SQL validator

2019-03-11 14:41:55 +01:00 · 2019-03-11 14:41:55 +01:00 · 6aafe55ecb
commit 6aafe55ecb
parent aa0c9b401e
5 changed files with 92 additions and 43 deletions
--- a/api/v1/getFile.py
+++ b/api/v1/getFile.py
@ -4,30 +4,36 @@ import json
 import tornado.gen
 import tornado.web

+from helpers import validatorHelper
 from web import asyncTornado
 from constants import argumentTypes

 from objects import glob

-ARGS = {
-	("file_hash", "file_version", "timestamp"): argumentTypes.one_required
-}
-
-SQL_STRUCT = {
-	"main": "SELECT * FROM updates WHERE %s LIMIT 1",
-	"file_hash": "%s = '%s'",
-	"file_version": "%s = %s",
-	"timestamp": "timestamp <= '%s' ORDER BY timestamp DESC"
-}
-
 class handler(asyncTornado.asyncRequestHandler):
+	ARGS = {
+		("file_hash", "file_version", "timestamp"): argumentTypes.one_required
+	}
+
+	ARGS_VALIDATION = {
+		validatorHelper.HEX: ["file_hash"],
+		validatorHelper.INT: ["file_version", "timestamp"]
+	}
+
+	SQL_STRUCT = {
+		"main": "SELECT * FROM updates WHERE %s LIMIT 1",
+		"file_hash": "%s = '%s'",
+		"file_version": "%s = %s",
+		"timestamp": "timestamp <= '%s' ORDER BY timestamp DESC"
+	}
+
 	@tornado.web.asynchronous
 	@tornado.gen.engine
 	def asyncGet(self):
 		status_code = 400
 		data = {}
 		try:
-			args_filter = asyncTornado.check_arguments(self.request.arguments, ARGS)
+			args_filter = asyncTornado.check_arguments(self)
 			if not args_filter:
 				raise Exception("Missing required arguments")

@ -37,7 +43,7 @@ class handler(asyncTornado.asyncRequestHandler):
 			conn = glob.new_sql()
 			cur = conn.cursor()

-			sql = SQL_STRUCT["main"] % SQL_STRUCT[method]
+			sql = self.SQL_STRUCT["main"] % self.SQL_STRUCT[method]
 			if method == "timestamp":
 				sql = sql % method_value
 			else:
--- a/api/v1/getList.py
+++ b/api/v1/getList.py
@ -4,36 +4,40 @@ import json
 import tornado.gen
 import tornado.web

+from helpers import validatorHelper
 from web import asyncTornado
 from constants import argumentTypes

 from objects import glob

-ARGS = {
-	("file_hash", "file_version", "timestamp"): argumentTypes.one_required
-}
-
-SQL_STRUCT = {
-	"main": "SELECT %s FROM updates WHERE filename = 'osu!.exe' ORDER BY file_version"
-}
-
 class handler(asyncTornado.asyncRequestHandler):
+	ARGS = {
+		("file_hash", "file_version", "timestamp"): argumentTypes.one_required
+	}
+
+	ARGS_VALIDATION = {
+		validatorHelper.HEX: ["file_hash"],
+		validatorHelper.INT: ["file_version", "timestamp"]
+	}
+
+	SQL_STRUCT = {
+		"main": "SELECT %s FROM updates WHERE filename = 'osu!.exe' ORDER BY file_version"
+	}
+
 	@tornado.web.asynchronous
 	@tornado.gen.engine
 	def asyncGet(self):
 		status_code = 400
 		data = {}
 		try:
-			args_filter = asyncTornado.check_arguments(self.request.arguments, ARGS)
+			args_filter = asyncTornado.check_arguments(self)
 			if not args_filter:
 				raise Exception("Missing required arguments")

 			conn = glob.new_sql()
 			cur = conn.cursor()

