Superset PostgreSQL Blocklist Gap Allows Dangerous Functions Bypassing SQL Security Controls

A security gap in Apache Superset's PostgreSQL function blocklist exposes databases to potential data exfiltration and side-effect risks. The DISALLOWED_SQL_FUNCTIONS configuration—intended to prevent dangerous SQL operations—lacks coverage for several PostgreSQL functions capable of reading files, executing arbitrary SQL across connections, and converting query results to XML or JSON formats.

The missing functions include query_to_xml, query_to_json, ts_stat, dblink_exec, and pg_read_file. Each poses distinct risks: pg_read_file allows direct server-side file reads, dblink_exec enables execution of SQL commands on external databases without proper authorization checks, while query_to_xml and query_to_json can be leveraged to extract data in formats that bypass standard result-set restrictions. The vulnerability is classified under OWASP A03:2021—Injection (CWE-89), indicating a structural weakness in the application's SQL sanitization layer rather than a user-input parsing flaw.

The gap exists specifically in superset/config.py, where DISALLOWED_SQL_FUNCTIONS is defined, and affects any deployment relying on this blocklist as a primary security control. The reported success criteria call for adding the missing functions, verifying coverage across MySQL and BigQuery engine specifications, and implementing regression tests to confirm legitimate queries remain functional. Organizations using Superset's SQL Lab with PostgreSQL backends should assess whether compensating controls exist and monitor for patches addressing this blocklist deficiency.