Author: Brian Kearns <[email protected]>
Branch: stdlib-2.7.9
Changeset: r74948:6855ba726fb0
Date: 2014-12-15 14:41 -0500
http://bitbucket.org/pypy/pypy/changeset/6855ba726fb0/
Log: raise ValueError on null chars in _sqlite3
diff --git a/lib_pypy/_sqlite3.py b/lib_pypy/_sqlite3.py
--- a/lib_pypy/_sqlite3.py
+++ b/lib_pypy/_sqlite3.py
@@ -1202,6 +1202,8 @@
if not isinstance(sql, basestring):
raise Warning("SQL is of wrong type. Must be string or unicode.")
+ if '\0' in sql:
+ raise ValueError("the query contains a null character")
first_word = sql.lstrip().split(" ")[0].upper()
if first_word == "":
diff --git a/pypy/module/test_lib_pypy/test_sqlite3.py
b/pypy/module/test_lib_pypy/test_sqlite3.py
--- a/pypy/module/test_lib_pypy/test_sqlite3.py
+++ b/pypy/module/test_lib_pypy/test_sqlite3.py
@@ -263,6 +263,19 @@
finally:
del _sqlite3.adapters[(int, _sqlite3.PrepareProtocol)]
+ def test_null_character(self, con):
+ if not hasattr(_sqlite3, '_ffi') and sys.version_info < (2, 7, 9):
+ pytest.skip("_sqlite3 too old")
+ exc = raises(ValueError, con, "\0select 1")
+ assert str(exc.value) == "the query contains a null character"
+ exc = raises(ValueError, con, "select 1\0")
+ assert str(exc.value) == "the query contains a null character"
+ cur = con.cursor()
+ exc = raises(ValueError, cur.execute, "\0select 2")
+ assert str(exc.value) == "the query contains a null character"
+ exc = raises(ValueError, cur.execute, "select 2\0")
+ assert str(exc.value) == "the query contains a null character"
+
class TestSQLiteHost(BaseTestSQLite):
def setup_class(cls):
_______________________________________________
pypy-commit mailing list
[email protected]
https://mail.python.org/mailman/listinfo/pypy-commit
