SameerMesiah97 commented on code in PR #63530:
URL: https://github.com/apache/airflow/pull/63530#discussion_r2936809403
##########
providers/mysql/src/airflow/providers/mysql/hooks/mysql.py:
##########
@@ -342,8 +342,8 @@ def bulk_load_custom(
conn = self.get_conn()
cursor = conn.cursor()
- sql_statement = f"LOAD DATA LOCAL INFILE %s %s INTO TABLE `{table}` %s"
- parameters = (tmp_file, duplicate_key_handling, extra_options)
+ sql_statement = f"LOAD DATA LOCAL INFILE %s {duplicate_key_handling}
INTO TABLE `{table}` {extra_options}"
+ parameters = (tmp_file,)
Review Comment:
I think `duplicate_key_handling` here could benefit from validation (must be
`IGNORE` or `REPLACE`) to prevent the injection of destructive SQL statements
i.e. DROP TABLE. But this depends on whether the MySQL driver being used here
can accept multiple statements. No need to add this to the current PR but this
would be a solid rationale for a follow-up PR.
##########
providers/mysql/tests/unit/mysql/hooks/test_mysql.py:
##########
@@ -506,14 +506,8 @@ def test_bulk_load_custom(self, table):
IGNORE 1 LINES""",
)
self.cur.execute.assert_called_once_with(
- f"LOAD DATA LOCAL INFILE %s %s INTO TABLE `{table}` %s",
- (
- "/tmp/file",
- "IGNORE",
- """FIELDS TERMINATED BY ';'
- OPTIONALLY ENCLOSED BY '"'
- IGNORE 1 LINES""",
- ),
+ f"LOAD DATA LOCAL INFILE %s IGNORE INTO TABLE `{table}` FIELDS
TERMINATED BY ';'\n OPTIONALLY ENCLOSED BY '\"'\n IGNORE
1 LINES",
+ ("/tmp/file",),
Review Comment:
I would fix the spacing here if you can. It looks a bit odd.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
