aminghadersohi commented on PR #40344: URL: https://github.com/apache/superset/pull/40344#issuecomment-4567284265
Thanks @richardfogaca! **Round 5 fixes — 32b7c2aa87:** **Issue A — full wrapping for url/schema/uuid in the log json blob (`schemas.py:273`):** Changed `_sanitize_log_json` to pass `excluded_field_names=frozenset()` to `sanitize_for_llm_context`. The default exclusion list was designed for structured, operationally-trusted output fields; the entire action-log `json` column is workspace/user-controlled data, so none of its keys should be exempt from `<UNTRUSTED-CONTENT>` wrapping. Fields like `url`, `schema`, and `uuid` now get wrapped rather than merely escaped. Added a test that explicitly asserts both those fields are wrapped when present in the payload. **Issue B — dttm list normalization (`schemas.py:85`):** Extended `normalize_dttm_value` to also walk list values when `col == "dttm"`, applying the same ISO-string-to-datetime conversion to each string element. This covers `dttm IN (...)` filters as well as the scalar case. Updated the `ActionLogFilter.value` type annotation to include `datetime` in the list element union to reflect the post-validation runtime type. Added a test passing a `dttm IN ["2024-01-01T00:00:00Z"]` filter and asserting the element is a timezone-aware `datetime` when it reaches the DAO. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
