Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make sqlite query more robust #36

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

charmoniumQ
Copy link
Contributor

@charmoniumQ charmoniumQ commented Feb 8, 2024

Sciunit will fail when an argument contains an apostrophe.

For example:

$ sciunit exec sh -c "echo 'hello'"
Traceback (most recent call last):
  File "/nix/store/k708yhw0wpw713hzqxbgz77nciwjl4hr-python3.10-sciunit2-0.4.post82.dev130189670/bin/.sciunit-wrapped", line 9, in <module>
    sys.exit(main())
  File "/nix/store/k3dvzagbrfnddyzdjswxic4qh9byks00-python3-3.10.13-env/lib/python3.10/site-packages/sciunit2/cli.py", line 64, in main
    _main(sys.argv[1:])
  File "/nix/store/k3dvzagbrfnddyzdjswxic4qh9byks00-python3-3.10.13-env/lib/python3.10/site-packages/sciunit2/cli.py", line 101, in _main
    r = cmd.run(args[1:])
  File "/nix/store/k3dvzagbrfnddyzdjswxic4qh9byks00-python3-3.10.13-env/lib/python3.10/site-packages/sciunit2/command/exec_/__init__.py", line 36, in run
    return self.do_commit('cde-package', rev, emgr, repo)
  File "/nix/store/k3dvzagbrfnddyzdjswxic4qh9byks00-python3-3.10.13-env/lib/python3.10/site-packages/sciunit2/command/mixin.py", line 20, in do_commit
    return (repo.location,) + emgr.commit(sz)
  File "/nix/store/k3dvzagbrfnddyzdjswxic4qh9byks00-python3-3.10.13-env/lib/python3.10/site-packages/sciunit2/records.py", line 150, in commit
    raise exc
  File "/nix/store/k3dvzagbrfnddyzdjswxic4qh9byks00-python3-3.10.13-env/lib/python3.10/site-packages/sciunit2/records.py", line 144, in commit
    self.__c.executescript(script)
sqlite3.OperationalError: near "hello": syntax error

The query that sciunit generates looks like this;

insert into revs (data)
values (
    '{"cmd":["sh","-c","echo 'hello'"],"started":"2024-02-08T21:00:16.671802Z","size":229683200}'
);

Since the third line is delimited by apostrophes, and third argument, echo 'hello', contains an apostrophe, it breaks the query.

Instead of this Python sqlite supports using ? as a place-holder for that argument. If we use placeholder, then the statement will be parsed correctly, even if the value of the placeholder has an apostrophe or any other special character.

While this is only strictly necessary for commit, I decided to change the other two (integer valued) queries as well because its better practice to use place-holders.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant