Skip to content

fix(mcp): escape LIKE wildcards in find_users to prevent user enumeration#41593

Merged
aminghadersohi merged 3 commits into
apache:masterfrom
aminghadersohi:sc-107357-escape-like-wildcards-find-users
Jul 1, 2026
Merged

fix(mcp): escape LIKE wildcards in find_users to prevent user enumeration#41593
aminghadersohi merged 3 commits into
apache:masterfrom
aminghadersohi:sc-107357-escape-like-wildcards-find-users

Conversation

@aminghadersohi

Copy link
Copy Markdown
Contributor

Summary

  • The find_users MCP tool was building its LIKE pattern directly from raw user input, so query="%" matched every row in the users table — directly contradicting the docstring claim that the tool does not enumerate the full user directory.
  • Escape backslash first (to avoid double-escaping), then %, then _, before wrapping in the surrounding %…% wildcards.
  • Pass escape="\\" to every .ilike() call so the database treats the escape sequences as literals.
  • Add unit tests for query="%", query="_", and a query containing a literal backslash.

Test plan

  • pytest tests/unit_tests/mcp_service/system/tool/test_find_users.py — 16 tests, all pass
  • Verify query="%" produces needle %\%% with escape="\\" (not %%%)
  • Verify query="_" produces needle %\_% with escape="\\" (not %_%)
  • Verify query="\\" produces needle %\\% with escape="\\"

@codecov

codecov Bot commented Jun 30, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 50.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.42%. Comparing base (fd9c84b) to head (7c1edc0).
⚠️ Report is 12 commits behind head on master.

Files with missing lines Patch % Lines
superset/mcp_service/system/tool/find_users.py 50.00% 1 Missing ⚠️
superset/mcp_service/utils/sanitization.py 50.00% 1 Missing ⚠️
Additional details and impacted files
@@           Coverage Diff           @@
##           master   #41593   +/-   ##
=======================================
  Coverage   64.42%   64.42%           
=======================================
  Files        2668     2668           
  Lines      147182   147262   +80     
  Branches    33947    33966   +19     
=======================================
+ Hits        94821    94875   +54     
- Misses      50646    50658   +12     
- Partials     1715     1729   +14     
Flag Coverage Δ
hive 39.07% <50.00%> (-0.03%) ⬇️
mysql 57.67% <50.00%> (+0.01%) ⬆️
postgres 57.73% <50.00%> (+0.01%) ⬆️
presto 40.62% <50.00%> (-0.03%) ⬇️
python 59.14% <50.00%> (+0.01%) ⬆️
sqlite 57.32% <50.00%> (-0.04%) ⬇️
unit 100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

…tion

The find_users tool was building its LIKE pattern from raw user input,
so a query of "%" or "_" matched every row in the users table, directly
contradicting the docstring claim that the tool does not enumerate the
full user directory.

Escape backslash first, then "%" and "_", and pass escape="\\" to
each ilike() call so SQL treats those sequences as literals.

Adds unit tests for query="%", query="_", and query containing a
literal backslash.
@aminghadersohi
aminghadersohi force-pushed the sc-107357-escape-like-wildcards-find-users branch from 5665324 to 659f12d Compare June 30, 2026 22:31
@aminghadersohi
aminghadersohi marked this pull request as ready for review June 30, 2026 23:10
@github-actions

Copy link
Copy Markdown
Contributor

⚠️ Translation Regression Detected

A source change in this PR renamed or reworded strings, invalidating existing translations (they are now #, fuzzy) in fi, th. Please resolve the affected .po files before merging.

Note: intentionally deleting a translatable string is not a regression and is not flagged here — only translations invalidated by a renamed/reworded source string are.

Language Fuzzy before Fuzzy after New
fi 4808 4809 +1
th 4808 4809 +1

How to fix

1. Install dependencies (if not already set up):

pip install -r superset/translations/requirements.txt
sudo apt-get install gettext   # or: brew install gettext

2. Re-extract strings and sync .po files:

./scripts/translations/babel_update.sh

This rewrites superset/translations/messages.pot from the current source files and merges the changes into every .po file. Strings whose msgid changed will be marked #, fuzzy.

3. Resolve the fuzzy entries in the affected language files (fi, th):

grep -n '#, fuzzy' superset/translations/<lang>/LC_MESSAGES/messages.po

For each fuzzy entry, either rewrite the msgstr to match the new string and remove the #, fuzzy line, or clear the msgstr to "" if you cannot provide a translation.

4. Commit your changes to the .po files.

@bito-code-review

bito-code-review Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Code Review Agent Run #7f4904

Actionable Suggestions - 0
Review Details
  • Files reviewed - 2 · Commit Range: 659f12d..659f12d
    • superset/mcp_service/system/tool/find_users.py
    • tests/unit_tests/mcp_service/system/tool/test_find_users.py
  • Files skipped - 0
  • Tools
    • MyPy (Static Code Analysis) - ✔︎ Successful
    • Astral Ruff (Static Code Analysis) - ✔︎ Successful
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

AI Code Review powered by Bito Logo

@rebenitez1802 rebenitez1802 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: Consider extracting the escape logic into a small shared helper (e.g. escape_like(value)) if this LIKE-escaping pattern is likely to recur across MCP tools — keeps the escape-order invariant in one tested place. Otherwise LGTM

Move the LIKE metacharacter escaping logic into a shared
escape_like() utility in mcp_service/utils/sanitization.py
and re-export it from the utils package.

Addresses reviewer NIT: keeps the escape-order invariant
(backslash first, then %, then _) in one tested place rather
than inline in the tool.
@pull-request-size pull-request-size Bot added size/L and removed size/M labels Jul 1, 2026
@aminghadersohi

Copy link
Copy Markdown
Contributor Author

Good call — done. Extracted into escape_like() in superset/mcp_service/utils/sanitization.py, exported from the utils package, and added 6 unit tests for the helper (plain text, %, _, backslash, mixed, empty). find_users.py now calls escape_like(request.query.strip()) on a single line.

Comment thread superset/mcp_service/system/tool/find_users.py Outdated
Comment thread tests/unit_tests/mcp_service/system/tool/test_find_users.py
Comment thread tests/unit_tests/mcp_service/utils/test_sanitization.py
@netlify

netlify Bot commented Jul 1, 2026

Copy link
Copy Markdown

Deploy Preview for superset-docs-preview ready!

Name Link
🔨 Latest commit 0c9aa53
🔍 Latest deploy log https://app.netlify.com/projects/superset-docs-preview/deploys/6a453a25a34dd600085d2983
😎 Deploy Preview https://deploy-preview-41593--superset-docs-preview.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
🤖 Make changes Run an agent on this branch

To edit notification comments on pull requests, go to your Netlify project configuration.

@aminghadersohi
aminghadersohi merged commit 7f4cac6 into apache:master Jul 1, 2026
59 checks passed
@bito-code-review

Copy link
Copy Markdown
Contributor

Bito Automatic Review Skipped – PR Already Merged

Bito scheduled an automatic review for this pull request, but the review was skipped because this PR was merged before the review could be run.
No action is needed if you didn't intend to review it. To get a review, you can type /review in a comment and save it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants