Skip to content

Instantly share code, notes, and snippets.

@masayuki038

masayuki038/sqlparse.py

Created July 18, 2020 04:01
Show Gist options
  • Save masayuki038/42a1fbc796059d4e6aa1e2b3cf86edf0 to your computer and use it in GitHub Desktop.
Save masayuki038/42a1fbc796059d4e6aa1e2b3cf86edf0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
sqlparse.py
import sqlparse
import sys
import re
parsed = sqlparse.parse(sys.argv[1])
print(parsed[0])
for t in parsed[0].tokens:
print(type(t), t.ttype, t)
if t.ttype is None:
sub_query = str(t)
m = re.match(r"^\((.*)\) [^\s()]+$", sub_query)
if m:
sub_query = m.group(1)
sub_parsed = sqlparse.parse(sub_query)
print(sub_parsed[0])
for sub_t in sub_parsed[0].tokens:
print(type(sub_t), sub_t.ttype, sub_t)
@masayuki038
Copy link
Author

masayuki038 commented Jul 18, 2020
edited
Loading

フィールドとテーブル名の区別はつかない。
ホワイトリストではなくブラックリストを作り、ブラックリストに Identifier が含まれていなければセーフ、とするか。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment