apache
Error 505 when exporting pivoted .csv with specials characters
Bug description
I'm trying to make the "Export to pivoted .CSV" option work for a (relatively) convoluted pivot table and I found some issues. I will create a bug report for each of them.
Description
Throws "Error 505" if a metric's label contains a special character like '%'. This works perfectly fine when doing regular "Export to .CSV"/"Export to original .CSV".
Steps to reproduce:
- Create a "pivot table" graph.
- Select a metric with a special character (i.e. '%') on its label.
- Click on 'Download' -> 'Export to pivoted .CSV'
Screenshots/recordings
No response
Superset version
4.1.1
Python version
3.10
Node version
I don't know
Browser
Firefox
Additional context
Source code:
I'm using version 4.1.1, but I tried updating 'post_processing.py' to match what's in the master branch's 'client_processing.py' since I needed PR #29898 (which doesn't seem to affect this issue).
Feature flags:
"DASHBOARD_RBAC": True,
"ENABLE_TEMPLATE_PROCESSING": True,
"CACHE_QUERY_BY_USER": True,
"CACHE_IMPERSONATION": True
Checklist
- [x] I have searched Superset docs and Slack and didn't find a solution to my problem.
- [x] I have searched the GitHub issue tracker and didn't find a similar bug report.
- [x] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.
Error 505 in the Superset codebase indicates "HTTP version not supported" [1]. This error might not be directly related to the special characters in metric labels but could be a result of how the request is being handled.
Regarding the handling of special characters, Superset uses the escape_value function to escape special characters in CSV exports to prevent CSV injection vulnerabilities. This function specifically addresses characters like %, -, @, +, |, =, and % by escaping them to prevent potential security issues [2].
Since the error occurs only with the "Export to pivoted .CSV" option, it might be worth checking if the exportCSVPivoted function is correctly utilizing the escape_value function or if there are any discrepancies in how special characters are processed in this specific export path. Additionally, ensure that the server and client are using compatible HTTP versions, as this might be causing the 505 error.
To continue talking to Dosu, mention @dosu.
Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Bug Report | Other
![dosubot[bot] avatar](https://avatars.githubusercontent.com/in/324583?v=4 "Published by a pub.dev verified publisher"){kind=small}
The exportCSVPivoted function is located in the superset-frontend directory, specifically within the src folder. You can find it in the file src/components/ExportCSVButton/ExportCSVButton.tsx. This function handles the export logic for pivoted CSVs, so reviewing it might help identify any issues related to special character handling.
To continue talking to Dosu, mention @dosu.
Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Bug Report | Other
@dosu I can't find it. Can you give me the link to the github tree repository page (https://github.com/apache/superset/tree/...)?
I can't provide direct links, but you can navigate to the superset-frontend directory in the repository and look for the ExportCSVButton.tsx file within the src/components/ExportCSVButton folder. This file should contain the exportCSVPivoted function. If you have any trouble finding it, try using the repository's search feature to locate the file by name.
To continue talking to Dosu, mention @dosu.
Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Bug Report | Other
@dosu
There is no ExportCSVButton directory nor file in the current master branch. Maybe the names were changed at some point?
The exportCSVPivoted function is not located in a file named ExportCSVButton.tsx. Instead, it is used as a prop in the ExportToCSVDropdown component, which is found in the superset-frontend/src/explore/components/ExportToCSVDropdown/index.tsx file [1]. If you're unable to find the function, it might have been refactored or moved in recent updates. You can check the ExportToCSVDropdown component for its usage and related logic.
To continue talking to Dosu, mention @dosu.
Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Bug Report | Other
For anyone who read dosubot's comments, I don't have access to the front-end files so I can't try what it recommended on the last one.
I don't have access to the front-end files
Sure you do! You can check out this GitHub repo any time. The file that Dosu mentions is here.
Sorry for not being clear on my last comment, I meant that I can't access the file on my installation of Superset, therefore I can't try to fix it myself. I did read the file but I'm not good enough on python to get the correct code that may fix it without relying on trial and error.
Sorry, this has been silent for a while... are you still facing this bug, or have you found some workaround or a more recent update that resolves it? I'm not sure whether special characters have anything to do with it, so we'll need some form of reproducible steps (perhaps an example chart config) to be able to verify whether we're seeing (or not seeing) the same issue on other deployments.
I'm still on version 4.1.1 and haven't found a way to fix or work around this issue.
After further testing, I found that the 505 error occurs only when certain special characters are used. Specifically, the export fails when the label contains "%", "", or "|". I suspect these characters aren't properly escaped by the code generating the csv.
Other characters I tested such as "/", "'", "#", and "*" did not cause any issues.
Here's a screenshot showing a metric with a "%" symbol on its label: