def put_pdf_files_in(conn): print "------------------------" print "-- Putting pdf files in " print "------------------------" # INPUT: file and its name # data in columns: name of a file AND file f = get_pdf_files(conn) conn.execute( "INSERT INTO files (file, file_name) VALUES (E'%s', '%s')" % (pg.escape_bytea( f.read() ), pg.escape_string( f.name )) )
def store_resultSet(self, session, rset): self._openContainer(session) now = time.time() nowStr = time.strftime("%Y-%m-%d %H:%M:%S", time.gmtime(now)) if rset.expires: expires = now + rset.expires else: expires = now + self.get_default(session, "expires", 600) rset.timeExpires = expires expiresStr = time.strftime("%Y-%m-%d %H:%M:%S", time.gmtime(expires)) id = rset.id if self.idNormalizer is not None: id = self.idNormalizer.process_string(session, id) # Serialise and store srlz = rset.serialize(session) cl = str(rset.__class__) data = srlz.replace("\x00", "\\\\000") try: ndata = pg.escape_bytea(data) except: # insufficient PyGreSQL version - do the best we can ndata = data.replace("'", "\\'") query = ( "INSERT INTO %s (identifier, data, size, class, timeCreated, timeAccessed, expires) VALUES ('%s', E'%s', %s, '%s', '%s', '%s', '%s')" % (self.table, id, ndata, len(rset), cl, nowStr, nowStr, expiresStr) ) try: self._query(query) except pg.ProgrammingError as e: # already exists, retry for overwrite, create if self.get_setting(session, "overwriteOkay", 0): query = ( "UPDATE %s SET data = E'%s', size = %s, class = '%s', timeAccessed = '%s', expires = '%s' WHERE identifier = '%s';" % (self.table, ndata, len(rset), cl, nowStr, expiresStr, id) ) self._query(query) elif hasattr(rset, "retryOnFail"): # generate new id, re-store id = self.generate_id(session) if self.idNormalizer is not None: id = self.idNormalizer.process_string(session, id) query = ( "INSERT INTO %s (identifier, data, size, class, timeCreated, timeAccessed, expires) VALUES ('%s', E'%s', %s, '%s', '%s', '%s', '%s')" % (self.table, id, ndata, len(rset), cl, nowStr, nowStr, expiresStr) ) self._query(query) else: raise ObjectAlreadyExistsException(self.id + "/" + id) return rset
def store_resultSet(self, session, rset): self._openContainer(session) now = time.time() nowStr = time.strftime("%Y-%m-%d %H:%M:%S", time.gmtime(now)) if (rset.expires): expires = now + rset.expires else: expires = now + self.get_default(session, 'expires', 600) rset.timeExpires = expires expiresStr = time.strftime("%Y-%m-%d %H:%M:%S", time.gmtime(expires)) id = rset.id if (self.idNormalizer != None): id = self.idNormalizer.process_string(session, id) # Serialise and store srlz = rset.serialize(session) cl = str(rset.__class__) data = srlz.replace('\x00', '\\\\000') try: ndata = pg.escape_bytea(data) except: # insufficient PyGreSQL version - do the best we can ndata = data.replace("'", "\\'") query = "INSERT INTO %s (identifier, data, size, class, timeCreated, timeAccessed, expires) VALUES ('%s', E'%s', %s, '%s', '%s', '%s', '%s')" % ( self.table, id, ndata, len(rset), cl, nowStr, nowStr, expiresStr) try: self._query(query) except pg.ProgrammingError as e: # already exists, retry for overwrite, create if self.get_setting(session, 'overwriteOkay', 0): query = "UPDATE %s SET data = E'%s', size = %s, class = '%s', timeAccessed = '%s', expires = '%s' WHERE identifier = '%s';" % ( self.table, ndata, len(rset), cl, nowStr, expiresStr, id) self._query(query) elif hasattr(rset, 'retryOnFail'): # generate new id, re-store id = self.generate_id(session) if (self.idNormalizer != None): id = self.idNormalizer.process_string(session, id) query = "INSERT INTO %s (identifier, data, size, class, timeCreated, timeAccessed, expires) VALUES ('%s', E'%s', %s, '%s', '%s', '%s', '%s')" % ( self.table, id, ndata, len(rset), cl, nowStr, nowStr, expiresStr) try: self._query(query) except pg.ProgrammingError: raise ValueError(ndata) else: raise ObjectAlreadyExistsException(self.id + '/' + id) return rset
