From 21da6203c1b79914d03a670bb83a59c34e5c2444 Mon Sep 17 00:00:00 2001 From: Marco Roda Date: Thu, 22 Feb 2024 15:22:02 +0100 Subject: [PATCH 1/4] Adding proper escape --- ers-protobuf-dbwriter/dbwriter.py | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/ers-protobuf-dbwriter/dbwriter.py b/ers-protobuf-dbwriter/dbwriter.py index 7bb2317..e98fa59 100644 --- a/ers-protobuf-dbwriter/dbwriter.py +++ b/ers-protobuf-dbwriter/dbwriter.py @@ -46,7 +46,8 @@ def cli(subscriber_bootstrap, subscriber_group, subscriber_timeout, user=db_user, password=db_password, dbname=db_name) - except: + except Exception as e: + logging.error(e) logging.fatal('Connection to the database failed, aborting...') exit() @@ -157,33 +158,23 @@ def process_issue( issue, session, cursor ) : # heavy information add_entry("inheritance", '/'.join(issue.inheritance), fields, values) add_entry("message", issue.message, fields, values) - add_entry("params", convert_params(issue.parameters), fields, values) - - - command = "INSERT INTO " + table_name; - command += " (" + ", ".join(fields) + ')' - command += " VALUES " + repr(tuple(values)) + ';' + add_entry("params", issue.parameters, fields, values) + command = f'INSERT INTO {table_name} ({",".join(fields)}) VALUES ({("%s, " * len(values))[:-2]});' logging.debug(command) - cursor.execute(command) + cursor.execute(command, values) -def convert_params( params ) -> str : - s = str(params) - return s.replace("'", '"') - def add_entry(field, value, fields, values): fields.append(field) - values.append(value) + values.append(str(value)) def clean_database(cursor, connection): - command = "DROP TABLE " - command += table_name - command += ";" + command = "DROP TABLE %s " logging.debug(command) - cursor.execute(command) + cursor.execute(command, table_name) connection.commit() def check_tables(cursor, connection) : @@ -197,7 +188,7 @@ def check_tables(cursor, connection) : return tables def create_database(cursor, connection): - command = "CREATE TABLE " + table_name + " (" + command = "CREATE TABLE %s (" command += ''' session TEXT, issue_name TEXT, @@ -220,7 +211,7 @@ def create_database(cursor, connection): ); ''' logging.debug(command) - cursor.execute(command) + cursor.execute(command, table_name) connection.commit() From 17b1e39671340cddde571c3f0e5b1235e7ec6497 Mon Sep 17 00:00:00 2001 From: Marco Roda Date: Thu, 22 Feb 2024 16:06:39 +0100 Subject: [PATCH 2/4] changes discussed with Pierre --- ers-protobuf-dbwriter/dbwriter.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/ers-protobuf-dbwriter/dbwriter.py b/ers-protobuf-dbwriter/dbwriter.py index e98fa59..11a17d8 100644 --- a/ers-protobuf-dbwriter/dbwriter.py +++ b/ers-protobuf-dbwriter/dbwriter.py @@ -52,7 +52,7 @@ def cli(subscriber_bootstrap, subscriber_group, subscriber_timeout, exit() global table_name - table_name = '"' + db_table + '"' + table_name = '\"' + db_table + '\"' cur = con.cursor() @@ -160,7 +160,8 @@ def process_issue( issue, session, cursor ) : add_entry("message", issue.message, fields, values) add_entry("params", issue.parameters, fields, values) - command = f'INSERT INTO {table_name} ({",".join(fields)}) VALUES ({("%s, " * len(values))[:-2]});' + command = f"INSERT INTO {table_name} ({','.join(fields)}) VALUES ({('%s, ' * len(values))[:-2]});" + logging.debug(command) cursor.execute(command, values) @@ -171,10 +172,10 @@ def add_entry(field, value, fields, values): def clean_database(cursor, connection): - command = "DROP TABLE %s " + command = "DROP TABLE {table_name} ;" logging.debug(command) - cursor.execute(command, table_name) + cursor.execute(command) connection.commit() def check_tables(cursor, connection) : @@ -188,7 +189,7 @@ def check_tables(cursor, connection) : return tables def create_database(cursor, connection): - command = "CREATE TABLE %s (" + command = "CREATE TABLE {table_name} (" command += ''' session TEXT, issue_name TEXT, @@ -211,7 +212,7 @@ def create_database(cursor, connection): ); ''' logging.debug(command) - cursor.execute(command, table_name) + cursor.execute(command) connection.commit() From 490819c06266968727af1d11890246140e3caf7e Mon Sep 17 00:00:00 2001 From: Marco Roda Date: Thu, 22 Feb 2024 16:08:34 +0100 Subject: [PATCH 3/4] Cleaner name --- ers-protobuf-dbwriter/dbwriter.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ers-protobuf-dbwriter/dbwriter.py b/ers-protobuf-dbwriter/dbwriter.py index 11a17d8..779dee1 100644 --- a/ers-protobuf-dbwriter/dbwriter.py +++ b/ers-protobuf-dbwriter/dbwriter.py @@ -52,7 +52,7 @@ def cli(subscriber_bootstrap, subscriber_group, subscriber_timeout, exit() global table_name - table_name = '\"' + db_table + '\"' + table_name = '"' + db_table + '"' cur = con.cursor() From 58c202861d8575c854f65382ff7f13bfb111c775 Mon Sep 17 00:00:00 2001 From: Marco Roda Date: Thu, 22 Feb 2024 16:11:36 +0100 Subject: [PATCH 4/4] explicit formatting --- ers-protobuf-dbwriter/dbwriter.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ers-protobuf-dbwriter/dbwriter.py b/ers-protobuf-dbwriter/dbwriter.py index 779dee1..e3cc9b2 100644 --- a/ers-protobuf-dbwriter/dbwriter.py +++ b/ers-protobuf-dbwriter/dbwriter.py @@ -172,7 +172,7 @@ def add_entry(field, value, fields, values): def clean_database(cursor, connection): - command = "DROP TABLE {table_name} ;" + command = f"DROP TABLE {table_name} ;" logging.debug(command) cursor.execute(command) @@ -189,7 +189,7 @@ def check_tables(cursor, connection) : return tables def create_database(cursor, connection): - command = "CREATE TABLE {table_name} (" + command = f"CREATE TABLE {table_name} (" command += ''' session TEXT, issue_name TEXT,