fix(io-manager): create primary key if missing #182
Conversation
| FROM pg_index i | ||
| JOIN pg_class c ON c.oid = i.indrelid | ||
| WHERE c.relnamespace::regnamespace::varchar = '{schema}' | ||
| AND c.relname = '{table}' AND i.indisprimary ='t'""" |
There was a problem hiding this comment.
AFAICT this creates the potential for an SQL injection vulnerability! _has_primary_key() will ever be used in a different context or without knowing if its arguments are user-defined.
Instead, psycopg's docs recommend passing the literals as additional arguments into execute().
There was a problem hiding this comment.
You are right. While this should be avoided by the explicit call to self._assert_sql_safety(schema, table) right before, at this place this is not required and can be done via parameter passing, as it's not an DDL statement. Will change this.
There was a problem hiding this comment.
In almost all cases, I don't see any reason to manually check for SQL safety, as the DB client should always (and psycopg2 does in this case!) provide means to send the values as arguments to the DB server.
To use SQL identifiers dynamically, psycopg2 also provides a tool:
If you need to generate dynamically SQL queries (for instance choosing dynamically a table name) you can use the facilities provided by the
psycopg2.sqlmodule:
There should also be a linting rule forbidding string interpolation with SQL queries.
hbruch
force-pushed
the
fix/create-missing-pk
branch
from
fe49cb3 to
d9cee36
Compare
This PR creates missing primary keys for tables which were created before primary keys were created in conjuction with newly created tables.