(viewportZoom) === undefined
? undefined
: Math.max(0, toFiniteNumber(viewportZoom)!),
```
<details>
<summary><b>Steps of Reproduction ✅ </b></summary>
```mdx
1. In Explore for MapBox chart, set Viewport controls to out-of-range values
(e.g.,
`viewport_latitude=999`) using `TextControl` fields defined in
`superset-frontend/plugins/legacy-plugin-chart-map-box/src/controlPanel.ts:286-313`;
these
fields are `isFloat: true` but have no range validators.
2. Because these controls are `renderTrigger: true`
(`controlPanel.ts:276,290,306`), the
chart re-renders and calls plugin `transformProps`
(`superset-frontend/plugins/legacy-plugin-chart-map-box/src/index.ts:53-56`).
3. `transformProps` parses values via `toFiniteNumber`
(`transformProps.ts:27-35`) and
passes them through unchanged at `transformProps.ts:132-134`, so `999`
remains `999`.
4. `MapBox` consumes those props in `mergeViewportWithProps`
(`superset-frontend/plugins/legacy-plugin-chart-map-box/src/MapBox.tsx:108-120`)
and
forwards viewport directly into `<MapGL {...viewport}>` at
`MapBox.tsx:212-214`, so
invalid coordinates reach the map library.
5. Result: viewport input is not bounded by map-valid ranges; this can
produce invalid map
behavior/errors at runtime when users enter mistyped/extreme values.
```
</details>
<details>
<summary><b>Prompt for AI Agent 🤖 </b></summary>
```mdx
This is a comment left during a code review.
**Path:**
superset-frontend/plugins/legacy-plugin-chart-map-box/src/transformProps.ts
**Line:** 132:134
**Comment:**
*Logic Error: The new viewport parsing accepts any finite number, so
out-of-range values (especially latitude outside [-90, 90]) can be passed
through to the map component and cause runtime failures in the underlying map
library. Clamp viewport coordinates/zoom to valid map ranges before returning
props.
Validate the correctness of the flagged issue. If correct, How can I resolve
this? If you propose a fix, implement it and please make it concise.
```
</details>
<a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F38374&comment_hash=d899ce19c10f0912ae839a0876b544f76e4ad3e3f3638545b87ffe3c7ea29365&reaction=like'>👍</a>
| <a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F38374&comment_hash=d899ce19c10f0912ae839a0876b544f76e4ad3e3f3638545b87ffe3c7ea29365&reaction=dislike'>👎</a>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
