projects / osm / common.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fixing common security vulnerabilities
[osm/common.git] / osm_common / dbmemory.py
1 # -*- coding: utf-8 -*-
2
3 # Copyright 2018 Telefonica S.A.
4 #
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
8 #
9 # http://www.apache.org/licenses/LICENSE-2.0
10 #
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
14 # implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
17
18 from copy import deepcopy
19 from http import HTTPStatus
20 import logging
21 from uuid import uuid4
22
23 from osm_common.dbbase import DbBase, DbException
24 from osm_common.dbmongo import deep_update
25
26
27 __author__ = "Alfonso Tierno <alfonso.tiernosepulveda@telefonica.com>"
28
29
30 class DbMemory(DbBase):
31 def __init__(self, logger_name="db", lock=False):
32 super().__init__(logger_name, lock)
33 self.db = {}
34
35 def db_connect(self, config):
36 """
37 Connect to database
38 :param config: Configuration of database
39 :return: None or raises DbException on error
40 """
41 if "logger_name" in config:
42 self.logger = logging.getLogger(config["logger_name"])
43 master_key = config.get("commonkey") or config.get("masterpassword")
44 if master_key:
45 self.set_secret_key(master_key)
46
47 @staticmethod
48 def _format_filter(q_filter):
49 db_filter = {}
50 # split keys with ANYINDEX in this way:
51 # {"A.B.ANYINDEX.C.D.ANYINDEX.E": v } -> {"A.B.ANYINDEX": {"C.D.ANYINDEX": {"E": v}}}
52 if q_filter:
53 for k, v in q_filter.items():
54 db_v = v
55 kleft, _, kright = k.rpartition(".ANYINDEX.")
56 while kleft:
57 k = kleft + ".ANYINDEX"
58 db_v = {kright: db_v}
59 kleft, _, kright = k.rpartition(".ANYINDEX.")
60 deep_update(db_filter, {k: db_v})
61
62 return db_filter
63
64 def _find(self, table, q_filter):
65 def recursive_find(key_list, key_next_index, content, oper, target):
66 if key_next_index == len(key_list) or content is None:
67 try:
68 if oper in ("eq", "cont"):
69 if isinstance(target, list):
70 if isinstance(content, list):
71 return any(
72 content_item in target for content_item in content
73 )
74 return content in target
75 elif isinstance(content, list):
76 return target in content
77 else:
78 return content == target
79 elif oper in ("neq", "ne", "ncont"):
80 if isinstance(target, list):
81 if isinstance(content, list):
82 return all(
83 content_item not in target
84 for content_item in content
85 )
86 return content not in target
87 elif isinstance(content, list):
88 return target not in content
89 else:
90 return content != target
91 if oper == "gt":
92 return content > target
93 elif oper == "gte":
94 return content >= target
95 elif oper == "lt":
96 return content < target
97 elif oper == "lte":
98 return content <= target
99 else:
100 raise DbException(
101 "Unknown filter operator '{}' in key '{}'".format(
102 oper, ".".join(key_list)
103 ),
104 http_code=HTTPStatus.BAD_REQUEST,
105 )
106 except TypeError:
107 return False
108
109 elif isinstance(content, dict):
110 return recursive_find(
111 key_list,
112 key_next_index + 1,
113 content.get(key_list[key_next_index]),
114 oper,
115 target,
116 )
117 elif isinstance(content, list):
118 look_for_match = True # when there is a match return immediately
119 if (target is None) != (
120 oper in ("neq", "ne", "ncont")
121 ): # one True and other False (Xor)
122 look_for_match = (
123 False # when there is not a match return immediately
124 )
125
126 for content_item in content:
127 if key_list[key_next_index] == "ANYINDEX" and isinstance(v, dict):
128 matches = True
129 for k2, v2 in target.items():
130 k_new_list = k2.split(".")
131 new_operator = "eq"
132 if k_new_list[-1] in (
133 "eq",
134 "ne",
135 "gt",
136 "gte",
137 "lt",
138 "lte",
139 "cont",
140 "ncont",
141 "neq",
142 ):
143 new_operator = k_new_list.pop()
144 if not recursive_find(
145 k_new_list, 0, content_item, new_operator, v2
146 ):
147 matches = False
148 break
149
150 else:
151 matches = recursive_find(
152 key_list, key_next_index, content_item, oper, target
153 )
154 if matches == look_for_match:
155 return matches
156 if key_list[key_next_index].isdecimal() and int(
157 key_list[key_next_index]
158 ) < len(content):
159 matches = recursive_find(
160 key_list,
161 key_next_index + 1,
162 content[int(key_list[key_next_index])],
163 oper,
164 target,
165 )
166 if matches == look_for_match:
167 return matches
168 return not look_for_match
169 else: # content is not dict, nor list neither None, so not found
170 if oper in ("neq", "ne", "ncont"):
171 return target is not None
172 else:
173 return target is None
174
175 for i, row in enumerate(self.db.get(table, ())):
176 q_filter = q_filter or {}
177 for k, v in q_filter.items():
178 k_list = k.split(".")
179 operator = "eq"
180 if k_list[-1] in (
181 "eq",
182 "ne",
183 "gt",
184 "gte",
185 "lt",
186 "lte",
187 "cont",
188 "ncont",
189 "neq",
190 ):
191 operator = k_list.pop()
192 matches = recursive_find(k_list, 0, row, operator, v)
193 if not matches:
194 break
195 else:
196 # match
197 yield i, row
198
199 def get_list(self, table, q_filter=None):
200 """
201 Obtain a list of entries matching q_filter
202 :param table: collection or table
203 :param q_filter: Filter
204 :return: a list (can be empty) with the found entries. Raises DbException on error
205 """
206 try:
207 result = []
208 with self.lock:
209 for _, row in self._find(table, self._format_filter(q_filter)):
210 result.append(deepcopy(row))
211 return result
212 except DbException:
213 raise
214 except Exception as e: # TODO refine
215 raise DbException(str(e))
216
217 def count(self, table, q_filter=None):
218 """
219 Count the number of entries matching q_filter
220 :param table: collection or table
221 :param q_filter: Filter
222 :return: number of entries found (can be zero)
223 :raise: DbException on error
224 """
225 try:
226 with self.lock:
227 return sum(1 for x in self._find(table, self._format_filter(q_filter)))
228 except DbException:
229 raise
230 except Exception as e: # TODO refine
231 raise DbException(str(e))
232
233 def get_one(self, table, q_filter=None, fail_on_empty=True, fail_on_more=True):
234 """
235 Obtain one entry matching q_filter
236 :param table: collection or table
237 :param q_filter: Filter
238 :param fail_on_empty: If nothing matches filter it returns None unless this flag is set tu True, in which case
239 it raises a DbException
240 :param fail_on_more: If more than one matches filter it returns one of then unless this flag is set tu True, so
241 that it raises a DbException
242 :return: The requested element, or None
243 """
244 try:
245 result = None
246 with self.lock:
247 for _, row in self._find(table, self._format_filter(q_filter)):
248 if not fail_on_more:
249 return deepcopy(row)
250 if result:
251 raise DbException(
252 "Found more than one entry with filter='{}'".format(
253 q_filter
254 ),
255 HTTPStatus.CONFLICT.value,
256 )
257 result = row
258 if not result and fail_on_empty:
259 raise DbException(
260 "Not found entry with filter='{}'".format(q_filter),
261 HTTPStatus.NOT_FOUND,
262 )
263 return deepcopy(result)
264 except Exception as e: # TODO refine
265 raise DbException(str(e))
266
267 def del_list(self, table, q_filter=None):
268 """
269 Deletes all entries that match q_filter
270 :param table: collection or table
271 :param q_filter: Filter
272 :return: Dict with the number of entries deleted
273 """
274 try:
275 id_list = []
276 with self.lock:
277 for i, _ in self._find(table, self._format_filter(q_filter)):
278 id_list.append(i)
279 deleted = len(id_list)
280 for i in reversed(id_list):
281 del self.db[table][i]
282 return {"deleted": deleted}
283 except DbException:
284 raise
285 except Exception as e: # TODO refine
286 raise DbException(str(e))
287
288 def del_one(self, table, q_filter=None, fail_on_empty=True):
