aminghadersohi commented on PR #40344: URL: https://github.com/apache/superset/pull/40344#issuecomment-4566609624
Addressed @richardfogaca's round 4 data-boundary concern. **What was done:** The `json` field in the action-log serializer (`superset/mcp_service/action_log/schemas.py`) was returning the stored log payload raw. Added `_sanitize_log_json()` which: 1. Parses the stored JSON string into a Python object (preserving shape) 2. Passes it through the existing `sanitize_for_llm_context()` helper (same helper used in chart/dashboard MCP serializers), which recursively wraps every string leaf in `<UNTRUSTED-CONTENT>…</UNTRUSTED-CONTENT>` delimiters 3. Falls back to sanitizing the raw string if the payload is not valid JSON This keeps the JSON shape intact for callers that need to inspect individual fields while preventing prompt-injection from user-controlled log payloads reaching LLM context. **Tests added** (in `tests/unit_tests/mcp_service/action_log/tool/test_action_log_tools.py`): - `test_get_action_log_info_json_payload_sanitized` — verifies dict shape is preserved and string leaves are wrapped - `test_list_action_logs_json_payload_sanitized` — same check for the list endpoint Commit: d904567580a3c3e1a4c1d8c9f2b7e5f8a6c3d1e2 (see `fix(mcp): sanitize action-log json payload before placing in LLM context`) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
