Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider replacing parser.parse_values with generated parser #548

Open
c24t opened this issue Oct 30, 2020 · 0 comments
Open

Consider replacing parser.parse_values with generated parser #548

c24t opened this issue Oct 30, 2020 · 0 comments
Labels
api: spanner Issues related to the googleapis/python-spanner-django API. priority: p2 Moderately-important priority. Fix may not be included in next release. security type: cleanup An internal cleanup or hygiene concern.

Comments

@c24t
Copy link
Contributor

c24t commented Oct 30, 2020

parser.py includes a small handwritten parser for parsing SQL statements. We should consider replacing this with a formal grammar and generated parser, e.g. using ANTLR.

Additionally, we may want to add fuzz testing for this parser -- and other places in the library where we're parsing SQL statements -- to check that we handle malicious statements correctly.
@c24t c24t added the security label Oct 30, 2020
@product-auto-label product-auto-label bot added the api: spanner Issues related to the googleapis/python-spanner-django API. label Oct 30, 2020
@yoshi-automation yoshi-automation added triage me I really want to be triaged. 🚨 This issue needs some love. labels Oct 31, 2020
@skuruppu skuruppu added priority: p2 Moderately-important priority. Fix may not be included in next release. type: cleanup An internal cleanup or hygiene concern. and removed 🚨 This issue needs some love. triage me I really want to be triaged. labels Nov 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api: spanner Issues related to the googleapis/python-spanner-django API. priority: p2 Moderately-important priority. Fix may not be included in next release. security type: cleanup An internal cleanup or hygiene concern.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@skuruppu @c24t @yoshi-automation