Parameterize all queries, format queries

master
Arinerron 2018-11-09 22:29:32 -08:00
parent d5355fdc9e
commit 5aaf0f266a
No known key found for this signature in database
GPG Key ID: 99383627861C62F0
5 changed files with 40 additions and 40 deletions

View File

@ -132,7 +132,7 @@ class Core:
c = conn.cursor() c = conn.cursor()
t = (peerID, name, 'unknown', hashID, powID, 0) t = (peerID, name, 'unknown', hashID, powID, 0)
for i in c.execute("SELECT * FROM PEERS where id = ?;", (peerID,)): for i in c.execute("SELECT * FROM peers WHERE id = ?;", (peerID,)):
try: try:
if i[0] == peerID: if i[0] == peerID:
conn.close() conn.close()
@ -160,7 +160,7 @@ class Core:
# check if address is in database # check if address is in database
# this is safe to do because the address is validated above, but we strip some chars here too just in case # this is safe to do because the address is validated above, but we strip some chars here too just in case
address = address.replace('\'', '').replace(';', '').replace('"', '').replace('\\', '') address = address.replace('\'', '').replace(';', '').replace('"', '').replace('\\', '')
for i in c.execute("SELECT * FROM adders where address = ?;", (address,)): for i in c.execute("SELECT * FROM adders WHERE address = ?;", (address,)):
try: try:
if i[0] == address: if i[0] == address:
conn.close() conn.close()
@ -428,13 +428,13 @@ class Core:
return return
if randomOrder: if randomOrder:
payload = 'SELECT * FROM peers where trust >= %s ORDER BY RANDOM();' % (trust,) payload = 'SELECT * FROM peers WHERE trust >= ? ORDER BY RANDOM();'
else: else:
payload = 'SELECT * FROM peers where trust >= %s;' % (trust,) payload = 'SELECT * FROM peers WHERE trust >= ?;'
peerList = [] peerList = []
for i in c.execute(payload): for i in c.execute(payload, (trust,)):
try: try:
if len(i[0]) != 0: if len(i[0]) != 0:
if getPow: if getPow:
@ -480,7 +480,7 @@ class Core:
iterCount = 0 iterCount = 0
retVal = '' retVal = ''
for row in c.execute('SELECT * from peers where id=?;', command): for row in c.execute('SELECT * FROM peers WHERE id=?;', command):
for i in row: for i in row:
if iterCount == info: if iterCount == info:
retVal = i retVal = i
@ -631,10 +631,10 @@ class Core:
c = conn.cursor() c = conn.cursor()
date = int(self._utils.getEpoch()) date = int(self._utils.getEpoch())
execute = 'SELECT hash FROM hashes WHERE expire <= %s ORDER BY dateReceived;' % (date,) execute = 'SELECT hash FROM hashes WHERE expire <= ? ORDER BY dateReceived;'
rows = list() rows = list()
for row in c.execute(execute): for row in c.execute(execute, (date,)):
for i in row: for i in row:
rows.append(i) rows.append(i)
return rows return rows

View File

@ -34,15 +34,15 @@ class OnionrBlackList:
raise Exception("Hashed data is not alpha numeric") raise Exception("Hashed data is not alpha numeric")
if len(hashed) > 64: if len(hashed) > 64:
raise Exception("Hashed data is too large") raise Exception("Hashed data is too large")
for i in self._dbExecute("select * from blacklist where hash='%s'" % (hashed,)): for i in self._dbExecute("SELECT * FROM blacklist WHERE hash = ?", (hashed,)):
retData = True # this only executes if an entry is present by that hash retData = True # this only executes if an entry is present by that hash
break break
return retData return retData
def _dbExecute(self, toExec): def _dbExecute(self, toExec, params = ()):
conn = sqlite3.connect(self.blacklistDB) conn = sqlite3.connect(self.blacklistDB)
c = conn.cursor() c = conn.cursor()
retData = c.execute(toExec) retData = c.execute(toExec, params)
conn.commit() conn.commit()
return retData return retData
@ -60,13 +60,13 @@ class OnionrBlackList:
except AttributeError: except AttributeError:
raise TypeError("dataType must be int") raise TypeError("dataType must be int")
for i in self._dbExecute('select * from blacklist where dataType=%s' % (dataType,)): for i in self._dbExecute('SELECT * FROM blacklist WHERE dataType = ?', (dataType,)):
if i[1] == dataType: if i[1] == dataType:
if (curTime - i[2]) >= i[3]: if (curTime - i[2]) >= i[3]:
deleteList.append(i[0]) deleteList.append(i[0])
for thing in deleteList: for thing in deleteList:
self._dbExecute("delete from blacklist where hash='%s'" % (thing,)) self._dbExecute("DELETE FROM blacklist WHERE hash = ?", (thing,))
def generateDB(self): def generateDB(self):
self._dbExecute('''CREATE TABLE blacklist( self._dbExecute('''CREATE TABLE blacklist(
@ -79,10 +79,10 @@ class OnionrBlackList:
return return
def clearDB(self): def clearDB(self):
self._dbExecute('''delete from blacklist;);''') self._dbExecute('''DELETE FROM blacklist;);''')
def getList(self): def getList(self):
data = self._dbExecute('select * from blacklist') data = self._dbExecute('SELECT * FROM blacklist')
myList = [] myList = []
for i in data: for i in data:
myList.append(i[0]) myList.append(i[0])
@ -113,4 +113,4 @@ class OnionrBlackList:
return return
insert = (hashed,) insert = (hashed,)
blacklistDate = self._core._utils.getEpoch() blacklistDate = self._core._utils.getEpoch()
self._dbExecute("insert into blacklist (hash, dataType, blacklistDate, expire) VALUES('%s', %s, %s, %s);" % (hashed, dataType, blacklistDate, expire)) self._dbExecute("INSERT INTO blacklist (hash, dataType, blacklistDate, expire) VALUES(?, ?, ?, ?);", (str(hashed), dataType, blacklistDate, expire))

