[dak/master] use parameter binding in SQL statement

To: debian-dak@lists.debian.org,dak@commit.ganneff.de
Subject: [dak/master] use parameter binding in SQL statement
From: Ansgar Burchardt <ansgar@debian.org>
Date: Wed, 01 Nov 2017 23:32:29 +0000
Message-id: <[🔎] E1eA2Un-0002km-5F@fasolo.debian.org>

---
 daklib/checks.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/daklib/checks.py b/daklib/checks.py
index c1691b7a..e2379885 100644
--- a/daklib/checks.py
+++ b/daklib/checks.py
@@ -294,7 +294,7 @@ class SuffixCheck(Check):
 class ExternalHashesCheck(Check):
     """Checks hashes in .changes and .dsc against an external database."""
     def check_single(self, session, f):
-        q = session.execute("SELECT size, md5sum, sha1sum, sha256sum FROM external_files WHERE filename LIKE '%%/%s'" % f.filename)
+        q = session.execute("SELECT size, md5sum, sha1sum, sha256sum FROM external_files WHERE filename LIKE :pattern", {'pattern': '%/{}'.format(f.filename)})
         (ext_size, ext_md5sum, ext_sha1sum, ext_sha256sum) = q.fetchone() or (None, None, None, None)
 
         if not ext_size:
-- 
2.11.0

Reply to:

Prev by Date: [dak/master] update-external-files: modify query to be faster
Next by Date: Build failed in Jenkins: dak-tests_buster #1
Previous by thread: [dak/master] update-external-files: modify query to be faster
Next by thread: Build failed in Jenkins: dak-tests_buster #1
Index(es):
- Date
- Thread