Skip to content

Commit

Permalink
allow non select sql q
Browse files Browse the repository at this point in the history
  • Loading branch information
@novoxd
novoxd committed Apr 7, 2021
1 parent 87f7c5f commit ae43411
Showing 1 changed file with 11 additions and 11 deletions.
22 changes: 11 additions & 11 deletions packages/jet_bridge_base/jet_bridge_base/serializers/sql.py
View file
Expand Up @@ -15,11 +15,12 @@ class SqlSerializer(Serializer):
params = SqlParamsSerializers(required=False)

def validate_query(self, value):
forbidden = ['insert', 'update', 'delete', 'grant', 'show']
for i in range(len(forbidden)):
forbidden.append('({}'.format(forbidden[i]))
if any(map(lambda x: ' {} '.format(value.lower()).find(' {} '.format(x)) != -1, forbidden)):
raise ValidationError('forbidden query')
# TODO allow any sql operations, maybe other serializer class for non select?
# forbidden = ['insert', 'update', 'delete', 'grant', 'show']
# for i in range(len(forbidden)):
# forbidden.append('({}'.format(forbidden[i]))
# if any(map(lambda x: ' {} '.format(value.lower()).find(' {} '.format(x)) != -1, forbidden)):
# raise ValidationError('forbidden query')

i = 0
while value.find('%s') != -1:
Expand Down Expand Up @@ -48,12 +49,10 @@ def execute(self, data):
params
)

rows = list(map(lambda x: list(x.itervalues()), result))
if not result.returns_rows:
return {'data': [], 'columns': []}

def map_column(x):
if x == '?column?':
return
return x
rows = result.fetchall()

def map_row_column(x):
if isinstance(x, bytes):
Expand All @@ -67,13 +66,14 @@ def map_row_column(x):
def map_row(x):
return list(map(map_row_column, x))

return {'data': list(map(map_row, rows)), 'columns': list(map(map_column, result.keys()))}
return {'data': list(map(map_row, rows)), 'columns': list(result.keys())}
except SQLAlchemyError as e:
session.rollback()
raise SqlError(e)
except TypeError as e:
raise SqlError(e)
finally:
session.commit()
session.close()


Expand Down

0 comments on commit ae43411

Please sign in to comment.