289 """
290 Deletes one entry that matches q_filter
291 :param table: collection or table
292 :param q_filter: Filter
293 :param fail_on_empty: If nothing matches filter it returns '0' deleted unless this flag is set tu True, in
294 which case it raises a DbException
295 :return: Dict with the number of entries deleted
296 """
297 try:
298 with self.lock:
299 for i, _ in self._find(table, self._format_filter(q_filter)):
300 break
301 else:
302 if fail_on_empty:
303 raise DbException(
304 "Not found entry with filter='{}'".format(q_filter),
305 HTTPStatus.NOT_FOUND,
306 )
307 return None
308 del self.db[table][i]
309 return {"deleted": 1}
310 except Exception as e: # TODO refine
311 raise DbException(str(e))
312
313 def _update(
314 self,
315 db_item,
316 update_dict,
317 unset=None,
318 pull=None,
319 push=None,
320 push_list=None,
321 pull_list=None,
322 ):
323 """
324 Modifies an entry at database
325 :param db_item: entry of the table to update
326 :param update_dict: Plain dictionary with the content to be updated. It is a dot separated keys and a value
327 :param unset: Plain dictionary with the content to be removed if exist. It is a dot separated keys, value is
328 ignored. If not exist, it is ignored
329 :param pull: Plain dictionary with the content to be removed from an array. It is a dot separated keys and value
330 if exist in the array is removed. If not exist, it is ignored
331 :param pull_list: Same as pull but values are arrays where each item is removed from the array
332 :param push: Plain dictionary with the content to be appended to an array. It is a dot separated keys and value
333 is appended to the end of the array
334 :param push_list: Same as push but values are arrays where each item is and appended instead of appending the
335 whole array
336 :return: True if database has been changed, False if not; Exception on error
337 """
338
339 def _iterate_keys(k, db_nested, populate=True):
340 k_list = k.split(".")
341 k_item_prev = k_list[0]
342 populated = False
343 if k_item_prev not in db_nested and populate:
344 populated = True
345 db_nested[k_item_prev] = None
346 for k_item in k_list[1:]:
347 if isinstance(db_nested[k_item_prev], dict):
348 if k_item not in db_nested[k_item_prev]:
349 if not populate:
350 raise DbException(
351 "Cannot set '{}', not existing '{}'".format(k, k_item)
352 )
353 populated = True
354 db_nested[k_item_prev][k_item] = None
355 elif isinstance(db_nested[k_item_prev], list) and k_item.isdigit():
356 # extend list with Nones if index greater than list
357 k_item = int(k_item)
358 if k_item >= len(db_nested[k_item_prev]):
359 if not populate:
360 raise DbException(
361 "Cannot set '{}', index too large '{}'".format(
362 k, k_item
363 )
364 )
365 populated = True
366 db_nested[k_item_prev] += [None] * (
367 k_item - len(db_nested[k_item_prev]) + 1
368 )
369 elif db_nested[k_item_prev] is None:
370 if not populate:
371 raise DbException(
372 "Cannot set '{}', not existing '{}'".format(k, k_item)
373 )
374 populated = True
375 db_nested[k_item_prev] = {k_item: None}
376 else: # number, string, boolean, ... or list but with not integer key
377 raise DbException(
378 "Cannot set '{}' on existing '{}={}'".format(
379 k, k_item_prev, db_nested[k_item_prev]
380 )
381 )
382 db_nested = db_nested[k_item_prev]
383 k_item_prev = k_item
384 return db_nested, k_item_prev, populated
385
386 updated = False
387 try:
388 if update_dict:
389 for dot_k, v in update_dict.items():
390 dict_to_update, key_to_update, _ = _iterate_keys(dot_k, db_item)
391 dict_to_update[key_to_update] = v
392 updated = True
393 if unset:
394 for dot_k in unset:
395 try:
396 dict_to_update, key_to_update, _ = _iterate_keys(
397 dot_k, db_item, populate=False
398 )
399 del dict_to_update[key_to_update]
400 updated = True
401 except Exception as unset_error:
402 self.logger.error(f"{unset_error} occured while updating DB.")
403 if pull:
404 for dot_k, v in pull.items():
405 try:
406 dict_to_update, key_to_update, _ = _iterate_keys(
407 dot_k, db_item, populate=False
408 )
409 except Exception as pull_error:
410 self.logger.error(f"{pull_error} occured while updating DB.")
411 continue
412
413 if key_to_update not in dict_to_update:
414 continue
415 if not isinstance(dict_to_update[key_to_update], list):
416 raise DbException(
417 "Cannot pull '{}'. Target is not a list".format(dot_k)
418 )
419 while v in dict_to_update[key_to_update]:
420 dict_to_update[key_to_update].remove(v)
421 updated = True
422 if pull_list:
423 for dot_k, v in pull_list.items():
424 if not isinstance(v, list):
425 raise DbException(
426 "Invalid content at pull_list, '{}' must be an array".format(
427 dot_k
428 ),
429 http_code=HTTPStatus.BAD_REQUEST,
430 )
431 try:
432 dict_to_update, key_to_update, _ = _iterate_keys(
433 dot_k, db_item, populate=False
434 )
435 except Exception as iterate_error:
436 self.logger.error(
437 f"{iterate_error} occured while iterating keys in db update."
438 )
439 continue
440
441 if key_to_update not in dict_to_update:
442 continue
443 if not isinstance(dict_to_update[key_to_update], list):
444 raise DbException(
445 "Cannot pull_list '{}'. Target is not a list".format(dot_k)
446 )
447 for single_v in v:
448 while single_v in dict_to_update[key_to_update]:
449 dict_to_update[key_to_update].remove(single_v)
450 updated = True
451 if push:
452 for dot_k, v in push.items():
453 dict_to_update, key_to_update, populated = _iterate_keys(
454 dot_k, db_item
455 )
456 if (
457 isinstance(dict_to_update, dict)
458 and key_to_update not in dict_to_update
459 ):
460 dict_to_update[key_to_update] = [v]
461 updated = True
462 elif populated and dict_to_update[key_to_update] is None:
463 dict_to_update[key_to_update] = [v]
464 updated = True
465 elif not isinstance(dict_to_update[key_to_update], list):
466 raise DbException(
467 "Cannot push '{}'. Target is not a list".format(dot_k)
468 )
469 else:
470 dict_to_update[key_to_update].append(v)
471 updated = True
472 if push_list:
473 for dot_k, v in push_list.items():
474 if not isinstance(v, list):
475 raise DbException(
476 "Invalid content at push_list, '{}' must be an array".format(
477 dot_k
478 ),
479 http_code=HTTPStatus.BAD_REQUEST,
480 )
481 dict_to_update, key_to_update, populated = _iterate_keys(
482 dot_k, db_item
483 )
484 if (
485 isinstance(dict_to_update, dict)
486 and key_to_update not in dict_to_update
487 ):
488 dict_to_update[key_to_update] = v.copy()
489 updated = True
490 elif populated and dict_to_update[key_to_update] is None:
491 dict_to_update[key_to_update] = v.copy()
492 updated = True
493 elif not isinstance(dict_to_update[key_to_update], list):
494 raise DbException(
495 "Cannot push '{}'. Target is not a list".format(dot_k),
496 http_code=HTTPStatus.CONFLICT,
497 )
498 else:
499 dict_to_update[key_to_update] += v
500 updated = True
501
502 return updated
503 except DbException:
504 raise
505 except Exception as e: # TODO refine
506 raise DbException(str(e))
507
508 def set_one(
509 self,
510 table,
511 q_filter,
512 update_dict,
513 fail_on_empty=True,
514 unset=None,
515 pull=None,
516 push=None,
517 push_list=None,
518 pull_list=None,
519 ):
520 """
521 Modifies an entry at database
522 :param table: collection or table
523 :param q_filter: Filter
524 :param update_dict: Plain dictionary with the content to be updated. It is a dot separated keys and a value
525 :param fail_on_empty: If nothing matches filter it returns None unless this flag is set tu True, in which case
526 it raises a DbException
527 :param unset: Plain dictionary with the content to be removed if exist. It is a dot separated keys, value is
528 ignored. If not exist, it is ignored
529 :param pull: Plain dictionary with the content to be removed from an array. It is a dot separated keys and value
530 if exist in the array is removed. If not exist, it is ignored
531 :param pull_list: Same as pull but values are arrays where each item is removed from the array
532 :param push: Plain dictionary with the content to be appended to an array. It is a dot separated keys and value
533 is appended to the end of the array
534 :param push_list: Same as push but values are arrays where each item is and appended instead of appending the
535 whole array
536 :return: Dict with the number of entries modified. None if no matching is found.
537 """
538 with self.lock:
539 for i, db_item in self._find(table, self._format_filter(q_filter)):
540 updated = self._update(
541 db_item,
542 update_dict,
543 unset=unset,
544 pull=pull,
545 push=push,
546 push_list=push_list,
547 pull_list=pull_list,
548 )
549 return {"updated": 1 if updated else 0}
550 else:
551 if fail_on_empty:
552 raise DbException(
553 "Not found entry with _id='{}'".format(q_filter),
554 HTTPStatus.NOT_FOUND,
555 )
556 return None
557
558 def set_list(
559 self,
560 table,
561 q_filter,
562 update_dict,
563 unset=None,
564 pull=None,
565 push=None,
566 push_list=None,
567 pull_list=None,
568 ):
569 """Modifies al matching entries at database. Same as push. Do not fail if nothing matches"""
570 with self.lock:
571 updated = 0
572 found = 0
573 for _, db_item in self._find(table, self._format_filter(q_filter)):
574 found += 1
575 if self._update(
576 db_item,
577 update_dict,
578 unset=unset,
579 pull=pull,
580 push=push,
581 push_list=push_list,
582 pull_list=pull_list,
583 ):
584 updated += 1
585 # if not found and fail_on_empty:
586 # raise DbException("Not found entry with '{}'".format(q_filter), HTTPStatus.NOT_FOUND)
587 return {"updated": updated} if found else None
588
589 def replace(self, table, _id, indata, fail_on_empty=True):
590 """
591 Replace the content of an entry
592 :param table: collection or table
593 :param _id: internal database id
594 :param indata: content to replace
595 :param fail_on_empty: If nothing matches filter it returns None unless this flag is set tu True, in which case
596 it raises a DbException
597 :return: Dict with the number of entries replaced
598 """
599 try:
600 with self.lock:
601 for i, _ in self._find(table, self._format_filter({"_id": _id})):
602 break
603 else:
604 if fail_on_empty:
605 raise DbException(
606 "Not found entry with _id='{}'".format(_id),
607 HTTPStatus.NOT_FOUND,
608 )
609 return None
610 self.db[table][i] = deepcopy(indata)
611 return {"updated": 1}
612 except DbException:
613 raise
614 except Exception as e: # TODO refine
615 raise DbException(str(e))
616
617 def create(self, table, indata):
618 """
619 Add a new entry at database
620 :param table: collection or table
621 :param indata: content to be added
622 :return: database '_id' of the inserted element. Raises a DbException on error
623 """
624 try:
625 id = indata.get("_id")
626 if not id:
627 id = str(uuid4())
628 indata["_id"] = id
629 with self.lock:
630 if table not in self.db:
631 self.db[table] = []
632 self.db[table].append(deepcopy(indata))
633 return id
634 except Exception as e: # TODO refine
635 raise DbException(str(e))
636
637 def create_list(self, table, indata_list):
638 """
639 Add a new entry at database
640 :param table: collection or table
641 :param indata_list: list content to be added
642 :return: list of inserted 'id's. Raises a DbException on error
643 """
644 try:
645 _ids = []
646 with self.lock:
647 for indata in indata_list:
648 _id = indata.get("_id")
649 if not _id:
650 _id = str(uuid4())
651 indata["_id"] = _id
652 with self.lock:
653 if table not in self.db:
654 self.db[table] = []
655 self.db[table].append(deepcopy(indata))
656 _ids.append(_id)
657 return _ids
658 except Exception as e: # TODO refine
659 raise DbException(str(e))
660
661
662 if __name__ == "__main__":
663 # some test code
664 db = DbMemory()
665 db.create("test", {"_id": 1, "data": 1})
666 db.create("test", {"_id": 2, "data": 2})
667 db.create("test", {"_id": 3, "data": 3})
668 print("must be 3 items:", db.get_list("test"))
669 print("must return item 2:", db.get_list("test", {"_id": 2}))
670 db.del_one("test", {"_id": 2})
671 print("must be emtpy:", db.get_list("test", {"_id": 2}))