SNOW-3718333: escape backslashes and single quotes in stage/file path SQL generation#4274
Merged
Merged
Conversation
… SQL generation Stage and file paths passed to COPY INTO / PUT / GET were escaped for single quotes but not backslashes, so a path containing a backslash followed by a single quote produced invalid SQL. normalize_path now escapes backslashes before single quotes so the path stays a single string literal. Adds unit tests and integ tests covering Snowpark write.csv and Snowpark-pandas to_csv with quote/backslash paths.
The escaping fix is correct; two newly-added tests encoded assumptions that don't hold in CI: - test_normalize_path_escapes_backslash_and_quote asserted backslashes round-trip for is_local=True, but on Windows local paths have backslashes normalized to '/' before escaping (pre-existing behavior). Mirror that transform in the expected value; the early-termination guarantee is still checked on every platform. - test_writer_csv_stage_path_escapes_special_characters read back a backslash-containing stage path, but a literal backslash is not preserved as a directory separator by stage storage. Assert the writes succeed (valid SQL, path treated as literal data) instead of a read-back round-trip. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Use BACKSLASH/SINGLE_QUOTE constants for the escape replacements and trim the comment. Behavior is unchanged; this only removes the Python escape double-counting that made the original one-liner hard to read. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
sfc-gh-aling
commented
Jul 1, 2026
| # Snowflake string literal; the reverse order would let an escaped quote | ||
| # close the literal early and produce invalid SQL. Constants keep the | ||
| # replacements readable (no Python escape double-counting). | ||
| BACKSLASH = "\\" |
Collaborator
Author
There was a problem hiding this comment.
@sfc-gh-yuwang I'm responding your question in this thread
I have a dumb question here, looking at the old logic, it looks like ' would be written as \' because a single quote ' is replaced with \', which is different from what the comment described?
In Python, \ is the escape char, so \\ is used represent a single \.
I have updated the code to make it clear
sfc-gh-yuwang
approved these changes
Jul 1, 2026
sfc-gh-joshi
approved these changes
Jul 1, 2026
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4274 +/- ##
=======================================
Coverage 95.52% 95.52%
=======================================
Files 171 171
Lines 44358 44360 +2
Branches 7577 7577
=======================================
+ Hits 42375 42377 +2
Misses 1221 1221
Partials 762 762 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
sfc-gh-helmeleegy
approved these changes
Jul 1, 2026
Stage storage does not preserve a literal backslash as a path-separator character, so asserting the round-tripped name endswith "o'clock\dir/..." always fails. Switch part (a) to a plain single-quote path that does round-trip verbatim; keep part (b) asserting only that the write succeeds (valid SQL), not the exact name on LIST. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Stage and file paths passed to
COPY INTO/PUT/GETwere escaped for single quotes but not backslashes, so a path containing a backslash immediately followed by a single quote produced invalid SQL.normalize_pathnow escapes backslashes before single quotes so the path stays a single string literal.Changes
_internal/utils.py: escape\before'innormalize_path.tests/unit/test_internal_utils.py) and integ tests forDataFrame.write.csvand Snowpark-pandasDataFrame.to_csv.