SQL validator

This commit is contained in:
Emily 2019-03-11 14:41:55 +01:00
parent aa0c9b401e
commit 6aafe55ecb
5 changed files with 92 additions and 43 deletions

View File

@ -4,30 +4,36 @@ import json
import tornado.gen import tornado.gen
import tornado.web import tornado.web
from helpers import validatorHelper
from web import asyncTornado from web import asyncTornado
from constants import argumentTypes from constants import argumentTypes
from objects import glob from objects import glob
ARGS = { class handler(asyncTornado.asyncRequestHandler):
ARGS = {
("file_hash", "file_version", "timestamp"): argumentTypes.one_required ("file_hash", "file_version", "timestamp"): argumentTypes.one_required
} }
SQL_STRUCT = { ARGS_VALIDATION = {
validatorHelper.HEX: ["file_hash"],
validatorHelper.INT: ["file_version", "timestamp"]
}
SQL_STRUCT = {
"main": "SELECT * FROM updates WHERE %s LIMIT 1", "main": "SELECT * FROM updates WHERE %s LIMIT 1",
"file_hash": "%s = '%s'", "file_hash": "%s = '%s'",
"file_version": "%s = %s", "file_version": "%s = %s",
"timestamp": "timestamp <= '%s' ORDER BY timestamp DESC" "timestamp": "timestamp <= '%s' ORDER BY timestamp DESC"
} }
class handler(asyncTornado.asyncRequestHandler):
@tornado.web.asynchronous @tornado.web.asynchronous
@tornado.gen.engine @tornado.gen.engine
def asyncGet(self): def asyncGet(self):
status_code = 400 status_code = 400
data = {} data = {}
try: try:
args_filter = asyncTornado.check_arguments(self.request.arguments, ARGS) args_filter = asyncTornado.check_arguments(self)
if not args_filter: if not args_filter:
raise Exception("Missing required arguments") raise Exception("Missing required arguments")
@ -37,7 +43,7 @@ class handler(asyncTornado.asyncRequestHandler):
conn = glob.new_sql() conn = glob.new_sql()
cur = conn.cursor() cur = conn.cursor()
sql = SQL_STRUCT["main"] % SQL_STRUCT[method] sql = self.SQL_STRUCT["main"] % self.SQL_STRUCT[method]
if method == "timestamp": if method == "timestamp":
sql = sql % method_value sql = sql % method_value
else: else:

View File

@ -4,36 +4,40 @@ import json
import tornado.gen import tornado.gen
import tornado.web import tornado.web
from helpers import validatorHelper
from web import asyncTornado from web import asyncTornado
from constants import argumentTypes from constants import argumentTypes
from objects import glob from objects import glob
ARGS = {
("file_hash", "file_version", "timestamp"): argumentTypes.one_required
}
SQL_STRUCT = {
"main": "SELECT %s FROM updates WHERE filename = 'osu!.exe' ORDER BY file_version"
}
class handler(asyncTornado.asyncRequestHandler): class handler(asyncTornado.asyncRequestHandler):
ARGS = {
("file_hash", "file_version", "timestamp"): argumentTypes.one_required
}
ARGS_VALIDATION = {
validatorHelper.HEX: ["file_hash"],
validatorHelper.INT: ["file_version", "timestamp"]
}
SQL_STRUCT = {
"main": "SELECT %s FROM updates WHERE filename = 'osu!.exe' ORDER BY file_version"
}
@tornado.web.asynchronous @tornado.web.asynchronous
@tornado.gen.engine @tornado.gen.engine
def asyncGet(self): def asyncGet(self):
status_code = 400 status_code = 400
data = {} data = {}
try: try:
args_filter = asyncTornado.check_arguments(self.request.arguments, ARGS) args_filter = asyncTornado.check_arguments(self)
if not args_filter: if not args_filter:
raise Exception("Missing required arguments") raise Exception("Missing required arguments")
conn = glob.new_sql() conn = glob.new_sql()
cur = conn.cursor() cur = conn.cursor()
sql = SQL_STRUCT["main"] cur.execute(self.SQL_STRUCT["main"] % ",".join(args_filter))
cur.execute(sql % ",".join(args_filter))
data = cur.fetchall() data = cur.fetchall()
cur.close() cur.close()