-			sql = SQL_STRUCT["main"]
-
-			cur.execute(sql % ",".join(args_filter))
+			cur.execute(self.SQL_STRUCT["main"] % ",".join(args_filter))
 			data = cur.fetchall()

 			cur.close()
--- a/api/v1/getUpdate.py
+++ b/api/v1/getUpdate.py
@ -1,32 +1,39 @@
+import traceback
 import json

 import tornado.gen
 import tornado.web

+from helpers import validatorHelper
 from web import asyncTornado
 from constants import argumentTypes

 from objects import glob

-ARGS = {
-	("file_hash", "file_version", "timestamp"): argumentTypes.one_required
-}
-
-SQL_STRUCT = {
-	"main": "SELECT max(search.file_version) as file_version, search.* FROM updates search %s GROUP BY filename;",
-    "file_hash": "WHERE %s <= %s",
-	"file_version": "WHERE %s <= %s",
-    "timestamp": "INNER JOIN ( SELECT file_version, file_version FROM updates WHERE %s = '%s' ) find ON search.file_version <= find.file_version"
-}
-
 class handler(asyncTornado.asyncRequestHandler):
+	ARGS = {
+		("file_hash", "file_version", "timestamp"): argumentTypes.one_required
+	}
+	
+	ARGS_VALIDATION = {
+		validatorHelper.HEX: ["file_hash"],
+		validatorHelper.INT: ["file_version", "timestamp"]
+	}
+
+	SQL_STRUCT = {
+		"main": "SELECT max(search.file_version) as file_version, search.* FROM updates search %s GROUP BY filename;",
+		"file_hash": "WHERE %s <= %s",
+		"file_version": "WHERE %s <= %s",
+		"timestamp": "INNER JOIN ( SELECT file_version, file_version FROM updates WHERE %s = '%s' ) find ON search.file_version <= find.file_version"
+	}
+
 	@tornado.web.asynchronous
 	@tornado.gen.engine
 	def asyncGet(self):
 		status_code = 400
 		data = {}
 		try:
-			args_filter = asyncTornado.check_arguments(self.request.arguments, ARGS)
+			args_filter = asyncTornado.check_arguments(self)
 			if not args_filter:
 				raise Exception("Missing required arguments")

@ -36,7 +43,7 @@ class handler(asyncTornado.asyncRequestHandler):
 			conn = glob.new_sql()
 			cur = conn.cursor()

-			sql = SQL_STRUCT["main"] % SQL_STRUCT[method]
+			sql = self.SQL_STRUCT["main"] % self.SQL_STRUCT[method]

 			cur.execute(sql % (method, method_value))
 			data = cur.fetchall()
@ -50,6 +57,7 @@ class handler(asyncTornado.asyncRequestHandler):
 			data["status"] = status_code
 			data["message"] = str(e)
 			print("Err: %s" % e)
+			traceback.print_exc()
 		finally:
 			self.write( json.dumps(data) )
 			self.set_header("Content-Type", "application/json")
--- a/helpers/validatorHelper.py
+++ b/helpers/validatorHelper.py
@ -0,0 +1,13 @@
+import string
+
+def HEX(data):
+	return len( [x for x in data if x in string.hexdigits] ) == len(data)
+
+def INT(data):
+	return str.isnumeric(data)
+
+def DEC(data):
+	return str.isdecimal(data)
+
+def STR(data):
+	return str.isalpha
--- a/web/asyncTornado.py
+++ b/web/asyncTornado.py
@ -68,16 +68,34 @@ def runBackground(data, callback):
 		IOLoop.instance().add_callback(lambda: callback(result))
 	glob.pool.apply_async(func, args, kwargs, _callback)

-def check_arguments(arguments, arguments_filter):
+def check_arguments(tornado_inst):
+	arguments = tornado_inst.request.arguments
+	arguments_filter = tornado_inst.ARGS
+	arguments_validator = tornado_inst.ARGS_VALIDATION
+
+	args = None
+
 	for k, v in arguments_filter.items():
 		if v == argumentTypes.optional:
-			return arg_filter_and(arguments, k)
+			args = arg_filter_and(arguments, k)
 		elif v == argumentTypes.required:
-			return arg_filter_require_all(arguments, k)
+			args = arg_filter_require_all(arguments, k)
 		elif v == argumentTypes.one_required:
-			return arg_filter_first(arguments, k, False)
+			args = arg_filter_first(arguments, k, False)
 		elif v == argumentTypes.only_one:
-			return arg_filter_only_one(arguments, k)
+			args = arg_filter_only_one(arguments, k)
+	
+	if args:
+		for k, v in arguments_validator.items():
+			for i in range( len(v) ):
+				if v[i] in args:
+					if not k( tornado_inst.get_argument(v[i]) ):
+						raise Exception("%s is not type of %s" % (v[i], k.__name__ ))
+
+	#for arg in args:
+	#	if tornado_inst.get_argument(arg) is not 
+
+	return args

 def arg_filter_and(arguments, filter, can_false = False):
 	arg_filter = []