diff options
| author | nkozlovskiy <nmk@ydb.tech> | 2023-09-29 12:24:06 +0300 |
|---|---|---|
| committer | nkozlovskiy <nmk@ydb.tech> | 2023-09-29 12:41:34 +0300 |
| commit | e0e3e1717e3d33762ce61950504f9637a6e669ed (patch) | |
| tree | bca3ff6939b10ed60c3d5c12439963a1146b9711 /contrib/tools/python3/src/Modules/_sqlite/statement.c | |
| parent | 38f2c5852db84c7b4d83adfcb009eb61541d1ccd (diff) | |
| download | ydb-e0e3e1717e3d33762ce61950504f9637a6e669ed.tar.gz | |
add ydb deps
Diffstat (limited to 'contrib/tools/python3/src/Modules/_sqlite/statement.c')
| -rw-r--r-- | contrib/tools/python3/src/Modules/_sqlite/statement.c | 206 |
1 files changed, 206 insertions, 0 deletions
diff --git a/contrib/tools/python3/src/Modules/_sqlite/statement.c b/contrib/tools/python3/src/Modules/_sqlite/statement.c new file mode 100644 index 0000000000..aee460747b --- /dev/null +++ b/contrib/tools/python3/src/Modules/_sqlite/statement.c @@ -0,0 +1,206 @@ +/* statement.c - the statement type + * + * Copyright (C) 2005-2010 Gerhard Häring <gh@ghaering.de> + * + * This file is part of pysqlite. + * + * This software is provided 'as-is', without any express or implied + * warranty. In no event will the authors be held liable for any damages + * arising from the use of this software. + * + * Permission is granted to anyone to use this software for any purpose, + * including commercial applications, and to alter it and redistribute it + * freely, subject to the following restrictions: + * + * 1. The origin of this software must not be misrepresented; you must not + * claim that you wrote the original software. If you use this software + * in a product, an acknowledgment in the product documentation would be + * appreciated but is not required. + * 2. Altered source versions must be plainly marked as such, and must not be + * misrepresented as being the original software. + * 3. This notice may not be removed or altered from any source distribution. + */ + +#include "connection.h" +#include "statement.h" +#include "util.h" + +/* prototypes */ +static const char *lstrip_sql(const char *sql); + +pysqlite_Statement * +pysqlite_statement_create(pysqlite_Connection *connection, PyObject *sql) +{ + pysqlite_state *state = connection->state; + assert(PyUnicode_Check(sql)); + Py_ssize_t size; + const char *sql_cstr = PyUnicode_AsUTF8AndSize(sql, &size); + if (sql_cstr == NULL) { + return NULL; + } + + sqlite3 *db = connection->db; + int max_length = sqlite3_limit(db, SQLITE_LIMIT_SQL_LENGTH, -1); + if (size > max_length) { + PyErr_SetString(connection->DataError, + "query string is too large"); + return NULL; + } + if (strlen(sql_cstr) != (size_t)size) { + PyErr_SetString(connection->ProgrammingError, + "the query contains a null character"); + return NULL; + } + + sqlite3_stmt *stmt; + const char *tail; + int rc; + Py_BEGIN_ALLOW_THREADS + rc = sqlite3_prepare_v2(db, sql_cstr, (int)size + 1, &stmt, &tail); + Py_END_ALLOW_THREADS + + if (rc != SQLITE_OK) { + _pysqlite_seterror(state, db); + return NULL; + } + + if (lstrip_sql(tail) != NULL) { + PyErr_SetString(connection->ProgrammingError, + "You can only execute one statement at a time."); + goto error; + } + + /* Determine if the statement is a DML statement. + SELECT is the only exception. See #9924. */ + int is_dml = 0; + const char *p = lstrip_sql(sql_cstr); + if (p != NULL) { + is_dml = (PyOS_strnicmp(p, "insert", 6) == 0) + || (PyOS_strnicmp(p, "update", 6) == 0) + || (PyOS_strnicmp(p, "delete", 6) == 0) + || (PyOS_strnicmp(p, "replace", 7) == 0); + } + + pysqlite_Statement *self = PyObject_GC_New(pysqlite_Statement, + state->StatementType); + if (self == NULL) { + goto error; + } + + self->st = stmt; + self->in_use = 0; + self->is_dml = is_dml; + + PyObject_GC_Track(self); + return self; + +error: + (void)sqlite3_finalize(stmt); + return NULL; +} + +static void +stmt_dealloc(pysqlite_Statement *self) +{ + PyTypeObject *tp = Py_TYPE(self); + PyObject_GC_UnTrack(self); + if (self->st) { + Py_BEGIN_ALLOW_THREADS + sqlite3_finalize(self->st); + Py_END_ALLOW_THREADS + self->st = 0; + } + tp->tp_free(self); + Py_DECREF(tp); +} + +static int +stmt_traverse(pysqlite_Statement *self, visitproc visit, void *arg) +{ + Py_VISIT(Py_TYPE(self)); + return 0; +} + +/* + * Strip leading whitespace and comments from incoming SQL (null terminated C + * string) and return a pointer to the first non-whitespace, non-comment + * character. + * + * This is used to check if somebody tries to execute more than one SQL query + * with one execute()/executemany() command, which the DB-API don't allow. + * + * It is also used to harden DML query detection. + */ +static inline const char * +lstrip_sql(const char *sql) +{ + // This loop is borrowed from the SQLite source code. + for (const char *pos = sql; *pos; pos++) { + switch (*pos) { + case ' ': + case '\t': + case '\f': + case '\n': + case '\r': + // Skip whitespace. + break; + case '-': + // Skip line comments. + if (pos[1] == '-') { + pos += 2; + while (pos[0] && pos[0] != '\n') { + pos++; + } + if (pos[0] == '\0') { + return NULL; + } + continue; + } + return pos; + case '/': + // Skip C style comments. + if (pos[1] == '*') { + pos += 2; + while (pos[0] && (pos[0] != '*' || pos[1] != '/')) { + pos++; + } + if (pos[0] == '\0') { + return NULL; + } + pos++; + continue; + } + return pos; + default: + return pos; + } + } + + return NULL; +} + +static PyType_Slot stmt_slots[] = { + {Py_tp_dealloc, stmt_dealloc}, + {Py_tp_traverse, stmt_traverse}, + {0, NULL}, +}; + +static PyType_Spec stmt_spec = { + .name = MODULE_NAME ".Statement", + .basicsize = sizeof(pysqlite_Statement), + .flags = (Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | + Py_TPFLAGS_IMMUTABLETYPE | Py_TPFLAGS_DISALLOW_INSTANTIATION), + .slots = stmt_slots, +}; + +int +pysqlite_statement_setup_types(PyObject *module) +{ + PyObject *type = PyType_FromModuleAndSpec(module, &stmt_spec, NULL); + if (type == NULL) { + return -1; + } + pysqlite_state *state = pysqlite_get_state(module); + state->StatementType = (PyTypeObject *)type; + return 0; +} |