-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Conversation
One thing would be avoiding SQL injection
is not safe, you want to pass the parameters in the cursor.execute method as it does sanitize input. |
Thanks for the feedback @bcoca . I updated the pull request, but can't really seem to think of a safer way to execute scripts, else then executing every other line in cursor object, if I don't sanitize the inputs myself. |
cursor.execute santizes the input when it does the interpolation. |
True, but I was talking about the following code block. I fixed the other parts properly def db_import(conn, cursor, module, db, target):
+ if os.path.isfile(target):
+ with open(target, 'r') as backup:
+ sqlQuery = "USE %s\n" % db
+ for line in backup:
+ if line.startswith('GO'):
+ cursor.execute(sqlQuery)
+ sqlQuery = "USE %s\n" % db
+ else:
+ sqlQuery = sqlQuery + line
+ cursor.execute(sqlQuery)
+ conn.commit()
+ return 0, "Import Successful", ""
+ else:
+ module.fail_json(msg="cannot find target file") |
i really don't see the issue:
|
Yeah, it is ok I guess. Just thought
part might have been problematic |
Pardon my reading skills @bcoca I didn't notice the difference. Here is your proposed fix |
Adding new process. We will be evaluating all new module PRs according to this process, effective immediately. Thanks for submitting this new module to Ansible Extras! This module is now in community review, a process that is open to all Ansible users. In order for this module to be approved, it must gain the following votes: “works_for_me”: If you have tested the module thoroughly, including testing of all of the module’s options, and if the module works for you, please add “works_for_me” in the comments. “passes_guidelines”: If you have gone through the module guidelines and the module meets all of the requirements, please add “passes_guidelines” in the comments. Guidelines are available here: http://docs.ansible.com/developing_modules.html#module-checklist “needs_revision”: If the module fails to work for you, or if it doesn’t meet guidelines, please add “needs_revision” in the comments with details about what needs to be fixed. When a module has both “works_for_me” and “passes_guidelines” tags, we will promote the module for inclusion in Ansible Extras. At this point, you will be expected to maintain the module by fixing bugs and evaluating pull requests in a timely manner. Thanks again for submitting your Ansible module! |
@dario-hd reviewing and testing this module and providing feedback is fastest way to get it merged, right now extras modules depend more on the community than on the core team for acceptance. |
pulled your pull request and exteded it / fixed some stuff: #1690
|
Thanks @vedit for this PR. This PR requires revisions, either because it fails to build or by reviewer request. Please make the suggested revisions. When you are done, please comment with text 'ready_for_review' and we will put this PR back into review. [This message brought to you by your friendly Ansibull-bot.] |
Closing in favor of #1690 |
Can create, delete databases and execute sql scripts. Currently neglected dump, but can add it.
This is basically the mssql equivalent of mysql_db module. I tried to keep all the usage of the module the same.
Waiting for questions and feedbacks