View File

@ -1,32 +1,39 @@
import traceback
import json import json
import tornado.gen import tornado.gen
import tornado.web import tornado.web
from helpers import validatorHelper
from web import asyncTornado from web import asyncTornado
from constants import argumentTypes from constants import argumentTypes
from objects import glob from objects import glob
ARGS = { class handler(asyncTornado.asyncRequestHandler):
ARGS = {
("file_hash", "file_version", "timestamp"): argumentTypes.one_required ("file_hash", "file_version", "timestamp"): argumentTypes.one_required
} }
SQL_STRUCT = { ARGS_VALIDATION = {
validatorHelper.HEX: ["file_hash"],
validatorHelper.INT: ["file_version", "timestamp"]
}
SQL_STRUCT = {
"main": "SELECT max(search.file_version) as file_version, search.* FROM updates search %s GROUP BY filename;", "main": "SELECT max(search.file_version) as file_version, search.* FROM updates search %s GROUP BY filename;",
"file_hash": "WHERE %s <= %s", "file_hash": "WHERE %s <= %s",
"file_version": "WHERE %s <= %s", "file_version": "WHERE %s <= %s",
"timestamp": "INNER JOIN ( SELECT file_version, file_version FROM updates WHERE %s = '%s' ) find ON search.file_version <= find.file_version" "timestamp": "INNER JOIN ( SELECT file_version, file_version FROM updates WHERE %s = '%s' ) find ON search.file_version <= find.file_version"
} }
class handler(asyncTornado.asyncRequestHandler):
@tornado.web.asynchronous @tornado.web.asynchronous
@tornado.gen.engine @tornado.gen.engine
def asyncGet(self): def asyncGet(self):
status_code = 400 status_code = 400
data = {} data = {}
try: try:
args_filter = asyncTornado.check_arguments(self.request.arguments, ARGS) args_filter = asyncTornado.check_arguments(self)
if not args_filter: if not args_filter:
raise Exception("Missing required arguments") raise Exception("Missing required arguments")
@ -36,7 +43,7 @@ class handler(asyncTornado.asyncRequestHandler):
conn = glob.new_sql() conn = glob.new_sql()
cur = conn.cursor() cur = conn.cursor()
sql = SQL_STRUCT["main"] % SQL_STRUCT[method] sql = self.SQL_STRUCT["main"] % self.SQL_STRUCT[method]
cur.execute(sql % (method, method_value)) cur.execute(sql % (method, method_value))
data = cur.fetchall() data = cur.fetchall()
@ -50,6 +57,7 @@ class handler(asyncTornado.asyncRequestHandler):
data["status"] = status_code data["status"] = status_code
data["message"] = str(e) data["message"] = str(e)
print("Err: %s" % e) print("Err: %s" % e)
traceback.print_exc()
finally: finally:
self.write( json.dumps(data) ) self.write( json.dumps(data) )
self.set_header("Content-Type", "application/json") self.set_header("Content-Type", "application/json")

View File

@ -0,0 +1,13 @@
import string
def HEX(data):
return len( [x for x in data if x in string.hexdigits] ) == len(data)
def INT(data):
return str.isnumeric(data)
def DEC(data):
return str.isdecimal(data)
def STR(data):
return str.isalpha

View File

@ -68,16 +68,34 @@ def runBackground(data, callback):
IOLoop.instance().add_callback(lambda: callback(result)) IOLoop.instance().add_callback(lambda: callback(result))
glob.pool.apply_async(func, args, kwargs, _callback) glob.pool.apply_async(func, args, kwargs, _callback)
def check_arguments(arguments, arguments_filter): def check_arguments(tornado_inst):
arguments = tornado_inst.request.arguments
arguments_filter = tornado_inst.ARGS
arguments_validator = tornado_inst.ARGS_VALIDATION
args = None
for k, v in arguments_filter.items(): for k, v in arguments_filter.items():
if v == argumentTypes.optional: if v == argumentTypes.optional:
return arg_filter_and(arguments, k) args = arg_filter_and(arguments, k)
elif v == argumentTypes.required: elif v == argumentTypes.required:
return arg_filter_require_all(arguments, k) args = arg_filter_require_all(arguments, k)
elif v == argumentTypes.one_required: elif v == argumentTypes.one_required:
return arg_filter_first(arguments, k, False) args = arg_filter_first(arguments, k, False)
elif v == argumentTypes.only_one: elif v == argumentTypes.only_one:
return arg_filter_only_one(arguments, k) args = arg_filter_only_one(arguments, k)
if args:
for k, v in arguments_validator.items():
for i in range( len(v) ):
if v[i] in args:
if not k( tornado_inst.get_argument(v[i]) ):
raise Exception("%s is not type of %s" % (v[i], k.__name__ ))
#for arg in args:
# if tornado_inst.get_argument(arg) is not
return args
def arg_filter_and(arguments, filter, can_false = False): def arg_filter_and(arguments, filter, can_false = False):
arg_filter = [] arg_filter = []