[MediaWiki-commits] [Gerrit] Add super minimal query checking - change (analytics...web)

Thu, 31 Jul 2014 20:18:14 -0700 

Yuvipanda has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/151008

Change subject: Add super minimal query checking
......................................................................

Add super minimal query checking

Change-Id: Ie62aab5be3525c73a30bccc929643b76227e9b5f
---
M quarry/web/app.py
A quarry/web/checker.py
2 files changed, 11 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/analytics/quarry/web 
refs/changes/08/151008/1

diff --git a/quarry/web/app.py b/quarry/web/app.py
index 81050b0..f6a8034 100644
--- a/quarry/web/app.py
+++ b/quarry/web/app.py
@@ -12,6 +12,7 @@
 from celery.utils.log import get_task_logger
 from redissession import RedisSessionInterface
 from mwoauth import ConsumerToken, Handshaker
+from checker import check_sql
 
 
 app = Flask(__name__)
@@ -82,9 +83,13 @@
         qrun = QueryRun.get_by_id(query_run_id)
         qrun.status = QueryRun.STATUS_RUNNING
         qrun.save()
-        start_time = time.clock()
-        cur = g.replica.cursor()
         try:
+            check_result = check_sql(qrun.query_rev.text)
+            start_time = time.clock()
+            cur = g.replica.cursor()
+            if check_result is not True:
+                celery_log.info("Check result for qrun:%s failed, with 
message: %s", qrun.id, check_result[0])
+                raise pymysql.DatabaseError(0, check_result[1])
             cur.execute(qrun.query_rev.text)
             result = []
             result.append(make_result(cur))
diff --git a/quarry/web/checker.py b/quarry/web/checker.py
new file mode 100644
index 0000000..a5efb41
--- /dev/null
+++ b/quarry/web/checker.py
@@ -0,0 +1,4 @@
+def check_sql(sql):
+    if 'information_schema' in sql:
+        return ("Hitting information_schema", "Unauthorized access to 
restricted database")
+    return True

-- 
To view, visit https://gerrit.wikimedia.org/r/151008
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie62aab5be3525c73a30bccc929643b76227e9b5f
Gerrit-PatchSet: 1
Gerrit-Project: analytics/quarry/web
Gerrit-Branch: master
Gerrit-Owner: Yuvipanda <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to