Skip to content

Advanced SQL Analytics Framework #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
everettbu wants to merge 1 commit into
base: data-analysis-features
Choose a base branch
from
Open

Advanced SQL Analytics Framework #9

everettbu wants to merge 1 commit into from

Conversation

@everettbu
Copy link

@everettbu everettbu commented Jul 26, 2025

Test 9

@samjewell @scottlepp
ServerSideExpressions: Disable SQL Expressions to prevent RCE and LFI…
ea71201 
… vulnerability (#94942)

* disable sql expressions

remove duckdb ref

* Run `make update-workspace`

---------

Co-authored-by: Scott Lepper <[email protected]>
graphite-app[bot]
graphite-app bot reviewed Jul 28, 2025
View reviewed changes
pkg/expr/reader.go
Comment on lines +194 to +200
func enableSqlExpressions(h *ExpressionQueryReader) bool {
enabled := !h.features.IsEnabledGlobally(featuremgmt.FlagSqlExpressions)
if enabled {
return false
}
return false
}
Copy link

@graphite-app graphite-app bot Jul 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The enableSqlExpressions function contains a logic error that prevents SQL expressions from ever being enabled. The function always returns false regardless of the feature flag's value:

func enableSqlExpressions(h *ExpressionQueryReader) bool {
    enabled := !h.features.IsEnabledGlobally(featuremgmt.FlagSqlExpressions)
    if enabled {
        return false
    }
    return false
}

To correctly implement the feature flag check, consider simplifying to:

func enableSqlExpressions(h *ExpressionQueryReader) bool {
    return h.features.IsEnabledGlobally(featuremgmt.FlagSqlExpressions)
}

This will properly return true when the feature flag is enabled and false otherwise.

Suggested change
func enableSqlExpressions(h *ExpressionQueryReader) bool {
enabled := !h.features.IsEnabledGlobally(featuremgmt.FlagSqlExpressions)
if enabled {
return false
}
return false
}
func enableSqlExpressions(h *ExpressionQueryReader) bool {
return h.features.IsEnabledGlobally(featuremgmt.FlagSqlExpressions)
}

Spotted by Diamond

Is this helpful? React 👍 or 👎 to let us know.

@github-actions
Copy link
Contributor

github-actions bot commented Aug 28, 2025

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 2 weeks if no further activity occurs. Please feel free to give a status update or ping for review. Thank you for your contributions!

@github-actions github-actions bot added the stale label Aug 28, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Sep 12, 2025

This pull request has been automatically closed because it has not had any further activity in the last 2 weeks. Thank you for your contributions!

@github-actions github-actions bot closed this Sep 12, 2025
@everettbu everettbu reopened this Sep 12, 2025
@github-actions github-actions bot removed the stale label Sep 13, 2025
This was referenced Nov 14, 2025
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@graphite-app graphite-app[bot] graphite-app[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@everettbu @samjewell