%global _empty_manifest_terminate_build 0 Name: python-sqlescapy Version: 1.0.1 Release: 1 Summary: Python module to escape SQL special characters and quotes in strings License: MIT License URL: https://github.com/elouajib/sqlescapy Source0: https://mirrors.aliyun.com/pypi/web/packages/43/bb/d5077ee1599474af84393bc000212d2aa29e846e10044c4a5eb0813f2339/sqlescapy-1.0.1.tar.gz BuildArch: noarch %description Python module to escape SQL special characters and quotes in strings install: `pip install sqlescapy` Assuming `dangerous_input` is a variable coming from a user input, a bad actor can exploit it to start injecting your database. ```python from sqlescapy import sqlescape dangerous_input = "JhonWick'" protected_raw_statement = "\"foo_table\".username='%s'" % sqlescape(dangerous_input) protected_query = """ SELECT "foo_table".*, "bar_table".* FROM "foo_table", "bar_table" WHERE "foo_table".id = "bar_table".id AND %s """ % protected_raw_statement ``` %package -n python3-sqlescapy Summary: Python module to escape SQL special characters and quotes in strings Provides: python-sqlescapy BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-pip %description -n python3-sqlescapy Python module to escape SQL special characters and quotes in strings install: `pip install sqlescapy` Assuming `dangerous_input` is a variable coming from a user input, a bad actor can exploit it to start injecting your database. ```python from sqlescapy import sqlescape dangerous_input = "JhonWick'" protected_raw_statement = "\"foo_table\".username='%s'" % sqlescape(dangerous_input) protected_query = """ SELECT "foo_table".*, "bar_table".* FROM "foo_table", "bar_table" WHERE "foo_table".id = "bar_table".id AND %s """ % protected_raw_statement ``` %package help Summary: Development documents and examples for sqlescapy Provides: python3-sqlescapy-doc %description help Python module to escape SQL special characters and quotes in strings install: `pip install sqlescapy` Assuming `dangerous_input` is a variable coming from a user input, a bad actor can exploit it to start injecting your database. ```python from sqlescapy import sqlescape dangerous_input = "JhonWick'" protected_raw_statement = "\"foo_table\".username='%s'" % sqlescape(dangerous_input) protected_query = """ SELECT "foo_table".*, "bar_table".* FROM "foo_table", "bar_table" WHERE "foo_table".id = "bar_table".id AND %s """ % protected_raw_statement ``` %prep %autosetup -n sqlescapy-1.0.1 %build %py3_build %install %py3_install install -d -m755 %{buildroot}/%{_pkgdocdir} if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi pushd %{buildroot} if [ -d usr/lib ]; then find usr/lib -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/lib64 ]; then find usr/lib64 -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/bin ]; then find usr/bin -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/sbin ]; then find usr/sbin -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi touch doclist.lst if [ -d usr/share/man ]; then find usr/share/man -type f -printf "\"/%h/%f.gz\"\n" >> doclist.lst fi popd mv %{buildroot}/filelist.lst . mv %{buildroot}/doclist.lst . %files -n python3-sqlescapy -f filelist.lst %dir %{python3_sitelib}/* %files help -f doclist.lst %{_docdir}/* %changelog * Thu Jun 08 2023 Python_Bot - 1.0.1-1 - Package Spec generated