From 4a2b74358ec330669c9f297a729e6bef455e287d Mon Sep 17 00:00:00 2001 From: Simon Fayer Date: Thu, 25 Jun 2026 20:02:49 +0100 Subject: [PATCH] fix: Parameterise SQL in DMS SEManager & UserAndGroupManager --- .../DB/FileCatalogComponents/SEManager/SEManagerDB.py | 6 +++--- .../UserGroupManager/UserAndGroupManagerDB.py | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/SEManager/SEManagerDB.py b/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/SEManager/SEManagerDB.py index d497fc87fa6..f2094d4d08f 100644 --- a/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/SEManager/SEManagerDB.py +++ b/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/SEManager/SEManagerDB.py @@ -9,7 +9,7 @@ class SEManagerDB(SEManagerBase): def _refreshSEs(self, connection=False): - req = "SELECT SEID,SEName FROM FC_StorageElements;" + req = "SELECT SEID,SEName FROM FC_StorageElements" res = self.db._query(req) if not res["OK"]: return res @@ -91,8 +91,8 @@ def __removeSE(self, seName, connection=False): waitTime = time.time() gLogger.debug(f"SEManager RemoveSE lock created. Waited {waitTime - startTime:.3f} seconds. {seName}") seid = self.db.seNames.get(seName, "Missing") - req = f"DELETE FROM FC_StorageElements WHERE SEName='{seName}'" - res = self.db._update(req, conn=connection) + req = "DELETE FROM FC_StorageElements WHERE SEName=%s" + res = self.db._update(req, args=(seName,), conn=connection) if not res["OK"]: gLogger.debug(f"SEManager RemoveSE lock released. Used {time.time() - waitTime:.3f} seconds. {seName}") self.lock.release() diff --git a/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/UserGroupManager/UserAndGroupManagerDB.py b/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/UserGroupManager/UserAndGroupManagerDB.py index 457630d3fbd..06ea0d6ce42 100644 --- a/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/UserGroupManager/UserAndGroupManagerDB.py +++ b/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/UserGroupManager/UserAndGroupManagerDB.py @@ -99,8 +99,8 @@ def __removeUser(self, uname): waitTime = time.time() gLogger.debug(f"UserGroupManager RemoveUser lock created. Waited {waitTime - startTime:.3f} seconds. {uname}") uid = self.db.users.get(uname, "Missing") - req = f"DELETE FROM FC_Users WHERE UserName='{uname}'" - res = self.db._update(req) + req = "DELETE FROM FC_Users WHERE UserName=%s" + res = self.db._update(req, args=(uname,)) if not res["OK"]: gLogger.debug( f"UserGroupManager RemoveUser lock released. Used {time.time() - waitTime:.3f} seconds. {uname}" @@ -211,8 +211,8 @@ def __removeGroup(self, group): waitTime = time.time() gLogger.debug(f"UserGroupManager RemoveGroup lock created. Waited {waitTime - startTime:.3f} seconds. {group}") gid = self.db.groups.get(group, "Missing") - req = f"DELETE FROM FC_Groups WHERE GroupName='{group}'" - res = self.db._update(req) + req = "DELETE FROM FC_Groups WHERE GroupName=%s" + res = self.db._update(req, args=(group,)) if not res["OK"]: gLogger.debug( f"UserGroupManager RemoveGroup lock released. Used {time.time() - waitTime:.3f} seconds. {group}"