Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: revert "fix(embedded): adding logic to check dataset used by filters (#24808) #24892

Merged
merged 1 commit into from
Aug 4, 2023
Merged

fix: revert "fix(embedded): adding logic to check dataset used by filters (#24808) #24892

merged 1 commit into from
Aug 4, 2023

Conversation

john-bodley
Copy link
Member

SUMMARY

This PR reverts #24808. Regrettably @Vitor-Avila after further review I believe the logic outlined in your fix (per the integration test you added) exposes a security vulnerability, i.e., per this check in your test,

security_manager.raise_for_access(datasource=test_dataset)

will mean said user will have access to the test_dataset datasource irrespective of the context. Thus by granting dashboard access to to a guest user you would be in fact (possibly unknowingly) granting full access to all datasources which are referenced within the native dashboard filters.

I think the right—context aware—solution is to change the raise_for_access caller to include the dashboard context. Note in #24804 I've refactored the dashboard security logic by folding raise_for_dashboard_access into raise_for_access so the later is (or can be dashboard aware).

The TL;DR is your change flexes to accommodate the need for the dashboard filters to function but is over generous in terms of the context in which the permissions are allowed.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

CI.

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

@codecov
Copy link

codecov bot commented Aug 4, 2023
edited
Loading

Codecov Report

Merging #24892 (9f7e40f) into master (554ef07) will decrease coverage by 0.01%.
Report is 1 commits behind head on master.
The diff coverage is 100.00%.

❗ Current head 9f7e40f differs from pull request most recent head 2d00c63. Consider uploading reports for the commit 2d00c63 to get more accurate results

@@            Coverage Diff             @@
##           master   #24892      +/-   ##
==========================================
- Coverage   69.00%   69.00%   -0.01%     
==========================================
  Files        1906     1906              
  Lines       74142    74130      -12     
  Branches     8208     8208              
==========================================
- Hits        51160    51150      -10     
+ Misses      20859    20857       -2     
  Partials     2123     2123
Flag Coverage Δ
hive 54.15% <0.00%> (+0.01%) ⬆️
mysql 79.21% <100.00%> (-0.01%) ⬇️
postgres 79.31% <100.00%> (-0.01%) ⬇️
presto 54.05% <0.00%> (+0.01%) ⬆️
python 83.37% <100.00%> (+<0.01%) ⬆️
sqlite 77.89% <100.00%> (-0.01%) ⬇️
unit 55.01% <0.00%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed Coverage Δ
superset/security/manager.py 93.94% <100.00%> (+0.18%) ⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@john-bodley john-bodley changed the title Revert "fix(embedded): adding logic to check dataset used by filters (#24808) revert: "fix(embedded): adding logic to check dataset used by filters (#24808) Aug 4, 2023
@john-bodley john-bodley changed the title revert: "fix(embedded): adding logic to check dataset used by filters (#24808) fix: revert "fix(embedded): adding logic to check dataset used by filters (#24808) Aug 4, 2023
@justinpark justinpark added the review:checkpoint Last PR reviewed during the daily review standup label Aug 4, 2023
@john-bodley john-bodley merged commit 9f7f2c6 into apache:master Aug 4, 2023
32 of 34 checks passed
@john-bodley john-bodley deleted the john-bodley--revert-24808 branch August 4, 2023 18:15
@john-bodley john-bodley mentioned this pull request Aug 4, 2023
Merged
9 tasks
@john-bodley john-bodley added the v3.0 Label added by the release manager to track PRs to be included in the 3.0 branch label Aug 4, 2023
michael-s-molina pushed a commit that referenced this pull request Aug 7, 2023
@john-bodley @michael-s-molina
fix: revert "fix(embedded): adding logic to check dataset used by fil…
215b3b5 
…ters (#24808) (#24892)

(cherry picked from commit 9f7f2c6)
@john-bodley john-bodley removed the review:checkpoint Last PR reviewed during the daily review standup label Aug 9, 2023
jinghua-qa added a commit to preset-io/superset that referenced this pull request Aug 16, 2023
@jinghua-qa
Revert "fix: revert "fix(embedded): adding logic to check dataset use…
96bc3c2 
…d by filters (apache#24808) (apache#24892)"

This reverts commit 9f7f2c6.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eschutho eschutho eschutho approved these changes

@michael-s-molina michael-s-molina Awaiting requested review from michael-s-molina

Assignees
No one assigned
Labels
size/M v3.0 Label added by the release manager to track PRs to be included in the 3.0 branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@john-bodley @eschutho @justinpark