コード例 #1
0
ファイル: OssimDB.py プロジェクト: jpalanco/alienvault-ossim
 def format_query(query, params):
     """Formats the parametrized query in the same fashion as MySQLdb.cursor.execute(query, params) does. It is used
        for explicit parameters conversion/escaping to avoid SQL injection. Although MySQLdb.cursor.execute() does
        the same automatically, it is not possible to get the query out of there before execution, i.e. for logging
        purposes. The solution is to format the query before execute() and then simply pass it and use in logs or
        wherever.
     """
     if isinstance(params, dict):
         return query % dict((key, escape(param, conversions)) for key, param in params.iteritems())
     else:
         return query % tuple((escape(param, conversions) for param in params))
コード例 #2
0
 def format_query(query, params):
     """Formats the parametrized query in the same fashion as MySQLdb.cursor.execute(query, params) does. It is used
        for explicit parameters conversion/escaping to avoid SQL injection. Although MySQLdb.cursor.execute() does
        the same automatically, it is not possible to get the query out of there before execution, i.e. for logging
        purposes. The solution is to format the query before execute() and then simply pass it and use in logs or
        wherever.
     """
     if isinstance(params, dict):
         return query % dict((key, escape(param, conversions))
                             for key, param in params.iteritems())
     else:
         return query % tuple(
             (escape(param, conversions) for param in params))
コード例 #3
0
    def row_dicts_to_insert_query(klass, row_dicts):
        """Not the same as mysql_api.insert_row_dicts, because that uses
        MySQLdb to a bunch of the escaping and interpolation."""

        # Turn each row dictionary into an ordered dictionary
        ordered_rows = [
            OrderedDict(sorted(d.items(), key=lambda t: t[0]))
            for d in row_dicts
        ]

        return "INSERT INTO `{table}` (`{fields}`) VALUES {rows}".format(
            table=klass.table,
            # Quote each field name in backticks.
            fields='`, `'.join(ordered_rows[0].keys()),
            # Comma-separated list of sets of row values.
            rows=','.join([
                # Paren-wrapped comma-separated list of row values, each
                # property quoted if necessary.
                '({})'.format(', '.join(
                    [escape(v, conversions) for v in r.values()]))
                for r in ordered_rows
            ]))
コード例 #4
0
def _escape(param):
    if isinstance(param, (list, tuple)):
        return ','.join(_mysql.escape(p, CONVERSIONS) for p in param)
    else:
        return _mysql.escape(param, CONVERSIONS)
コード例 #5
0
def _escape(param):
    if isinstance(param, (list, tuple)):
        param = [_escape_unicode(p) for p in param]
        return ','.join(_mysql.escape_sequence(param, CONVERSIONS))
    else:
        return _mysql.escape(_escape_unicode(param), CONVERSIONS)
コード例 #6
0
ファイル: coromysql.py プロジェクト: rtyler/gogreen
	def escape(self, o, converter):
		return origmysqlc.escape(o, self.converter)
コード例 #7
0
 def escape(self, o, converter):
     return origmysqlc.escape(o, self.converter)
コード例 #8
0
ファイル: dom.py プロジェクト: makkus/infosystems
    if  site.nodeType != 3:
        try:
            uniqueID = site.attributes['UniqueID'].value
        except KeyError:
            uniqueID ="not-so-unique"
        name = getFirst(site,"Name")
        userSupport = getFirst(site,'UserSupportContact')
        sysAdmin = getFirst(site,'SysAdminContact')
        security = getFirst(site,'SecurityContact')
        description = getFirst(site,'Description')
        location = getFirst(site,'Location')
        latitude = float(getFirstN(site,'Latitude'))
        longitude = float(getFirstN(site,'Longitude'))
        web =  getFirst(site,'Web')
        sponsor =  getFirst(site,'Sponsor')
        site_query = 'SELECT * FROM Sites WHERE uniqueID= "%s"' % escape(uniqueID)
        cursor.execute(site_query)
        r = cursor.fetchone()
        if (r == None):
            print "inserting site definition now..."
            site_tuple = (escape(uniqueID), escape(name),escape(description),
                          escape(userSupport), escape(sysAdmin), escape(security), escape(location),
                          latitude,longitude,escape(web),escape(sponsor))
            site_insert = 'INSERT INTO Sites VALUES(NULL,"%s","%s","%s","%s","%s","%s","%s",%f,%f,"%s","%s")' % site_tuple
            cursor.execute(site_insert)
            site_id =  cursor.lastrowid
        else:
            site_id = r[0]

        storageElements  = site.getElementsByTagName('StorageElement')
コード例 #9
0
 def format_query(query, params):
     if isinstance(params, dict):
         return query % dict((key, escape(param, conversions)) for key, param in params.iteritems())
     else:
         return query % tuple((escape(param, conversions) for param in params))
コード例 #10
0
ファイル: database.py プロジェクト: aashanand/memsql-python
def _escape(param):
    if isinstance(param, (list, tuple)):
        param = [_escape_unicode(p) for p in param]
        return ','.join(_mysql.escape_sequence(param, CONVERSIONS))
    else:
        return _mysql.escape(_escape_unicode(param), CONVERSIONS)
コード例 #11
0
    if site.nodeType != 3:
        try:
            uniqueID = site.attributes['UniqueID'].value
        except KeyError:
            uniqueID = "not-so-unique"
        name = getFirst(site, "Name")
        userSupport = getFirst(site, 'UserSupportContact')
        sysAdmin = getFirst(site, 'SysAdminContact')
        security = getFirst(site, 'SecurityContact')
        description = getFirst(site, 'Description')
        location = getFirst(site, 'Location')
        latitude = float(getFirstN(site, 'Latitude'))
        longitude = float(getFirstN(site, 'Longitude'))
        web = getFirst(site, 'Web')
        sponsor = getFirst(site, 'Sponsor')
        site_query = 'SELECT * FROM Sites WHERE uniqueID= "%s"' % escape(
            uniqueID)
        cursor.execute(site_query)
        r = cursor.fetchone()
        if (r == None):
            print "inserting site definition now..."
            site_tuple = (escape(uniqueID), escape(name), escape(description),
                          escape(userSupport), escape(sysAdmin),
                          escape(security), escape(location), latitude,
                          longitude, escape(web), escape(sponsor))
            site_insert = 'INSERT INTO Sites VALUES(NULL,"%s","%s","%s","%s","%s","%s","%s",%f,%f,"%s","%s")' % site_tuple
            cursor.execute(site_insert)
            site_id = cursor.lastrowid
        else:
            site_id = r[0]

        storageElements = site.getElementsByTagName('StorageElement')