From 1fc5c4a9159d10bde5637e74b4e2f246f9baaa9e Mon Sep 17 00:00:00 2001 From: Florian da Costa Date: Tue, 16 Feb 2016 14:17:21 +0100 Subject: [PATCH] Add rollback after executing query as a double security with blacklist terms --- sql_export/sql_export.py | 17 ++++++++++++----- sql_export/tests/__init__.py | 3 --- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/sql_export/sql_export.py b/sql_export/sql_export.py index 2e402c8f9..26aef2fd3 100644 --- a/sql_export/sql_export.py +++ b/sql_export/sql_export.py @@ -25,6 +25,7 @@ import datetime import re from openerp import models, fields, api, _, exceptions from openerp.tools import DEFAULT_SERVER_DATETIME_FORMAT +import uuid class SqlExport(models.Model): @@ -98,10 +99,15 @@ class SqlExport(models.Model): output = StringIO.StringIO() query = "COPY (" + obj.query + ") TO STDOUT WITH " + \ obj.copy_options - self.env.cr.copy_expert(query, output) - output.getvalue() - new_output = base64.b64encode(output.getvalue()) - output.close() + name = 'export_query_%s' % uuid.uuid1().hex + self.env.cr.execute("SAVEPOINT %s" % name) + try: + self.env.cr.copy_expert(query, output) + output.getvalue() + new_output = base64.b64encode(output.getvalue()) + output.close() + finally: + self.env.cr.execute("ROLLBACK TO SAVEPOINT %s" % name) wiz = self.env['sql.file.wizard'].create( { 'binary_file': new_output, @@ -126,9 +132,10 @@ class SqlExport(models.Model): try: self.env.cr.execute(vals['query']) except: - self.env.cr.rollback() raise exceptions.Warning( _("The Sql query is not valid.")) + finally: + self.env.cr.rollback() return vals @api.multi diff --git a/sql_export/tests/__init__.py b/sql_export/tests/__init__.py index cc43c6907..db699b61a 100644 --- a/sql_export/tests/__init__.py +++ b/sql_export/tests/__init__.py @@ -1,5 +1,2 @@ # -*- coding: utf-8 -*- from . import test_sql_query -checks = [ - test_sql_query -]