SQL validator

This commit is contained in:
Emily 2019-03-11 14:41:55 +01:00
parent aa0c9b401e
commit 6aafe55ecb
5 changed files with 92 additions and 43 deletions

View File

@ -4,30 +4,36 @@ import json
import tornado.gen
import tornado.web
from helpers import validatorHelper
from web import asyncTornado
from constants import argumentTypes
from objects import glob
ARGS = {
("file_hash", "file_version", "timestamp"): argumentTypes.one_required
}
SQL_STRUCT = {
"main": "SELECT * FROM updates WHERE %s LIMIT 1",
"file_hash": "%s = '%s'",
"file_version": "%s = %s",
"timestamp": "timestamp <= '%s' ORDER BY timestamp DESC"
}
class handler(asyncTornado.asyncRequestHandler):
ARGS = {
("file_hash", "file_version", "timestamp"): argumentTypes.one_required
}
ARGS_VALIDATION = {
validatorHelper.HEX: ["file_hash"],
validatorHelper.INT: ["file_version", "timestamp"]
}
SQL_STRUCT = {
"main": "SELECT * FROM updates WHERE %s LIMIT 1",
"file_hash": "%s = '%s'",
"file_version": "%s = %s",
"timestamp": "timestamp <= '%s' ORDER BY timestamp DESC"
}
@tornado.web.asynchronous
@tornado.gen.engine
def asyncGet(self):
status_code = 400
data = {}
try:
args_filter = asyncTornado.check_arguments(self.request.arguments, ARGS)
args_filter = asyncTornado.check_arguments(self)
if not args_filter:
raise Exception("Missing required arguments")
@ -37,7 +43,7 @@ class handler(asyncTornado.asyncRequestHandler):
conn = glob.new_sql()
cur = conn.cursor()
sql = SQL_STRUCT["main"] % SQL_STRUCT[method]
sql = self.SQL_STRUCT["main"] % self.SQL_STRUCT[method]
if method == "timestamp":
sql = sql % method_value
else:

View File

@ -4,36 +4,40 @@ import json
import tornado.gen
import tornado.web
from helpers import validatorHelper
from web import asyncTornado
from constants import argumentTypes
from objects import glob
ARGS = {
("file_hash", "file_version", "timestamp"): argumentTypes.one_required
}
SQL_STRUCT = {
"main": "SELECT %s FROM updates WHERE filename = 'osu!.exe' ORDER BY file_version"
}
class handler(asyncTornado.asyncRequestHandler):
ARGS = {
("file_hash", "file_version", "timestamp"): argumentTypes.one_required
}
ARGS_VALIDATION = {
validatorHelper.HEX: ["file_hash"],
validatorHelper.INT: ["file_version", "timestamp"]
}
SQL_STRUCT = {
"main": "SELECT %s FROM updates WHERE filename = 'osu!.exe' ORDER BY file_version"
}
@tornado.web.asynchronous
@tornado.gen.engine
def asyncGet(self):
status_code = 400
data = {}
try:
args_filter = asyncTornado.check_arguments(self.request.arguments, ARGS)
args_filter = asyncTornado.check_arguments(self)
if not args_filter:
raise Exception("Missing required arguments")
conn = glob.new_sql()
cur = conn.cursor()
sql = SQL_STRUCT["main"]
cur.execute(sql % ",".join(args_filter))
cur.execute(self.SQL_STRUCT["main"] % ",".join(args_filter))
data = cur.fetchall()
cur.close()

View File

@ -1,32 +1,39 @@
import traceback
import json
import tornado.gen
import tornado.web
from helpers import validatorHelper
from web import asyncTornado
from constants import argumentTypes
from objects import glob
ARGS = {
("file_hash", "file_version", "timestamp"): argumentTypes.one_required
}
SQL_STRUCT = {
"main": "SELECT max(search.file_version) as file_version, search.* FROM updates search %s GROUP BY filename;",
"file_hash": "WHERE %s <= %s",
"file_version": "WHERE %s <= %s",
"timestamp": "INNER JOIN ( SELECT file_version, file_version FROM updates WHERE %s = '%s' ) find ON search.file_version <= find.file_version"
}
class handler(asyncTornado.asyncRequestHandler):
ARGS = {
("file_hash", "file_version", "timestamp"): argumentTypes.one_required
}
ARGS_VALIDATION = {
validatorHelper.HEX: ["file_hash"],
validatorHelper.INT: ["file_version", "timestamp"]
}
SQL_STRUCT = {
"main": "SELECT max(search.file_version) as file_version, search.* FROM updates search %s GROUP BY filename;",
"file_hash": "WHERE %s <= %s",
"file_version": "WHERE %s <= %s",
"timestamp": "INNER JOIN ( SELECT file_version, file_version FROM updates WHERE %s = '%s' ) find ON search.file_version <= find.file_version"
}
@tornado.web.asynchronous
@tornado.gen.engine
def asyncGet(self):
status_code = 400
data = {}
try:
args_filter = asyncTornado.check_arguments(self.request.arguments, ARGS)
args_filter = asyncTornado.check_arguments(self)
if not args_filter:
raise Exception("Missing required arguments")
@ -36,7 +43,7 @@ class handler(asyncTornado.asyncRequestHandler):
conn = glob.new_sql()
cur = conn.cursor()
sql = SQL_STRUCT["main"] % SQL_STRUCT[method]
sql = self.SQL_STRUCT["main"] % self.SQL_STRUCT[method]
cur.execute(sql % (method, method_value))
data = cur.fetchall()
@ -50,6 +57,7 @@ class handler(asyncTornado.asyncRequestHandler):
data["status"] = status_code
data["message"] = str(e)
print("Err: %s" % e)
traceback.print_exc()
finally:
self.write( json.dumps(data) )
self.set_header("Content-Type", "application/json")

View File

@ -0,0 +1,13 @@
import string
def HEX(data):
return len( [x for x in data if x in string.hexdigits] ) == len(data)
def INT(data):
return str.isnumeric(data)
def DEC(data):
return str.isdecimal(data)
def STR(data):
return str.isalpha

View File

@ -68,16 +68,34 @@ def runBackground(data, callback):
IOLoop.instance().add_callback(lambda: callback(result))
glob.pool.apply_async(func, args, kwargs, _callback)
def check_arguments(arguments, arguments_filter):
def check_arguments(tornado_inst):
arguments = tornado_inst.request.arguments
arguments_filter = tornado_inst.ARGS
arguments_validator = tornado_inst.ARGS_VALIDATION
args = None
for k, v in arguments_filter.items():
if v == argumentTypes.optional:
return arg_filter_and(arguments, k)
args = arg_filter_and(arguments, k)
elif v == argumentTypes.required:
return arg_filter_require_all(arguments, k)
args = arg_filter_require_all(arguments, k)
elif v == argumentTypes.one_required:
return arg_filter_first(arguments, k, False)
args = arg_filter_first(arguments, k, False)
elif v == argumentTypes.only_one:
return arg_filter_only_one(arguments, k)
args = arg_filter_only_one(arguments, k)
if args:
for k, v in arguments_validator.items():
for i in range( len(v) ):
if v[i] in args:
if not k( tornado_inst.get_argument(v[i]) ):
raise Exception("%s is not type of %s" % (v[i], k.__name__ ))
#for arg in args:
# if tornado_inst.get_argument(arg) is not
return args
def arg_filter_and(arguments, filter, can_false = False):
arg_filter = []