Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds support for format operators in SQLQueryParameterization #361

Merged
merged 18 commits into from
Mar 14, 2024
Merged

Adds support for format operators in SQLQueryParameterization #361

merged 18 commits into from
Mar 14, 2024

Conversation

andrecsilva
Copy link
Contributor

@andrecsilva andrecsilva commented Mar 12, 2024
edited
Loading

Overview

SQLQueryParameterization will now parameterize queries built with the format operator %

Description

  • SQLQueryParameterization will now correctly parameterize queries built with the format operator %;
  • Added LinearizeStringExpression. It takes a string expression and finds all the pieces that composes that string. For example: "1" + a + "2" will return a list with the nodes that represents "1", a and "2";
  • Added RemoveUnusedVariables. It removes local assignments that are not referenced anywhere else;
  • Added several utilities for parsing printf style strings in format_string_parser module;

Tackles #301.

@pixeebot pixeebot bot mentioned this pull request Mar 12, 2024
Merged
@andrecsilva andrecsilva marked this pull request as ready for review March 12, 2024 14:16
@andrecsilva andrecsilva requested a review from clavedeluna March 13, 2024 12:18
drdavella
drdavella approved these changes Mar 13, 2024
View reviewed changes
Copy link
Member

@drdavella drdavella left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great overall. It's a lot of very impressive work, thanks for the effort.

I'm starting to see how some of these pieces could be taken and reused for other kinds of codemods (e.g. xpath injection).

src/codemodder/utils/format_string_parser.py
}


def parse_formatted_string(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is pretty heroic, nice work. I could have sworn that there was something in the standard library that helped to tokenize format strings but I'm having trouble digging it up right now.

src/core_codemods/sql_parameterization.py Outdated Show resolved Hide resolved
@andrecsilva andrecsilva enabled auto-merge March 13, 2024 14:18
@andrecsilva andrecsilva added this pull request to the merge queue Mar 13, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Mar 13, 2024
andrecsilva and others added 18 commits March 14, 2024 11:29
@andrecsilva
Format expressions initial implementation
78347ac
@andrecsilva
Format expressions initial implementation
a35083c
@andrecsilva
Transform to remove empty string formatting
7fdd616
@andrecsilva
Refactoring and documentation
74fc323
@andrecsilva
Refactoring and documentation
a0fec25
@andrecsilva
Tests for printf style string parser
2152f26
@andrecsilva
LinearizeStringExpression tests
355a037
@andrecsilva
Tests for SQL parameterization with printf format strings
1ef6d4f
@andrecsilva
Refactored and moved cleaning transformations
c35a8fc
@andrecsilva
Refactoring and more tests
a871e38
@andrecsilva
Linting
8494264
@andrecsilva
fixup! Refactoring and more tests
ceeb483
@pixeebot @andrecsilva
Hardening suggestions for codemodder-python / sqlp-formatop (#362)
d36948b 
Use Assignment Expression (Walrus) In Conditional

Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
@andrecsilva
fixup! Hardening suggestions for codemodder-python / sqlp-formatop (#362
3cb50d1 
)
@andrecsilva
Small refactoring
50a8533
@andrecsilva
fixup! Small refactoring
ba273a1
@andrecsilva
Better documentation
0c295a7
@andrecsilva
Disables RemoveUnnecessarFStr and test
0639c3e
@andrecsilva andrecsilva enabled auto-merge March 14, 2024 14:50
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
13 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
2.0% Duplication on New Code

See analysis details on SonarCloud

@andrecsilva andrecsilva added this pull request to the merge queue Mar 14, 2024
Merged via the queue into main with commit ef74258 Mar 14, 2024
11 checks passed
@andrecsilva andrecsilva deleted the sqlp-formatop branch March 14, 2024 15:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clavedeluna clavedeluna clavedeluna approved these changes

@drdavella drdavella drdavella approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andrecsilva @drdavella @clavedeluna