superset-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From maximebeauche...@apache.org
Subject [incubator-superset] branch master updated: Validate JSON in slice's params on save (#3720)
Date Thu, 26 Oct 2017 23:16:27 GMT
This is an automated email from the ASF dual-hosted git repository.

maximebeauchemin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git


The following commit(s) were added to refs/heads/master by this push:
     new a9b6d11  Validate JSON in slice's params on save (#3720)
a9b6d11 is described below

commit a9b6d11adec70a7181311d5fa02420e357133a3e
Author: Maxime Beauchemin <maximebeauchemin@gmail.com>
AuthorDate: Thu Oct 26 16:16:21 2017 -0700

    Validate JSON in slice's params on save (#3720)
    
    fixes https://github.com/apache/incubator-superset/issues/3507
    
    This prevents malformed JSON from getting saved in a slice's params. It
    also prevents the issue described in #3507 from happening though as a
    result malformed slices will render using default control values.
---
 superset/models/core.py | 7 ++++++-
 superset/views/core.py  | 4 ++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/superset/models/core.py b/superset/models/core.py
index 1a795c2..f481500 100644
--- a/superset/models/core.py
+++ b/superset/models/core.py
@@ -195,7 +195,12 @@ class Slice(Model, AuditMixinNullable, ImportMixin):
 
     @property
     def form_data(self):
-        form_data = json.loads(self.params)
+        form_data = {}
+        try:
+            form_data = json.loads(self.params)
+        except Exception as e:
+            logging.error("Malformed json in slice's params")
+            logging.exception(e)
         form_data.update({
             'slice_id': self.id,
             'viz_type': self.viz_type,
diff --git a/superset/views/core.py b/superset/views/core.py
index 7acce42..bd4d4e5 100755
--- a/superset/views/core.py
+++ b/superset/views/core.py
@@ -390,7 +390,11 @@ class SliceModelView(SupersetModelView, DeleteMixin):  # noqa
         'viz_type': _("Visualization Type"),
     }
 
+    def pre_add(self, obj):
+        utils.validate_json(obj.params)
+
     def pre_update(self, obj):
+        utils.validate_json(obj.params)
         check_ownership(obj)
 
     def pre_delete(self, obj):

-- 
To stop receiving notification emails like this one, please contact
['"commits@superset.apache.org" <commits@superset.apache.org>'].

Mime
View raw message