Safe evaluator for binding params to db queries.
| 1676 | |
| 1677 | |
| 1678 | class SafeEval: |
| 1679 | """Safe evaluator for binding params to db queries.""" |
| 1680 | |
| 1681 | def safeeval(self, text, mapping): |
| 1682 | nodes = Parser().parse(text) |
| 1683 | return SQLQuery.join([self.eval_node(node, mapping) for node in nodes], "") |
| 1684 | |
| 1685 | def eval_node(self, node, mapping): |
| 1686 | if node.type == "text": |
| 1687 | return node.first |
| 1688 | else: |
| 1689 | return sqlquote(self.eval_expr(node, mapping)) |
| 1690 | |
| 1691 | def eval_expr(self, node, mapping): |
| 1692 | if node.type == "literal": |
| 1693 | return ast.literal_eval(node.first) |
| 1694 | elif node.type == "getattr": |
| 1695 | return getattr(self.eval_expr(node.first, mapping), node.second) |
| 1696 | elif node.type == "getitem": |
| 1697 | return self.eval_expr(node.first, mapping)[ |
| 1698 | self.eval_expr(node.second, mapping) |
| 1699 | ] |
| 1700 | elif node.type == "param": |
| 1701 | return mapping[node.first] |
| 1702 | |
| 1703 | |
| 1704 | def test_parser(): |