Add check for SSL certificate and add form validators

superset/views/database/mixins.py

@@ -204,10 +204,8 @@ def _pre_add_update(self, database):
             check_sqlalchemy_uri(database.sqlalchemy_uri)
         self.check_extra(database)
         self.check_encrypted_extra(database)
-        utils.parse_ssl_cert(database.server_cert)
-        database.server_cert = (
-            database.server_cert.strip() if database.server_cert else ""
-        )
+        if database.server_cert:
+            utils.parse_ssl_cert(database.server_cert)
         database.set_sqlalchemy_uri(database.sqlalchemy_uri)
         security_manager.add_permission_view_menu("database_access", database.perm)
         # adding a new database we always want to force refresh schema list

superset/views/database/validators.py

@@ -15,14 +15,16 @@
 # specific language governing permissions and limitations
 # under the License.
 
-from typing import Type
+from typing import Optional, Type
 
 from flask_babel import lazy_gettext as _
 from marshmallow import ValidationError
 from sqlalchemy.engine.url import make_url
 from sqlalchemy.exc import ArgumentError
 
 from superset import security_manager
+from superset.exceptions import CertificateException
+from superset.utils.core import parse_ssl_cert
 
 
 def sqlalchemy_uri_validator(
@@ -53,3 +55,21 @@ def schema_allows_csv_upload(database, schema):
         security_manager.database_access(database)
         or security_manager.all_datasource_access()
     )
+
+
+def certificate_validator(
+    certificate: Optional[str], exception: Type[ValidationError] = ValidationError
+) -> None:
+    if certificate:
+        try:
+            parse_ssl_cert(certificate)
+        except CertificateException:
+            raise exception(
+                _(
+                    "Invalid certificate. <br>"
+                    "Please make sure the certificate begins with<br>"
+                    "-----BEGIN CERTIFICATE-----<br>"
+                    "and ends with<br>"
+                    "-----END CERTIFICATE-----"
+                )
+            )

superset/views/database/views.py

@@ -34,7 +34,11 @@
 
 from .forms import CsvToDatabaseForm
 from .mixins import DatabaseMixin
-from .validators import schema_allows_csv_upload, sqlalchemy_uri_validator
+from .validators import (
+    certificate_validator,
+    schema_allows_csv_upload,
+    sqlalchemy_uri_validator,
+)
 
 if TYPE_CHECKING:
     from werkzeug.datastructures import FileStorage  # pylint: disable=unused-import
@@ -50,6 +54,13 @@ def sqlalchemy_uri_form_validator(_, field: StringField) -> None:
     sqlalchemy_uri_validator(field.data, exception=ValidationError)
 
 
+def certificate_form_validator(_, field: StringField) -> None:
+    """
+        Check if user has submitted a valid SQLAlchemy URI
+    """
+    certificate_validator(field.data, exception=ValidationError)
+
+
 def upload_stream_write(form_file_field: "FileStorage", path: str):
     chunk_size = app.config["UPLOAD_CHUNK_SIZE"]
     with open(path, "bw") as file_description:
@@ -68,7 +79,10 @@ class DatabaseView(
 
     add_template = "superset/models/database/add.html"
     edit_template = "superset/models/database/edit.html"
-    validators_columns = {"sqlalchemy_uri": [sqlalchemy_uri_form_validator]}
+    validators_columns = {
+        "sqlalchemy_uri": [sqlalchemy_uri_form_validator],
+        "server_cert": [certificate_form_validator],
+    }
 
     yaml_dict_key = "databases"