Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add limit 1 if required first value from query result #33672

Merged
merged 1 commit into from
Aug 24, 2023

Conversation

Taragolis
Copy link
Contributor

@Taragolis Taragolis commented Aug 23, 2023

Add missing Limit 1 for sqlachemy.session.scalar where:

  • Expected only first/last/previous/next value, but result could contain more than 1 record
  • Expected one value but no unique index exists for this query

^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in newsfragments.

Comment on lines +260 to 264
return self.get_session.scalar(
select(self.registeruser_mode)
.where(self.registeruser_model.registration_hash == registration_hash)
.limit(1)
)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This exposes a problem that might not be entirely in scope of the PR. If there is a hash cache, this lookup may return a wrong user and cause a security vulnarability. We should really either add a unique constraint to registration_hash, or use one_or_none here instead; both would remove the need to add a limit.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should I keep this changes or better revert it back?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keep it. We’re not sure how to change this code yet and adding this limit would be useful before we figure things out.

@potiuk potiuk merged commit e8ba579 into apache:main Aug 24, 2023
@potiuk potiuk added this to the Airflow 2.7.1 milestone Aug 24, 2023
@ephraimbuddy ephraimbuddy added the type:bug-fix Changelog: Bug Fixes label Aug 28, 2023
ephraimbuddy pushed a commit that referenced this pull request Aug 28, 2023
@Taragolis Taragolis deleted the limit-queries branch August 31, 2023 00:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type:bug-fix Changelog: Bug Fixes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants