* Switched yaml.load to yaml.safe_load to prevent code execution via crafted yaml files
Python's yaml.laod can lead to code execution via crafted yaml files such as:
```
code_exec: !!python/object/apply:subprocess.check_output ['ls']
```
* Fixed XSS via bleach
It was possible to get an XSS via the markdown library via simply setting a description containing arbitary HTML tags.
It was also possible to create links that went to the `javascript:` link handler (eg `[example](javascript:alert(0)`)
Using bleach to sanitize it solves both of these.
* Added XFO header by default to prevent clickjacking attacks
Note that with this application clickjacking can be relatively severe via the SQLLab functionality
which allows executing arbitary SQL.
* Added justification for dangerouslySetInnerHTML
* Fixed linting errors
* Fixed linting errors
Before this PR the only way to query lat/long is in the shape of 2
columns that contains lat and long.
Now we're adding 2 more options:
* a single column that has lat and long with a delimiter in between
* support for geohashes - geohashes are cool
* [sqllab] improve Hive support
* Fix "Transport not open" bug
* Getting progress bar to show
* Bump pyhive to 0.4.0
* Getting [Track Job] button to show
* Fix testzz
* upgrade celery to 4.0.2
* using Redis for unit tests (sqla broker not supported in Celery 4)
* Setting Celery's soft_time_limit based on `SQLLAB_ASYNC_TIME_LIMIT_SEC` config
* Better error handling in async tasks
* Better statsd logging in async tasks
* show [pending/running] query status in Results tab
* systematically using sqla NullPool on worker (async) to limit number
of database connections
* [sqllab] assign types for visualize flow
Somehow when using the visualize flow, the types were not
assigned at all, creating some bugs downstream. This PR attempts to get
the information required based on what pandas is knows and the types in
the data itself.
* Fixing tests
* Fixing tests
* Fixing more tests
* Fixing the last py3 tests
* Support more filter operators
* more filter operators [>, <, >=, <=, ==, !=, LIKE]
* Fix need to escape/double `%` in LIKE clauses
* spinner while loading values when changing column
* datasource config elements to allow to applying predicates when
fetching filter values
* refactor
* Removing doubling parens
* rebasing
* Merging migrations
* Initial
* rewrite some line to make it short and setting merge variable temporarily
* rewrite commit author
* add emitted attribute
* Fix typo
* fix test error
* fix typo
* test added
timifasubaa
John Bodley
Maxime Beauchemin
David Dworken
Riccardo Magliocchetti
rumbin
fabianmenges
王洁玉
Fokko Driesprong
Benjamin Yolken
Wyndham Blanton
Dongkyu Hwangbo