コード例 #1
0
  def getColumnMetadata(self, tableName, columnExpr, dataType):
    """
    Returns the meta data for a given column. See DataSourceConnection.getColumnMetadata
    for more information.

    Raises:
      ValueError: Thrown when columnName is not found in table.
    """
    columns = []
    for col in self._getColumnsInTable(tableName):
      columns += ["{0}.{1}".format(tableName, col[0])]
    validate = getExprValidator(columns)
    validate(columnExpr)

    expr = columnExpr['expr']
    result = {}
    if dataType == 'cat':
      columns = self._query(
        'SELECT distinct({col}) FROM {table} LIMIT 100'.format(
          col   = self._translate(expr)
        , table = tableName)
      )

      def sanitize(v):
        if v is None:
          return "Null"
        return v
      result = { "values" : [sanitize(v[0]) for v in columns if len(v) > 0] }
    else:
      min = exprCallFnc('min', [expr])
      max = exprCallFnc('max', [expr])

      if dataType == 'date':
        q = "SELECT {colMin},{colMax} FROM {table}".format(
              colMin = self._translate(exprCallFnc('unix', [min]))
            , colMax = self._translate(exprCallFnc('unix', [max]))
            , table  = tableName)
      elif dataType == 'num':
        q = "SELECT {colMin},{colMax} FROM {table}".format(
              colMin = self._translate(min)
            , colMax = self._translate(max)
            , table  = tableName)
      columns = self._query(q)
      if len(columns) > 0:
        minValue, maxValue = columns[0]
      else:
        minValue, maxValue = (0, 0)
      result = { "min" : minValue
               , "max" : maxValue }

    return result
コード例 #2
0
ファイル: query.py プロジェクト: rmoorman/builder
    def _validate(self, columns=None):
        """
    Verify that the pending query is valid. This is mainly to protect against SQL
    injection attacks. It is assumed that the table name has already been validated,
    and that some values will be parameterized.

    Args:
      columns: A list of (column_name, data_type) tuples representing the columns
      in this table.

    Returns:
      None

    Exceptions:
      ValueError
    """

        if not columns:
            logger.warn(
                "Warning: column list not provided to query._validate!")
            logger.warn("Input validation will not occur!")
            return

        columns = [x for (x, _) in columns]
        validate = getExprValidator(columns)
        # SELECT
        for obj in self.jsSpec['select']:
            validate(obj)
        # GROUPS
        for obj in self.jsSpec['stats']['groups']:
            validate(obj)
        # FILTERS
        for obj in self.jsSpec['filter']:
            validate(obj['expr'])
        # SORTING
        for obj in self.jsSpec.get('sort', []):
            validate(obj['sort'])
コード例 #3
0
ファイル: query.py プロジェクト: raleighgee/builder
    def _validate(self, columns=None):
        """
    Verify that the pending query is valid. This is mainly to protect against SQL
    injection attacks. It is assumed that the table name has already been validated,
    and that some values will be parameterized.

    Args:
      columns: A list of (column_name, data_type) tuples representing the columns
      in this table.

    Returns:
      None

    Exceptions:
      ValueError
    """

        if not columns:
            logger.warn("Warning: column list not provided to query._validate!")
            logger.warn("Input validation will not occur!")
            return

        columns = [x for (x, _) in columns]
        validate = getExprValidator(columns)
        # SELECT
        for obj in self.jsSpec["select"]:
            validate(obj)
        # GROUPS
        for obj in self.jsSpec["stats"]["groups"]:
            validate(obj)
        # FILTERS
        for obj in self.jsSpec["filter"]:
            validate(obj["expr"])
        # SORTING
        for obj in self.jsSpec.get("sort", []):
            validate(obj["sort"])