Re: [PR] SONK-3386: Custom thales adaptation [superset]

Thu, 19 Jun 2025 16:03:11 -0700 


korbit-ai[bot] commented on code in PR #33835:
URL: https://github.com/apache/superset/pull/33835#discussion_r2157751518


##########
docker/docker-bootstrap.sh:
##########
@@ -59,6 +59,11 @@ else
   echo "Skipping local overrides"
 fi
 
+if [ -d /app/sqlalchemy-drill ]; then
+  echo "Installing local sqlalchemy-drill in editable mode"
+  pip install -e /app/sqlalchemy-drill

Review Comment:
   ### Unsafe local package installation without integrity verification 
<sub>![category Security](https://img.shields.io/badge/Security-e11d48)</sub>
   
   <details>
     <summary>Tell me more</summary>
   
   ###### What is the issue?
   Installing a package in editable mode (-e) from a local directory without 
verifying the package integrity or source could introduce malicious code.
   
   
   ###### Why this matters
   An attacker who gains access to modify the local directory contents could 
inject malicious code that would be executed during package installation.
   
   ###### Suggested change ∙ *Feature Preview*
   Verify package integrity by using checksums or signatures, and preferably 
install from trusted package repositories instead of local directories. If 
local installation is required, implement strict directory permissions and 
package verification:
   ```bash
   # Verify package checksum before installation
   if [ -d /app/sqlalchemy-drill ] && verify_package_integrity 
/app/sqlalchemy-drill; then
     pip install -e /app/sqlalchemy-drill
   fi
   ```
   
   
   ###### Provide feedback to improve future suggestions
   [![Nice 
Catch](https://img.shields.io/badge/👍%20Nice%20Catch-71BC78)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/8ba9cb3b-93eb-4c25-990e-9ef018f8d1e6/upvote)
 
[![Incorrect](https://img.shields.io/badge/👎%20Incorrect-white)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/8ba9cb3b-93eb-4c25-990e-9ef018f8d1e6?what_not_true=true)
  [![Not in 
Scope](https://img.shields.io/badge/👎%20Out%20of%20PR%20scope-white)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/8ba9cb3b-93eb-4c25-990e-9ef018f8d1e6?what_out_of_scope=true)
 [![Not in coding 
standard](https://img.shields.io/badge/👎%20Not%20in%20our%20standards-white)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/8ba9cb3b-93eb-4c25-990e-9ef018f8d1e6?what_not_in_standard=true)
 
[![Other](https://img.shields.io/badge/👎%20Other-white)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/8ba9cb3b-93eb-4c25-990e-9ef018f8d1e6)
   </details>
   
   <sub>
   
   💬 Looking for more details? Reply to this comment to chat with Korbit.
   </sub>
   
   <!--- korbi internal id:d3e1afd3-17bc-4278-a4ba-0e075490ad68 -->
   
   
   [](d3e1afd3-17bc-4278-a4ba-0e075490ad68)



##########
docker/docker-bootstrap.sh:
##########
@@ -59,6 +59,11 @@ else
   echo "Skipping local overrides"
 fi
 
+if [ -d /app/sqlalchemy-drill ]; then
+  echo "Installing local sqlalchemy-drill in editable mode"
+  pip install -e /app/sqlalchemy-drill
+fi

Review Comment:
   ### Missing proper logging for package installation <sub>![category 
Logging](https://img.shields.io/badge/Logging-4f46e5)</sub>
   
   <details>
     <summary>Tell me more</summary>
   
   ###### What is the issue?
   Installation of sqlalchemy-drill package is only logged at echo level, 
missing proper logging for package installation status and potential errors.
   
   
   ###### Why this matters
   Without proper logging of installation success/failure, troubleshooting 
deployment issues becomes more difficult, especially in production environments.
   
   ###### Suggested change ∙ *Feature Preview*
   ```bash
   if [ -d /app/sqlalchemy-drill ]; then
     echo "INFO: Installing local sqlalchemy-drill in editable mode"
     if pip install -e /app/sqlalchemy-drill; then
       echo "INFO: Successfully installed sqlalchemy-drill"
     else
       echo "ERROR: Failed to install sqlalchemy-drill" >&2
       exit 1
     fi
   fi
   ```
   
   
   ###### Provide feedback to improve future suggestions
   [![Nice 
Catch](https://img.shields.io/badge/👍%20Nice%20Catch-71BC78)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/d3efa3f5-09d5-4b05-82c8-9ab96d1b07bd/upvote)
 
[![Incorrect](https://img.shields.io/badge/👎%20Incorrect-white)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/d3efa3f5-09d5-4b05-82c8-9ab96d1b07bd?what_not_true=true)
  [![Not in 
Scope](https://img.shields.io/badge/👎%20Out%20of%20PR%20scope-white)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/d3efa3f5-09d5-4b05-82c8-9ab96d1b07bd?what_out_of_scope=true)
 [![Not in coding 
standard](https://img.shields.io/badge/👎%20Not%20in%20our%20standards-white)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/d3efa3f5-09d5-4b05-82c8-9ab96d1b07bd?what_not_in_standard=true)
 
[![Other](https://img.shields.io/badge/👎%20Other-white)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/d3efa3f5-09d5-4b05-82c8-9ab96d1b07bd)
   </details>
   
   <sub>
   
   💬 Looking for more details? Reply to this comment to chat with Korbit.
   </sub>
   
   <!--- korbi internal id:ddd6a484-c1dc-44d4-9217-6fa2eac88224 -->
   
   
   [](ddd6a484-c1dc-44d4-9217-6fa2eac88224)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to