View File

@ -87,7 +87,7 @@ class DaemonTools:
c = conn.cursor() c = conn.cursor()
time = self.daemon._core._utils.getEpoch() time = self.daemon._core._utils.getEpoch()
deleteKeys = [] deleteKeys = []
for entry in c.execute("SELECT * FROM forwardKeys where expire <= ?", (time,)): for entry in c.execute("SELECT * FROM forwardKeys WHERE expire <= ?", (time,)):
logger.info(entry[1]) logger.info(entry[1])
deleteKeys.append(entry[1]) deleteKeys.append(entry[1])

View File

@ -101,7 +101,7 @@ class OnionrUser:
conn = sqlite3.connect(self._core.peerDB, timeout=10) conn = sqlite3.connect(self._core.peerDB, timeout=10)
c = conn.cursor() c = conn.cursor()
for row in c.execute("SELECT forwardKey FROM forwardKeys WHERE peerKey = ? order by date desc", (self.publicKey,)): for row in c.execute("SELECT forwardKey FROM forwardKeys WHERE peerKey = ? ORDER BY date DESC", (self.publicKey,)):
key = row[0] key = row[0]
break break
@ -113,7 +113,7 @@ class OnionrUser:
conn = sqlite3.connect(self._core.peerDB, timeout=10) conn = sqlite3.connect(self._core.peerDB, timeout=10)
c = conn.cursor() c = conn.cursor()
keyList = [] keyList = []
for row in c.execute("SELECT forwardKey FROM forwardKeys WHERE peerKey = ? order by date desc", (self.publicKey,)): for row in c.execute("SELECT forwardKey FROM forwardKeys WHERE peerKey = ? ORDER BY date DESC", (self.publicKey,)):
key = row[0] key = row[0]
keyList.append(key) keyList.append(key)
@ -150,7 +150,7 @@ class OnionrUser:
pubkey = self._core._utils.bytesToStr(pubkey) pubkey = self._core._utils.bytesToStr(pubkey)
command = (pubkey,) command = (pubkey,)
keyList = [] # list of tuples containing pub, private for peer keyList = [] # list of tuples containing pub, private for peer
for result in c.execute("SELECT * FROM myForwardKeys where peer=?", command): for result in c.execute("SELECT * FROM myForwardKeys WHERE peer=?", command):
keyList.append((result[1], result[2])) keyList.append((result[1], result[2]))
if len(keyList) == 0: if len(keyList) == 0:
if genNew: if genNew:

View File

@ -328,7 +328,7 @@ class OnionrUtils:
c = conn.cursor() c = conn.cursor()
if not self.validateHash(hash): if not self.validateHash(hash):
raise Exception("Invalid hash") raise Exception("Invalid hash")
for result in c.execute("SELECT COUNT() FROM hashes where hash='" + hash + "'"): for result in c.execute("SELECT COUNT() FROM hashes WHERE hash = ?", (hash,)):
if result[0] >= 1: if result[0] >= 1:
conn.commit() conn.commit()
conn.close() conn.close()
@ -510,7 +510,7 @@ class OnionrUtils:
c = conn.cursor() c = conn.cursor()
command = (hash,) command = (hash,)
retData = '' retData = ''
for row in c.execute('SELECT ID FROM peers where hashID=?', command): for row in c.execute('SELECT id FROM peers WHERE hashID = ?', command):
if row[0] != '': if row[0] != '':
retData = row[0] retData = row[0]
return retData return retData