From 0b66fc8c0bc7b56af879d14ac7f035e7b8980184 Mon Sep 17 00:00:00 2001 From: pooja1pathak Date: Wed, 5 Jun 2024 08:55:19 +0000 Subject: [PATCH] fix for 702 --- RELEASE_NOTES.md | 2 ++ timescale-container/crate-exporter.py | 31 +++++++++++++++++++++------ 2 files changed, 27 insertions(+), 6 deletions(-) diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 070fe18c..55703622 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -4,6 +4,8 @@ ### New features +- Added escaping in crate-exporter.py (#702) + ### Bug fixes - Fix to return OK/200 and an empty result set when no data found (#720) diff --git a/timescale-container/crate-exporter.py b/timescale-container/crate-exporter.py index cabe0936..636cf944 100644 --- a/timescale-container/crate-exporter.py +++ b/timescale-container/crate-exporter.py @@ -67,23 +67,42 @@ def get(self): class CrateSql: """Crate SQL utilities.""" + @staticmethod + def escape_single_quote(x: str) -> str: + """ + Single quote escaping for Postres strings: replace any single quote + with two single quotes. E.g. x'y'z ~~~> x''y''z + """ + return x.replace("'", "''") + + @staticmethod + def escape_double_quote(x: str) -> str: + """ + Double quote escaping for Postres quoted identifiers: replace any + double quote with two double quotes. E.g. x"y"z ~~~> x""y""z + """ + return x.replace('"', '""') + @staticmethod def to_string(x) -> str: """ - Convert the input into a Crate string. + Convert the input into a Crate string, escaping if needed. E.g. input ~~~> 'input' + in'put ~~~> 'in''put' """ - v = str(x) # TODO consider escaping? - return f"'{v}'" + escaped = CrateSql.escape_single_quote(str(x)) + return f"'{escaped}'" @staticmethod def to_quoted_identifier(x) -> str: """ - Convert the input into a Crate quoted identifier. + Convert the input into a Crate quoted identifier, escaping if + needed. E.g. input ~~~> "input" + in"put ~~~> "in""put" """ - v = str(x) # TODO consider escaping? - return f'"{v}"' + escaped = CrateSql.escape_double_quote(str(x)) + return f'"{escaped}"' class CrateTableIdentifier: