Executando um Python que chama um SQL no BASH W10

0

Tentando executar este arquivo Python python pid_info.py 12345 que se parece com

#!/usr/bin/env python
import subprocess
import sys, getopt

# add if -b or -e then look for username/email like etc... 
# figure out how to store the db creds in separate file 
class color:
   PURPLE = '3[95m'
   CYAN = '3[96m'
   DARKCYAN = '3[36m'
   BLUE = '3[94m'
   GREEN = '3[92m'
   YELLOW = '3[93m'
   RED = '3[91m'
   BOLD = '3[1m'
   UNDERLINE = '3[4m'
   FLASH = '3[0.5m'
   END = '3[0m'

# DB info:
host = 
db=
user=
password=
# take the argument provided by user
UN=str(sys.argv[1])    
# SQL query to return user info + role
f_statement1 = """ set nocount on; set ansi_warnings off; 
SELECT 
pl.placement_id PID, pl.placement_name, p.partner_name Publisher, pc.description Platform_client, pit.description +'/'+ dt.description  Integration_Device
FROM placement pl 
JOIN partner p ON pl.partner_id = p.partner_id 
JOIN platform_client pc ON p.platform_client_id = pc.platform_client_id
JOIN placement_integration_type_assoc pita ON pl.placement_id = pita.placement_id 
JOIN placement_integration_type pit ON pita.placement_integration_type_id = pit.placement_integration_type_id
JOIN device_type dt ON pl.device_type_id = dt.device_type_id 
WHERE pit.active=1
AND pita.active=1 AND pl.placement_id = """ + str(UN)

f_statement2 = """ set nocount on; set ansi_warnings off; 
SELECT 
pl.max_ad_duration Seconds, c.abbreviation Country,
CASE WHEN passback_allowed=0 THEN 'GUARANTEED' ELSE 'PASSBACK' END AS Buy_Type, 
CASE WHEN pl.skippable=0 THEN 'Non-Skippable' ELSE 'Skippable' END AS Skippable,
CASE WHEN pl.active=1 THEN 'ACTIVE' ELSE 'NOT_ACTIVE' END AS Status
FROM placement pl 
JOIN country c ON pl.country_id = c.country_id
WHERE   pl.placement_id =""" + str(UN)

f_statement3 = """ set nocount on; set ansi_warnings off;
SELECT url_expression FROM AN_MAIN..placement_domain_whitelist
WHERE active=1 and placement_id =""" + str(UN)

# run the first query
print('\n')
print(color.UNDERLINE + color.BOLD + "Results for PID " + str(UN) + ":" + color.END)
results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement1, "-Y","30", "-s", "|" ])
print('\n')
results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement2, "-Y","30", "-s", "|" ])
print('\n')
print(color.UNDERLINE + color.BOLD + "Whitelist for PID " + str(UN) + ":" + color.END)
print('\n')
results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement3, "-Y","30", "-s", "|" ])
print('\n')

input ()

E quando eu recebo o erro

Results for PID 12345:
Traceback (most recent call last):
  File "pid_info.py", line 57, in <module>
    results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement1, "-Y","30", "-s", "|" ])
  File "/usr/lib/python2.7/subprocess.py", line 523, in call
    return Popen(*popenargs, **kwargs).wait()
  File "/usr/lib/python2.7/subprocess.py", line 711, in __init__
    errread, errwrite)
  File "/usr/lib/python2.7/subprocess.py", line 1343, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory

Que mudanças preciso fazer aqui?

    
por jhallvid 08.02.2018 / 15:24

1 resposta

4

O script Python é executado em um ambiente no qual o sqlcmd não é encontrado em nenhum dos diretórios listados na variável de ambiente PATH .

Certifique-se de que PATH inclua o diretório em que sqlcmd reside antes de invocar seu script ou use sqlcmd com seu caminho completo.

Tenho certeza de que existem bibliotecas SQL adequadas para o Python que permitem criar conexões com o banco de dados dentro do código Python sem gastar muito com algum binário externo. Isso também permitiria fazer instruções preparadas que são menos suscetíveis a ataques de injeção de SQL

Você nunca desinfectou a variável UN , o que significa que pode-se chamar o script com "12345; DROP DATABASE 'mydatabase';"

    
por 08.02.2018 / 15:50