def test_is_single_statement(self): singles = ['SELECT * FROM footable', 'SELECT * FROM "bartable"', 'SELECT * FROM "bartable";', "select 'foo'||chr(59)||'bar'"] for single in singles: assert db.is_single_statement(single) is True multiples = ['SELECT * FROM abc; SET LOCAL statement_timeout to' 'SET LOCAL statement_timeout to; SELECT * FROM abc', 'SELECT * FROM "foo"; SELECT * FROM "abc"'] for multiple in multiples: assert db.is_single_statement(multiple) is False
def datastore_search_sql(context, data_dict): '''Execute SQL-Queries on the datastore. :param sql: a single sql select statement :returns: a dictionary containing the search results. keys: fields: columns for results records: results from the query :rtype: dictionary ''' sql = _get_or_bust(data_dict, 'sql') if not db.is_single_statement(sql): raise p.toolkit.ValidationError({ 'query': ['Query is not a single statement or contains semicolons.'], 'hint': [('If you want to use semicolons, use character encoding' '(; equals chr(59)) and string concatenation (||). ')] }) p.toolkit.check_access('datastore_search', context, data_dict) data_dict['connection_url'] = pylons.config['ckan.datastore_read_url'] result = db.search_sql(context, data_dict) result.pop('id', None) result.pop('connection_url') return result
def test_is_single_statement(self): singles = [ 'SELECT * FROM footable', 'SELECT * FROM "bartable"', 'SELECT * FROM "bartable";', "select 'foo'||chr(59)||'bar'" ] for single in singles: assert db.is_single_statement(single) is True multiples = [ 'SELECT * FROM abc; SET LOCAL statement_timeout to' 'SET LOCAL statement_timeout to; SELECT * FROM abc', 'SELECT * FROM "foo"; SELECT * FROM "abc"' ] for multiple in multiples: assert db.is_single_statement(multiple) is False