[aur-dev] [PATCH] Adding PackagerUID to dummy-data
Adding PackagerUID to dummy-data Leonidas Spyropoulos (1): Adding PackagerUID to the generated dummy data schema/gendummydata.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) -- 2.4.3
--- schema/gendummydata.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/schema/gendummydata.py b/schema/gendummydata.py index 9ad5373..7b18a50 100755 --- a/schema/gendummydata.py +++ b/schema/gendummydata.py @@ -193,16 +193,18 @@ for p in list(seen_pkgs.keys()): NOW = int(time.time()) if count % 2 == 0: muid = developers[random.randrange(0,len(developers))] + puid = developers[random.randrange(0,len(developers))] else: muid = trustedusers[random.randrange(0,len(trustedusers))] + puid = trustedusers[random.randrange(0,len(trustedusers))] if count % 20 == 0: # every so often, there are orphans... muid = "NULL" uuid = genUID() # the submitter/user s = ("INSERT INTO PackageBases (ID, Name, CategoryID, SubmittedTS, " - "SubmitterUID, MaintainerUID) VALUES (%d, '%s', %d, %d, %d, %s);\n") - s = s % (seen_pkgs[p], p, genCategory(), NOW, uuid, muid) + "SubmitterUID, MaintainerUID, PackagerUID) VALUES (%d, '%s', %d, %d, %d, %s, %s);\n") + s = s % (seen_pkgs[p], p, genCategory(), NOW, uuid, muid, puid) out.write(s) s = ("INSERT INTO Packages (ID, PackageBaseID, Name, Version) VALUES " -- 2.4.3
Minor nit: We usually write commit message in imperative mood. Also, there is no need to add a cover letter when you only submit a single patch. On Sun, 14 Jun 2015 at 17:36:52, Leonidas Spyropoulos wrote:
--- schema/gendummydata.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/schema/gendummydata.py b/schema/gendummydata.py index 9ad5373..7b18a50 100755 --- a/schema/gendummydata.py +++ b/schema/gendummydata.py @@ -193,16 +193,18 @@ for p in list(seen_pkgs.keys()): NOW = int(time.time()) if count % 2 == 0: muid = developers[random.randrange(0,len(developers))] + puid = developers[random.randrange(0,len(developers))] else: muid = trustedusers[random.randrange(0,len(trustedusers))] + puid = trustedusers[random.randrange(0,len(trustedusers))] if count % 20 == 0: # every so often, there are orphans... muid = "NULL"
uuid = genUID() # the submitter/user
s = ("INSERT INTO PackageBases (ID, Name, CategoryID, SubmittedTS, " - "SubmitterUID, MaintainerUID) VALUES (%d, '%s', %d, %d, %d, %s);\n") - s = s % (seen_pkgs[p], p, genCategory(), NOW, uuid, muid) + "SubmitterUID, MaintainerUID, PackagerUID) VALUES (%d, '%s', %d, %d, %d, %s, %s);\n") + s = s % (seen_pkgs[p], p, genCategory(), NOW, uuid, muid, puid)
Wow. This part of the code is really ugly. Using "%s" for integer values and not escaping strings in queries. I wonder if somebody cares enough to rewrite it, though... Anyway, your patch looks good. Will be applied, thanks!
out.write(s)
s = ("INSERT INTO Packages (ID, PackageBaseID, Name, Version) VALUES " -- 2.4.3
* Lukas Fleischer <lfleischer@archlinux.org> (Sun, 14 Jun 2015 17:45:24 +0200):
Wow. This part of the code is really ugly. Using "%s" for integer values and not escaping strings in queries. I wonder if somebody cares enough to rewrite it, though...
Wouldn't the use of (PDO) prepared statements be much neatier in general? Not that string concatenation is unsafe when values are properly escaped, so there's no immediate threat at the moment (as far as I can see), but prepared statements are easier to read and less error-prone when changing code (and yes, I know this is about Python code, which I don't know, but the PHP parts are full of string concatenation, too). If we want to change everything to prepared statements, I can create patches for PHP parts next month. Best, Marcel
On 14/06, Marcel Korpel wrote:
* Lukas Fleischer <lfleischer@archlinux.org> (Sun, 14 Jun 2015 17:45:24 +0200):
Wow. This part of the code is really ugly. Using "%s" for integer values and not escaping strings in queries. I wonder if somebody cares enough to rewrite it, though...
Wouldn't the use of (PDO) prepared statements be much neatier in general? Not that string concatenation is unsafe when values are properly escaped, so there's no immediate threat at the moment (as far as I can see), but prepared statements are easier to read and less error-prone when changing code (and yes, I know this is about Python code, which I don't know, but the PHP parts are full of string concatenation, too).
If we want to change everything to prepared statements, I can create patches for PHP parts next month.
Python doesn't have prepared statements, but it has similar parameterized queries. I can look into replacing the interpolation with those later. -- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
On 14/06, Johannes Löthberg wrote:
On 14/06, Marcel Korpel wrote:
* Lukas Fleischer <lfleischer@archlinux.org> (Sun, 14 Jun 2015 17:45:24 +0200):
Wow. This part of the code is really ugly. Using "%s" for integer values and not escaping strings in queries. I wonder if somebody cares enough to rewrite it, though...
Wouldn't the use of (PDO) prepared statements be much neatier in general? Not that string concatenation is unsafe when values are properly escaped, so there's no immediate threat at the moment (as far as I can see), but prepared statements are easier to read and less error-prone when changing code (and yes, I know this is about Python code, which I don't know, but the PHP parts are full of string concatenation, too).
If we want to change everything to prepared statements, I can create patches for PHP parts next month.
Python doesn't have prepared statements, but it has similar parameterized queries. I can look into replacing the interpolation with those later.
Heh, just realized that the python script just writes a SQL file which the bash script executes.. I should just make the python script do all of it. -- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
On Sun, 14 Jun 2015 at 20:39:20, Marcel Korpel wrote:
* Lukas Fleischer <lfleischer@archlinux.org> (Sun, 14 Jun 2015 17:45:24 +0200):
Wow. This part of the code is really ugly. Using "%s" for integer values and not escaping strings in queries. I wonder if somebody cares enough to rewrite it, though...
Wouldn't the use of (PDO) prepared statements be much neatier in general? Not that string concatenation is unsafe when values are properly escaped, so there's no immediate threat at the moment (as far as I can see), but prepared statements are easier to read and less error-prone when changing code (and yes, I know this is about Python code, which I don't know, but the PHP parts are full of string concatenation, too).
Of course, we already use prepared statements in all the modern Python scripts (everything under git-interface/ and scripts/). The gendummydata script is old and full of hacks.
If we want to change everything to prepared statements, I can create patches for PHP parts next month.
That is greatly appreciated! Please make sure you make small, easy to review commits.
Best, Marcel
participants (4)
-
Johannes Löthberg
-
Leonidas Spyropoulos
-
Lukas Fleischer
-
Marcel Korpel