Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 0B250200D3B for ; Fri, 27 Oct 2017 01:16:31 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 09B32160BF3; Thu, 26 Oct 2017 23:16:31 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 50BC01609E5 for ; Fri, 27 Oct 2017 01:16:30 +0200 (CEST) Received: (qmail 35071 invoked by uid 500); 26 Oct 2017 23:16:29 -0000 Mailing-List: contact commits-help@superset.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@superset.incubator.apache.org Delivered-To: mailing list commits@superset.incubator.apache.org Received: (qmail 35062 invoked by uid 99); 26 Oct 2017 23:16:29 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 26 Oct 2017 23:16:29 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id 5DFC681C32; Thu, 26 Oct 2017 23:16:27 +0000 (UTC) Date: Thu, 26 Oct 2017 23:16:27 +0000 To: "commits@superset.apache.org" Subject: [incubator-superset] branch master updated: Validate JSON in slice's params on save (#3720) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Message-ID: <150905978745.17617.4630675845939291605@gitbox.apache.org> From: maximebeauchemin@apache.org X-Git-Host: gitbox.apache.org X-Git-Repo: incubator-superset X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Oldrev: c4b6324e74398df206abef0f0fd79807a6364252 X-Git-Newrev: a9b6d11adec70a7181311d5fa02420e357133a3e X-Git-Rev: a9b6d11adec70a7181311d5fa02420e357133a3e X-Git-NotificationType: ref_changed_plus_diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated archived-at: Thu, 26 Oct 2017 23:16:31 -0000 This is an automated email from the ASF dual-hosted git repository. maximebeauchemin pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-superset.git The following commit(s) were added to refs/heads/master by this push: new a9b6d11 Validate JSON in slice's params on save (#3720) a9b6d11 is described below commit a9b6d11adec70a7181311d5fa02420e357133a3e Author: Maxime Beauchemin AuthorDate: Thu Oct 26 16:16:21 2017 -0700 Validate JSON in slice's params on save (#3720) fixes https://github.com/apache/incubator-superset/issues/3507 This prevents malformed JSON from getting saved in a slice's params. It also prevents the issue described in #3507 from happening though as a result malformed slices will render using default control values. --- superset/models/core.py | 7 ++++++- superset/views/core.py | 4 ++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/superset/models/core.py b/superset/models/core.py index 1a795c2..f481500 100644 --- a/superset/models/core.py +++ b/superset/models/core.py @@ -195,7 +195,12 @@ class Slice(Model, AuditMixinNullable, ImportMixin): @property def form_data(self): - form_data = json.loads(self.params) + form_data = {} + try: + form_data = json.loads(self.params) + except Exception as e: + logging.error("Malformed json in slice's params") + logging.exception(e) form_data.update({ 'slice_id': self.id, 'viz_type': self.viz_type, diff --git a/superset/views/core.py b/superset/views/core.py index 7acce42..bd4d4e5 100755 --- a/superset/views/core.py +++ b/superset/views/core.py @@ -390,7 +390,11 @@ class SliceModelView(SupersetModelView, DeleteMixin): # noqa 'viz_type': _("Visualization Type"), } + def pre_add(self, obj): + utils.validate_json(obj.params) + def pre_update(self, obj): + utils.validate_json(obj.params) check_ownership(obj) def pre_delete(self, obj): -- To stop receiving notification emails like this one, please contact ['"commits@superset.apache.org" '].