sanitize – Validation functions for combatting security issues

Validation functions for combatting security issues.

exception solutions.sanitize.SanitizeError[source]

Raise when security issues are detected.

solutions.sanitize.is_ascii(s: str)[source]

Return true if all characters in s are ascii characters.

solutions.sanitize.is_identifier(s: str)[source]

Return true if s is an identifier.

This means that s must be a non-empty string of (ascii) letters, digits, and underscore _, not starting with a digit.

solutions.sanitize.is_number(s: str)[source]

Return true if s is a non-empty string of digits.

solutions.sanitize.quote_mysql_identifier(name: str)[source]

Return database object name quoted.

It is possible to use all characters in MySQL names for tables, columns, etc., including backtick, so one must be careful when creating queries with unknown column names.

This method is conservative and raises an exception if name might not be valid for all databases. (One can also quote MySQL identifiers by doubling any backtick characters.)

solutions.sanitize.quote_mysql_identifier_relaxed(name: str)[source]

Return database object name quoted.

The Solutions database contains column names that include spaces (and worse), so this function is necessary until the relevant tables are removed.

solutions.sanitize.quote_mysql_table(table: str)[source]

Return database table name quoted.

Same as quote_mysql_identifier, except a single period is allowed to specify the database name.

solutions.sanitize.quote_mysql_value(value)[source]

Return properly quoted database value.

Be very paranoid: require that value is a number.