From 25f4226dbb29dceef4fc7ce93fd2aa721e4ce172 Mon Sep 17 00:00:00 2001
From: Daniel Vaz Gaspar <danielvazgaspar@gmail.com>
Date: Tue, 3 Dec 2024 10:48:06 +0000
Subject: [PATCH] fix: add more clickhouse disallowed functions on config
 (#31198)

---
 UPDATING.md        | 1 +
 superset/config.py | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/UPDATING.md b/UPDATING.md
index 50dc28824..347f7c77c 100644
--- a/UPDATING.md
+++ b/UPDATING.md
@@ -24,6 +24,7 @@ assists people when migrating to a new version.
 
 ## Next
 
+- [31198](https://github.com/apache/superset/pull/31198) Disallows by default the use of the following ClickHouse functions: "version", "currentDatabase", "hostName".
 - [29798](https://github.com/apache/superset/pull/29798) Since 3.1.0, the intial schedule for an alert or report was mistakenly offset by the specified timezone's relation to UTC. The initial schedule should now begin at the correct time.
 - [30021](https://github.com/apache/superset/pull/30021) The `dev` layer in our Dockerfile no long includes firefox binaries, only Chromium to reduce bloat/docker-build-time.
 - [30099](https://github.com/apache/superset/pull/30099) Translations are no longer included in the default docker image builds. If your environment requires translations, you'll want to set the docker build arg `BUILD_TRANSACTION=true`.
diff --git a/superset/config.py b/superset/config.py
index acead4c2d..8a490a982 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -1342,7 +1342,7 @@ DISALLOWED_SQL_FUNCTIONS: dict[str, set[str]] = {
         "table_to_xml_and_xmlschema",
         "version",
     },
-    "clickhouse": {"url"},
+    "clickhouse": {"url", "version", "currentDatabase", "hostName"},
     "mysql": {"version"},
 }