diff options
Diffstat (limited to 'python-sqlescapy.spec')
| -rw-r--r-- | python-sqlescapy.spec | 144 |
1 files changed, 144 insertions, 0 deletions
diff --git a/python-sqlescapy.spec b/python-sqlescapy.spec new file mode 100644 index 0000000..17f6f58 --- /dev/null +++ b/python-sqlescapy.spec @@ -0,0 +1,144 @@ +%global _empty_manifest_terminate_build 0 +Name: python-sqlescapy +Version: 1.0.1 +Release: 1 +Summary: Python module to escape SQL special characters and quotes in strings +License: MIT License +URL: https://github.com/elouajib/sqlescapy +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/43/bb/d5077ee1599474af84393bc000212d2aa29e846e10044c4a5eb0813f2339/sqlescapy-1.0.1.tar.gz +BuildArch: noarch + + +%description +Python module to escape SQL special characters and quotes in strings + +install: +`pip install sqlescapy` + +Assuming `dangerous_input` is a variable coming from a user input, a bad actor can exploit it to start injecting your database. +```python +from sqlescapy import sqlescape + +dangerous_input = "JhonWick'" + +protected_raw_statement = "\"foo_table\".username='%s'" % sqlescape(dangerous_input) + +protected_query = """ + +SELECT "foo_table".*, "bar_table".* +FROM "foo_table", "bar_table" +WHERE "foo_table".id = "bar_table".id + AND %s +""" % protected_raw_statement + +``` + + + + +%package -n python3-sqlescapy +Summary: Python module to escape SQL special characters and quotes in strings +Provides: python-sqlescapy +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-sqlescapy +Python module to escape SQL special characters and quotes in strings + +install: +`pip install sqlescapy` + +Assuming `dangerous_input` is a variable coming from a user input, a bad actor can exploit it to start injecting your database. +```python +from sqlescapy import sqlescape + +dangerous_input = "JhonWick'" + +protected_raw_statement = "\"foo_table\".username='%s'" % sqlescape(dangerous_input) + +protected_query = """ + +SELECT "foo_table".*, "bar_table".* +FROM "foo_table", "bar_table" +WHERE "foo_table".id = "bar_table".id + AND %s +""" % protected_raw_statement + +``` + + + + +%package help +Summary: Development documents and examples for sqlescapy +Provides: python3-sqlescapy-doc +%description help +Python module to escape SQL special characters and quotes in strings + +install: +`pip install sqlescapy` + +Assuming `dangerous_input` is a variable coming from a user input, a bad actor can exploit it to start injecting your database. +```python +from sqlescapy import sqlescape + +dangerous_input = "JhonWick'" + +protected_raw_statement = "\"foo_table\".username='%s'" % sqlescape(dangerous_input) + +protected_query = """ + +SELECT "foo_table".*, "bar_table".* +FROM "foo_table", "bar_table" +WHERE "foo_table".id = "bar_table".id + AND %s +""" % protected_raw_statement + +``` + + + + +%prep +%autosetup -n sqlescapy-1.0.1 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-sqlescapy -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Mon May 29 2023 Python_Bot <Python_Bot@openeuler.org> - 1.0.1-1 +- Package Spec generated |