fix: check type of url before performing string actions (#19569)

* ensure url is a string * return url if param is a url
2022-04-06 17:32:10 -07:00 · 2022-04-06 17:32:10 -07:00 · aa419b8119
parent 6136942759
commit aa419b8119
2 changed files with 52 additions and 6 deletions
--- a/superset/databases/utils.py
+++ b/superset/databases/utils.py
@ -14,7 +14,7 @@
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
-from typing import Any, Dict, List, Optional
+from typing import Any, Dict, List, Optional, Union

 from sqlalchemy.engine.url import make_url, URL

@ -104,7 +104,7 @@ def get_table_metadata(
    }


-def make_url_safe(raw_url: str) -> URL:
+def make_url_safe(raw_url: Union[str, URL]) -> URL:
    """
    Wrapper for SQLAlchemy's make_url(), which tends to raise too detailed of
    errors, which inevitably find their way into server logs. ArgumentErrors
@ -112,7 +112,13 @@ def make_url_safe(raw_url: str) -> URL:
    :param raw_url:
    :return:
    """
-    try:
-        return make_url(raw_url.strip())  # noqa
-    except Exception:
-        raise DatabaseInvalidError()  # pylint: disable=raise-missing-from
+
+    if isinstance(raw_url, str):
+        url = raw_url.strip()
+        try:
+            return make_url(url)  # noqa
+        except Exception:
+            raise DatabaseInvalidError()  # pylint: disable=raise-missing-from
+
+    else:
+        return raw_url
--- a/tests/unit_tests/databases/utils_test.py
+++ b/tests/unit_tests/databases/utils_test.py
@ -0,0 +1,40 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from sqlalchemy.engine.url import make_url
+from sqlalchemy.orm.session import Session
+
+from superset.databases.utils import make_url_safe
+
+
+def test_make_url_safe_string(app_context: None, session: Session) -> None:
+    """
+    Test converting a string to a safe uri
+    """
+    uri_string = "postgresql+psycopg2://superset:***@127.0.0.1:5432/superset"
+    uri_safe = make_url_safe(uri_string)
+    assert str(uri_safe) == uri_string
+    assert uri_safe == make_url(uri_string)
+
+
+def test_make_url_safe_url(app_context: None, session: Session) -> None:
+    """
+    Test converting a url to a safe uri
+    """
+    uri = make_url("postgresql+psycopg2://superset:***@127.0.0.1:5432/superset")
+    uri_safe = make_url_safe(uri)
+    assert uri_safe == uri