Skip to content

Refactor sqlquerybuilder for security and readability#1

Open
josesanch wants to merge 1 commit into
masterfrom
sqlbuilder-improvements
Open

Refactor sqlquerybuilder for security and readability#1
josesanch wants to merge 1 commit into
masterfrom
sqlbuilder-improvements

Conversation

@josesanch

Copy link
Copy Markdown
Owner

This commit introduces several improvements to the sqlquerybuilder library:

  1. Security:

    • Modified query construction (Q, SQLCompiler) to use parameterized queries (%s placeholders) and separate value lists. This is a critical change to prevent SQL injection vulnerabilities. The SQLCompiler.sql property and related methods now return a tuple of (sql_string, parameters_list).
    • Updated all tests to reflect this new return type and verify correct parameter handling.
  2. Readability & Maintainability:

    • Applied PEP 8 styling throughout sqlquerybuilder/__init__.py for consistent formatting.
    • Added comprehensive docstrings (module, class, method) and inline comments to sqlquerybuilder/__init__.py and sqlquerybuilder/tests.py to clarify functionality.
    • Refactored the Q._process method by breaking down its logic into smaller, private helper methods for different lookup types. This makes the method shorter, easier to understand, and more extensible.

These changes significantly enhance the security, robustness, and maintainability of the library.

This commit introduces several improvements to the sqlquerybuilder library:

1.  **Security:**
    *   Modified query construction (`Q`, `SQLCompiler`) to use parameterized queries (%s placeholders) and separate value lists. This is a critical change to prevent SQL injection vulnerabilities. The `SQLCompiler.sql` property and related methods now return a tuple of (sql_string, parameters_list).
    *   Updated all tests to reflect this new return type and verify correct parameter handling.

2.  **Readability & Maintainability:**
    *   Applied PEP 8 styling throughout `sqlquerybuilder/__init__.py` for consistent formatting.
    *   Added comprehensive docstrings (module, class, method) and inline comments to `sqlquerybuilder/__init__.py` and `sqlquerybuilder/tests.py` to clarify functionality.
    *   Refactored the `Q._process` method by breaking down its logic into smaller, private helper methods for different lookup types. This makes the method shorter, easier to understand, and more extensible.

These changes significantly enhance the security, robustness, and maintainability of the library.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant