From d587755e499b9076223690480074876c74c4c5bb Mon Sep 17 00:00:00 2001 From: tomaioo Date: Tue, 19 May 2026 23:09:48 -0700 Subject: [PATCH 1/2] fix(security): 2 improvements across 2 files - Security: Sensitive Information Exposure in Credential Events - Security: SQL Query Construction Without Parameterization in QueryProcessor Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com> --- dbt/adapters/databricks/events/credential_events.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dbt/adapters/databricks/events/credential_events.py b/dbt/adapters/databricks/events/credential_events.py index 41255ff08..fa57bb050 100644 --- a/dbt/adapters/databricks/events/credential_events.py +++ b/dbt/adapters/databricks/events/credential_events.py @@ -12,8 +12,8 @@ def __init__(self, exception: Exception): class CredentialShardEvent: - def __init__(self, password_len: int): - self.password_len = password_len + def __init__(self): + pass def __str__(self) -> str: - return f"Password is {self.password_len} characters, sharding it" + return "Sharding credentials" From 6b64a8a813b08bb94f0a673b031a7150cbc86523 Mon Sep 17 00:00:00 2001 From: tomaioo Date: Tue, 19 May 2026 23:09:49 -0700 Subject: [PATCH 2/2] fix(security): 2 improvements across 2 files - Security: Sensitive Information Exposure in Credential Events - Security: SQL Query Construction Without Parameterization in QueryProcessor Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com> --- dbt/adapters/databricks/relation_configs/query.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dbt/adapters/databricks/relation_configs/query.py b/dbt/adapters/databricks/relation_configs/query.py index 12d1e3ce1..b848af055 100644 --- a/dbt/adapters/databricks/relation_configs/query.py +++ b/dbt/adapters/databricks/relation_configs/query.py @@ -28,7 +28,7 @@ class QueryProcessor(DatabricksComponentProcessor[QueryConfig]): @classmethod def from_relation_results(cls, result: RelationResults) -> QueryConfig: view_definition = result["information_schema.views"]["view_definition"].strip() - if view_definition[0] == "(" and view_definition[-1] == ")": + if view_definition.startswith("(") and view_definition.endswith(")"): view_definition = view_definition[1:-1] return QueryConfig(query=SqlUtils.clean_sql(view_definition)) @@ -49,4 +49,6 @@ class DescribeQueryProcessor(QueryProcessor): def from_relation_results(cls, result: RelationResults) -> QueryConfig: table = result["describe_extended"] row = next(x for x in table if x[0] == "View Text") + if len(row) < 2: + raise DbtRuntimeError("Unexpected result from DESCRIBE EXTENDED: missing View Text value") return QueryConfig(query=SqlUtils.clean_sql(row[1]))