superset-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [incubator-superset] etr2460 commented on a change in pull request #9764: feat: add replace option to hive csv upload
Date Thu, 07 May 2020 16:44:54 GMT

etr2460 commented on a change in pull request #9764:
URL: https://github.com/apache/incubator-superset/pull/9764#discussion_r421645791



##########
File path: superset/db_engine_specs/hive.py
##########
@@ -179,11 +193,15 @@ def convert_to_hive_type(col_type: str) -> str:
             bucket_path,
             os.path.join(upload_prefix, table_name, os.path.basename(filename)),
         )
+        engine = cls.get_engine(database)
+
+        if if_exists == "replace":
+            engine.execute(f"DROP TABLE IF EXISTS {full_table_name}")

Review comment:
       this looks ripe for sql injection, but honestly, the existing lines below are as well.
This is blocked on enabling the csv upload feature to a datasource, so that security might
be ok for now?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org


Mime
View raw message