def _pre_add_update(self, database): if app.config["PREVENT_UNSAFE_DB_CONNECTIONS"]: check_sqlalchemy_uri(database.sqlalchemy_uri) self.check_extra(database) self.check_encrypted_extra(database) database.set_sqlalchemy_uri(database.sqlalchemy_uri) security_manager.add_permission_view_menu("database_access", database.perm) # adding a new database we always want to force refresh schema list for schema in database.get_all_schema_names(): security_manager.add_permission_view_menu( "schema_access", security_manager.get_schema_perm(database, schema) )
def test_check_sqlalchemy_url_sqlite(self): with pytest.raises(SupersetSecurityException) as excinfo: check_sqlalchemy_uri(make_url("sqlite:///home/superset/bad.db")) assert ( str(excinfo.value) == "SQLiteDialect_pysqlite cannot be used as a data source for security reasons." ) with pytest.raises(SupersetSecurityException) as excinfo: check_sqlalchemy_uri(make_url("shillelagh:///home/superset/bad.db")) assert ( str(excinfo.value) == "shillelagh cannot be used as a data source for security reasons." )
def sqlalchemy_uri_validator(value: str) -> str: """ Validate if it's a valid SQLAlchemy URI and refuse SQLLite by default """ try: uri = make_url(value.strip()) except (ArgumentError, AttributeError, ValueError): raise ValidationError([ _("Invalid connection string, a valid string usually follows: " "driver://*****:*****@database-host/database-name") ]) if current_app.config.get("PREVENT_UNSAFE_DB_CONNECTIONS", True): try: check_sqlalchemy_uri(uri) except SupersetSecurityException as ex: raise ValidationError([str(ex)]) return value
def test_check_sqlalchemy_url_sqlite(self): with self.assertRaises(DBSecurityException): check_sqlalchemy_uri("sqlite:///home/superset/bad.db")
def test_check_sqlalchemy_uri_ok(self): check_sqlalchemy_uri("postgres://*****:*****@test.com")