Looks OK - just the SQL injection issue jumps out (see inline)
Diff comments:
>
> === modified file 'src/lazr/postgresql/upgrade.py'
> --- src/lazr/postgresql/upgrade.py 2017-04-23 23:44:51 +0000
> +++ src/lazr/postgresql/upgrade.py 2017-07-27 15:36:33 +0000
> @@ -135,16 +135,16 @@
> """Cannot apply some patch."""
>
>
> -def _table_exists(con, tablename):
> +def _table_exists(con, tablename, schema):
> """Return True if tablename exists."""
> cur = con.cursor()
> cur.execute("""
> SELECT EXISTS (
> SELECT TRUE FROM information_schema.tables
> WHERE
> - table_schema='public'
> + table_schema='%s'
> AND table_name='%s')
> - """ % tablename)
> + """ % (schema, tablename))
hmm, Little Bobby Tables says hi?
(this should be parameterised to avoid SQL injection attack, I know we don't
expect this to come from user-data but from a defence-in-depth angle..)
> return cur.fetchone()[0]
>
>
--
https://code.launchpad.net/~bloodearnest/lazr-postgresql/schema/+merge/328173
Your team Launchpad code reviewers is requested to review the proposed merge of
lp:~bloodearnest/lazr-postgresql/schema into lp:lazr-postgresql.
_______________________________________________
Mailing list: https://launchpad.net/~launchpad-reviewers
Post to : launchpad-reviewers@lists.launchpad.net
Unsubscribe : https://launchpad.net/~launchpad-reviewers
More help : https://help.launchpad.net/ListHelp
