Re: [PR] fix: sqlparse issue [superset]

Wed, 30 Jul 2025 15:21:09 -0700 


korbit-ai[bot] commented on code in PR #34413:
URL: https://github.com/apache/superset/pull/34413#discussion_r2243968703


##########
superset/sql_parse.py:
##########
@@ -88,7 +88,9 @@
 # reference: https://sqlparse.readthedocs.io/en/stable/extending/
 lex = Lexer.get_default_instance()
 sqlparser_sql_regex = keywords.SQL_REGEX
-sqlparser_sql_regex.insert(25, (r"'(''|\\\\|\\|[^'])*'", 
sqlparse.tokens.String.Single))
+sqlparser_sql_regex.insert(
+    25, (r"'(?:[^'\\]|\\\\?|'')*'", sqlparse.tokens.String.Single)
+)

Review Comment:
   ### Undocumented Complex Regex Pattern <sub>![category 
Readability](https://img.shields.io/badge/Readability-0284c7)</sub>
   
   <details>
     <summary>Tell me more</summary>
   
   ###### What is the issue?
   Complex regex pattern without explanation of what it matches and each 
component's purpose.
   
   
   ###### Why this matters
   Without understanding the regex components, future maintainers will struggle 
to modify or debug the pattern safely, especially given its security 
implications for ReDOS protection.
   
   ###### Suggested change ∙ *Feature Preview*
   Add a clear comment explaining the regex pattern:
   ```python
   # Regex for matching SQL single-quoted strings:
   # '(?:[^'\\]|\\\\?|'')*'
   # - [^'\\]: Any char except quote or backslash
   # - \\\\?: Optional escaped backslash
   # - '': Escaped single quote
   # Together this safely matches SQL strings while preventing ReDOS
   sqlparser_sql_regex.insert(
       25, (r"'(?:[^'\\]|\\\\?|'')*'", sqlparse.tokens.String.Single)
   )
   ```
   
   
   ###### Provide feedback to improve future suggestions
   [![Nice 
Catch](https://img.shields.io/badge/👍%20Nice%20Catch-71BC78)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/1a1ad62c-1f4d-4b6e-8131-4340df835437/upvote)
 
[![Incorrect](https://img.shields.io/badge/👎%20Incorrect-white)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/1a1ad62c-1f4d-4b6e-8131-4340df835437?what_not_true=true)
  [![Not in 
Scope](https://img.shields.io/badge/👎%20Out%20of%20PR%20scope-white)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/1a1ad62c-1f4d-4b6e-8131-4340df835437?what_out_of_scope=true)
 [![Not in coding 
standard](https://img.shields.io/badge/👎%20Not%20in%20our%20standards-white)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/1a1ad62c-1f4d-4b6e-8131-4340df835437?what_not_in_standard=true)
 
[![Other](https://img.shields.io/badge/👎%20Other-white)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/1a1ad62c-1f4d-4b6e-8131-4340df835437)
   </details>
   
   <sub>
   
   💬 Looking for more details? Reply to this comment to chat with Korbit.
   </sub>
   
   <!--- korbi internal id:f5ff278f-0021-4f1a-b304-9cd7f6a72473 -->
   
   
   [](f5ff278f-0021-4f1a-b304-9cd7f6a72473)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to