def getColumnMetadata(self, tableName, columnExpr, dataType):
"""
Returns the meta data for a given column. See DataSourceConnection.getColumnMetadata
for more information.
Raises:
ValueError: Thrown when columnName is not found in table.
"""
columns = []
for col in self._getColumnsInTable(tableName):
columns += ["{0}.{1}".format(tableName, col[0])]
validate = getExprValidator(columns)
validate(columnExpr)
expr = columnExpr['expr']
result = {}
if dataType == 'cat':
columns = self._query(
'SELECT distinct({col}) FROM {table} LIMIT 100'.format(
col = self._translate(expr)
, table = tableName)
)
def sanitize(v):
if v is None:
return "Null"
return v
result = { "values" : [sanitize(v[0]) for v in columns if len(v) > 0] }
else:
min = exprCallFnc('min', [expr])
max = exprCallFnc('max', [expr])
if dataType == 'date':
q = "SELECT {colMin},{colMax} FROM {table}".format(
colMin = self._translate(exprCallFnc('unix', [min]))
, colMax = self._translate(exprCallFnc('unix', [max]))
, table = tableName)
elif dataType == 'num':
q = "SELECT {colMin},{colMax} FROM {table}".format(
colMin = self._translate(min)
, colMax = self._translate(max)
, table = tableName)
columns = self._query(q)
if len(columns) > 0:
minValue, maxValue = columns[0]
else:
minValue, maxValue = (0, 0)
result = { "min" : minValue
, "max" : maxValue }
return result
def _validate(self, columns=None):
"""
Verify that the pending query is valid. This is mainly to protect against SQL
injection attacks. It is assumed that the table name has already been validated,
and that some values will be parameterized.
Args:
columns: A list of (column_name, data_type) tuples representing the columns
in this table.
Returns:
None
Exceptions:
ValueError
"""
if not columns:
logger.warn(
"Warning: column list not provided to query._validate!")
logger.warn("Input validation will not occur!")
return
columns = [x for (x, _) in columns]
validate = getExprValidator(columns)
# SELECT
for obj in self.jsSpec['select']:
validate(obj)
# GROUPS
for obj in self.jsSpec['stats']['groups']:
validate(obj)
# FILTERS
for obj in self.jsSpec['filter']:
validate(obj['expr'])
# SORTING
for obj in self.jsSpec.get('sort', []):
validate(obj['sort'])
def _validate(self, columns=None):
"""
Verify that the pending query is valid. This is mainly to protect against SQL
injection attacks. It is assumed that the table name has already been validated,
and that some values will be parameterized.
Args:
columns: A list of (column_name, data_type) tuples representing the columns
in this table.
Returns:
None
Exceptions:
ValueError
"""
if not columns:
logger.warn("Warning: column list not provided to query._validate!")
logger.warn("Input validation will not occur!")
return
columns = [x for (x, _) in columns]
validate = getExprValidator(columns)
# SELECT
for obj in self.jsSpec["select"]:
validate(obj)
# GROUPS
for obj in self.jsSpec["stats"]["groups"]:
validate(obj)
# FILTERS
for obj in self.jsSpec["filter"]:
validate(obj["expr"])
# SORTING
for obj in self.jsSpec.get("sort", []):
validate(obj["sort"])
