Frisk/RcGcDb
1
0
Fork 0
mirror of https://gitlab.com/chicken-riders/RcGcDb.git synced 2025-02-23 00:54:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Little progress, future-proofed SQL statements from SQL injections

Browse source
This commit is contained in:
Frisk 2021-07-03 14:07:47 +02:00
parent 726a376b06
commit 597a907791
No known key found for this signature in database
GPG key ID: 213F7C15068AF8AC
3 changed files with 26 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/domain.py
View file

@ -61,7 +61,7 @@ class Domain:
async def run_wiki_scan(self, wiki: src.wiki.Wiki): async def run_wiki_scan(self, wiki: src.wiki.Wiki):
await self.rate_limiter.timeout_wait() await self.rate_limiter.timeout_wait()
await wiki.scan(self.rate_limiter) await wiki.scan()
self.wikis.move_to_end(wiki.script_url) self.wikis.move_to_end(wiki.script_url)
self.rate_limiter.timeout_add(1.0) self.rate_limiter.timeout_add(1.0)

17
src/queue_handler.py
View file

@ -1,5 +1,10 @@
import asyncio import asyncio
import collections
import logging import logging
from typing import Union
import asyncpg
from src.database import db from src.database import db
logger = logging.getLogger("rcgcdb.queue_handler") logger = logging.getLogger("rcgcdb.queue_handler")
@ -7,7 +12,7 @@ logger = logging.getLogger("rcgcdb.queue_handler")
class UpdateDB: class UpdateDB:
def __init__(self): def __init__(self):
self.updated = [] self.updated: list[tuple[str, tuple[Union[str, int]]]] = []
def add(self, sql_expression): def add(self, sql_expression):
self.updated.append(sql_expression) self.updated.append(sql_expression)
@ -15,6 +20,12 @@ class UpdateDB:
def clear_list(self): def clear_list(self):
self.updated.clear() self.updated.clear()
async def fetch_rows(self, SQLstatement: str, args: Union[str, int]) -> collections.AsyncIterable:
async with db.pool().acquire() as connection:
async with connection.transaction():
async for row in connection.cursor(SQLstatement, *args):
yield row
async def update_db(self): async def update_db(self):
try: try:
while True: while True:
@ -22,7 +33,7 @@ class UpdateDB:
async with db.pool().acquire() as connection: async with db.pool().acquire() as connection:
async with connection.transaction(): async with connection.transaction():
for update in self.updated: for update in self.updated:
await connection.execute(update) await connection.execute(update[0], *update[1])
self.clear_list() self.clear_list()
await asyncio.sleep(10.0) await asyncio.sleep(10.0)
except asyncio.CancelledError: except asyncio.CancelledError:
@ -30,7 +41,7 @@ class UpdateDB:
async with db.pool().acquire() as connection: async with db.pool().acquire() as connection:
async with connection.transaction(): async with connection.transaction():
for update in self.updated: for update in self.updated:
await connection.execute(update) await connection.execute(update[0], *update[1])
self.clear_list() self.clear_list()
await db.shutdown_connection() await db.shutdown_connection()

16
src/wiki.py
View file

@ -62,15 +62,13 @@ class Wiki:
else: else:
self.fail_times -= 1 self.fail_times -= 1
def generate_targets(self) -> defaultdict[namedtuple, list[str]]: async def generate_targets(self) -> defaultdict[namedtuple, list[str]]:
"""This function generates all possible varations of outputs that we need to generate messages for. """This function generates all possible varations of outputs that we need to generate messages for.
:returns defaultdict[namedtuple, list[str]] - where namedtuple is a named tuple with settings for given webhooks in list""" :returns defaultdict[namedtuple, list[str]] - where namedtuple is a named tuple with settings for given webhooks in list"""
Settings = namedtuple("Settings", ["lang", "display"]) Settings = namedtuple("Settings", ["lang", "display"])
target_settings: defaultdict[Settings, list[str]] = defaultdict(list) target_settings: defaultdict[Settings, list[str]] = defaultdict(list)
async with db.pool().acquire() as connection: async for webhook in DBHandler.fetch_rows("SELECT webhook, lang, display FROM rcgcdw WHERE wiki = $1 AND (rcid != -1 OR rcid IS NULL)", self.script_url):
async with connection.transaction():
async for webhook in connection.cursor('SELECT webhook, lang, display FROM rcgcdw WHERE wiki = $1', self.script_url):
target_settings[Settings(webhook["lang"], webhook["display"])].append(webhook["webhook"]) target_settings[Settings(webhook["lang"], webhook["display"])].append(webhook["webhook"])
return target_settings return target_settings
@ -178,7 +176,7 @@ class Wiki:
raise WikiServerError raise WikiServerError
return response return response
def scan(self): async def scan(self):
try: try:
request = await self.fetch_wiki() request = await self.fetch_wiki()
except WikiServerError: except WikiServerError:
@ -202,9 +200,15 @@ class Wiki:
if self.rc_id in (0, None, -1): if self.rc_id in (0, None, -1):
if len(recent_changes) > 0: if len(recent_changes) > 0:
self.statistics.last_action = recent_changes[-1]["rcid"] self.statistics.last_action = recent_changes[-1]["rcid"]
DBHandler.add(("UPDATE rcgcdw SET rcid = $1 WHERE wiki = $2 AND ( rcid != -1 OR rcid IS NULL )",
(recent_changes[-1]["rcid"], self.script_url)))
else: else:
self.statistics.last_action = 0 self.statistics.last_action = 0
DBHandler.add("UPDATE rcgcdw SET rcid = 0 WHERE wiki = {} AND ( rcid != -1 OR rcid IS NULL )".format(self.script_url)) DBHandler.add(("UPDATE rcgcdw SET rcid = 0 WHERE wiki = $1 AND ( rcid != -1 OR rcid IS NULL )", (self.script_url)))
return # TODO Add a log entry?
categorize_events = {}
targets = await self.generate_targets()
@dataclass @dataclass
class Wiki_old: class Wiki_old: