fix(cdp): throw if select in filters#30250
Merged
meikelmosby merged 1 commit intomasterfrom Mar 21, 2025
Merged
Conversation
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
PR Summary
This PR adds a security check to prevent SQL injection via subqueries in HogQL filters for data pipelines.
- Added
SelectFindervisitor class inposthog/cdp/filters.pyto detect SELECT queries in filter ASTs - Modified
compile_filters_bytecodeto throw early error during filter saving rather than at runtime - Added test case
test_filters_raises_on_selectinposthog/cdp/test/test_filters.pyto verify SELECT detection - Error message could be more specific about why SELECT queries are not allowed in filters
2 file(s) reviewed, 3 comment(s)
Edit PR Review Bot Settings | Greptile
Comment on lines
+110
to
+111
| if SelectFinder.has_select(expr): | ||
| raise Exception("Select queries are not allowed in filters") |
Contributor
There was a problem hiding this comment.
style: Generic Exception is too broad. Consider creating a specific exception type for filter validation errors.
Comment on lines
+94
to
+96
| def visit_select_query(self, node): | ||
| self.found = True | ||
| return |
Contributor
There was a problem hiding this comment.
logic: visit_select_query() should call super().visit_select_query(node) to ensure proper traversal of child nodes
Comment on lines
+91
to
+92
| class SelectFinder(TraversingVisitor): | ||
| found = False |
Contributor
There was a problem hiding this comment.
logic: found should be instance-specific, not class-level, to avoid state sharing between instances
Suggested change
| class SelectFinder(TraversingVisitor): | |
| found = False | |
| class SelectFinder(TraversingVisitor): | |
| def __init__(self): | |
| super().__init__() | |
| self.found = False |
benjackwhite
approved these changes
Mar 21, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Turns out you can write subqueries in HogQL filters in data pipelines.
Changes
Throws an error when saving the filter, not later during runtime.
How did you test this code?
In the browser and added a test