Spaces:
Running on Zero
Running on Zero
File size: 1,595 Bytes
656f91e | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | """Single-source SQL identifier contract: the charset rule + the quoter.
Two single-definition primitives for SQL identifiers / db_ids, both previously
hand-inlined across the env, ingestion, data card, demo UI, and eval policies:
- ``is_valid_identifier`` — the ``^[A-Za-z0-9_]+$`` charset contract
``SQLEnvironment`` enforces for db_ids and that any table name must satisfy
before reaching raw SQL (was re-derived at four sites).
- ``quote_ident`` — double-quotes an identifier and escapes any embedded
double-quote (SQL standard ``"`` -> ``""``) so a hostile name like
``a"; DROP TABLE x`` can never break out of the quoted identifier (was inlined
at five sites).
This is a stdlib-only LEAF module (no project imports, no heavy deps); importing
it never pulls ``gradio``/``torch``/``trl``/``transformers``.
"""
from __future__ import annotations
import re
# A non-empty run of [A-Za-z0-9_] — the db_id / SQL-identifier charset contract.
_IDENTIFIER_RE = re.compile(r"[A-Za-z0-9_]+")
def is_valid_identifier(name: str) -> bool:
"""True iff ``name`` is a non-empty string of only ``[A-Za-z0-9_]``.
The db_id / SQL-identifier charset contract enforced by ``SQLEnvironment`` and
required of any table name interpolated into raw SQL. Empty string -> False.
"""
return bool(_IDENTIFIER_RE.fullmatch(name))
def quote_ident(name: str) -> str:
"""Double-quote a SQL identifier, escaping any embedded double-quote.
``a"b`` -> ``"a""b"``. The returned string INCLUDES the surrounding quotes.
"""
return '"' + name.replace('"', '""') + '"'
|