def test_pygresql_escape_bytea(self): '''Test pygresql (escape bytea)''' if self.lsb_release['Release'] == 6.06: return self._skipped("functions don't exist in Dapper") self.user = testlib.TestUser() self.testuser = self.user.login self.testdb = "pygresql_db" self._create_user(self.testuser, self.user.password) self._create_db(self.testdb, self.testuser) import pg self.pgcnx = pg.connect(dbname=self.testdb, host='127.0.0.1', user=self.testuser, passwd=self.user.password) binary = file('/bin/ls', 'rb').read() escaped = pg.escape_bytea(binary) search = "Usage: " warning = 'Could not find "%s"\n' % search self.assertTrue(search in escaped, warning) search = "\\\\000" warning = 'Could not find "%s"\n' % search self.assertTrue(search in escaped, warning) # The following extra tests don't work on Oneiric+ if self.lsb_release['Release'] >= 11.10: return # fix for CVE-2009-2940 added this try: escaped = self.pgcnx.escape_bytea(binary) except AttributeError: warning = 'CVE-2009-2940: Could not find required pyobj.escape_bytea()' self.assertTrue(False, warning) search = "Usage: " warning = 'Could not find "%s"\n' % search self.assertTrue(search in escaped, warning) search = "\\\\000" warning = 'Could not find "%s"\n' % search self.assertTrue(search in escaped, warning)
def store_data(self, session, id, data, metadata={}): self._openContainer(session) id = str(id) now = time.strftime("%Y-%m-%d %H:%M:%S") if (self.idNormalizer != None): id = self.idNormalizer.process_string(session, id) data = data.replace(nonTextToken, '\\\\000\\\\001') query = "INSERT INTO %s (identifier, timeCreated) VALUES ('%s', '%s');" % ( self.table, id, now) try: self._query(query) except: # already exists pass try: ndata = pg.escape_bytea(data) except: # insufficient PyGreSQL version ndata = data.replace("'", "\\'") if metadata: extra = [] for (n, v) in metadata.iteritems(): if type(v) in (int, long): extra.append('%s = %s' % (n, v)) else: extra.append("%s = '%s'" % (n, v)) extraq = ', '.join(extra) query = "UPDATE %s SET data = E'%s', %s, timeModified = '%s' WHERE identifier = '%s';" % ( self.table, ndata, extraq, now, id) else: query = "UPDATE %s SET data = E'%s', timeModified = '%s' WHERE identifier = '%s';" % ( self.table, ndata, now, id) try: self._query(query) except pg.ProgrammingError: # Uhhh... print query raise return None
def store_data(self, session, id, data, metadata={}): self._openContainer(session) id = str(id) now = time.strftime("%Y-%m-%d %H:%M:%S") if (self.idNormalizer != None): id = self.idNormalizer.process_string(session, id) data = data.replace(nonTextToken, '\\\\000\\\\001') query = "INSERT INTO %s (identifier, timeCreated) VALUES ('%s', '%s');" % (self.table, id, now) try: self._query(query) except: # already exists pass try: ndata = pg.escape_bytea(data) except: # insufficient PyGreSQL version ndata = data.replace("'", "\\'") if metadata: extra = [] for (n,v) in metadata.iteritems(): if type(v) in (int, long): extra.append('%s = %s' % (n,v)) else: extra.append("%s = '%s'" % (n,v)) extraq = ', '.join(extra) query = "UPDATE %s SET data = E'%s', %s, timeModified = '%s' WHERE identifier = '%s';" % (self.table, ndata, extraq, now, id) else: query = "UPDATE %s SET data = E'%s', timeModified = '%s' WHERE identifier = '%s';" % (self.table, ndata, now, id) try: self._query(query) except pg.ProgrammingError: # Uhhh... print query raise return None
def escape_lab (lab): import pg return pg.escape_bytea (lab.pack ())