10000 Stubs (.pyi) for type definition for connection and cursor objects by maximmasiutin · Pull Request #67 · mysql/mysql-connector-python · GitHub
[go: up one dir, main page]
Skip to content

Stubs (.pyi) for type definition for connection and cursor objects #67

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Stubs (.pyi) for type definition for connection and cursor objects #67

wants to merge 1 commit into from

Conversation

maximmasiutin
Copy link

These .pyi files are needed for static vulnerabilities checkers (e.g. Pyre/Pysa to find SQL injections) or static type checkers.

Please note the following types are defined, like MySQLConnectionAbstract and MySQLCursorAbstract:

def connect(*args: Any, **kwargs: Any) -> MySQLConnectionAbstract: ...
...

def connect(self, **kwargs: Any) -> MySQLConnectionAbstract: ...

...

def cursor( self, buffered: Optional[Any] = ..., raw: Optional[Any] = ..., prepared: Optional[Any] = ..., cursor_class: Optional[Any] = ..., dictionary: Optional[Any] = ..., named_tuple: Optional[Any] = ..., ) -> MySQLCursorAbstract: ...

Without such definitions, static type checkers cannot infer the types and thus find vulnerabilities.

There was an issue at the "typeshed" library python/typeshed#146 but they didn't integrate the MySQL stubs. They encourage the stubs to be distributed by the developers of the modules. Please also see https://www.python.org/dev/peps/pep-0484/#the-typeshed-repo

With the above stubs, Pyre https://github.com/facebook/pyre-check/ is finally able to find SQL injections in Python code that works with the "mysql.connector".

@maximmasiutin maximmasiutin mentioned this pull request Apr 20, 2021
Closed
@mysql-oca-bot
Copy link

Hi, thank you for submitting this pull request. In order to consider your code we need you to sign the Oracle Contribution Agreement (OCA). Please review the details and follow the instructions at https://oca.opensource.oracle.com/
Please make sure to include your MySQL bug system user (email) in the returned form.
Thanks

@maximmasiutin
Copy link
Author

My OCA is now approved, you can see my name in the list at https://oca.opensource.oracle.com/?ojr=contrib-list - just go to this page and search for my last name - masiutin

@mysql-oca-bot
Copy link

Hi, thank you for your contribution. Please confirm this code is submitted under the terms of the OCA (Oracle's Contribution Agreement) you have previously signed by cutting and pasting the following text as a comment:
"I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it."
Thanks

@maximmasiutin
Copy link
Author

I confirm the code being submitted is offered under the terms of the OCA (Oracle's Contribution Agreement) and that I am authorized to contribute it.

@maximmasiutin
Copy link
Author

I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

@mysql-oca-bot
Copy link

Hi, thank you for your contribution. Your code has been assigned to an internal queue. Please follow
bug http://bugs.mysql.com/bug.php?id=103488 for updates.
Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@maximmasiutin 328D @mysql-oca-bot
0