lib/aiodatalite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add protection about sql injection

Browse Source
This commit is contained in:
ambertide
2022-05-29 01:32:59 +03:00
parent 6a3cafb920
commit 8a3865a137
8 changed files with 353 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
datalite/migrations.py
View File

@@ -26,8 +26,7 @@ def _get_db_table(class_: type) -> Tuple[str, str]:
raise FileNotFoundError(f"{database_name} does not exist")
with sql.connect(database_name) as con:
cur: sql.Cursor = con.cursor()
cur.execute(f"SELECT count(*) FROM sqlite_master "
f"WHERE type='table' AND name='{table_name}';")
cur.execute("SELECT count(*) FROM sqlite_master WHERE type='table' AND name=?;", (table_name, ))
count: int = int(cur.fetchone()[0])
if not count:
raise FileExistsError(f"Table, {table_name}, already exists.")