[asterisk-dev] [Code Review] Add SQLite 3 realtime driver

Tilghman Lesher reviewboard at asterisk.org
Fri Sep 2 20:47:15 CDT 2011


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/1408/#review4208
-----------------------------------------------------------



/trunk/res/res_config_sqlite3.c
<https://reviewboard.asterisk.org/r/1408/#comment8253>

    If a commit ever fails, I expect an error message needs to hit the logs.  Otherwise, you're just dismissing a potential realtime failure.



/trunk/res/res_config_sqlite3.c
<https://reviewboard.asterisk.org/r/1408/#comment8254>

    Please use ast_app_parse_timelen() for timeunit values.



/trunk/res/res_config_sqlite3.c
<https://reviewboard.asterisk.org/r/1408/#comment8255>

    The people who deliberately order disallow/allow columns or permit/deny columns care.



/trunk/res/res_config_sqlite3.c
<https://reviewboard.asterisk.org/r/1408/#comment8256>

    The SQLite specification states that string literals are to be denoted by the single quote character ("'").
    
    As to other drivers not manually escaping, I point you to the addons/res_config_mysql.c driver, which does indeed do manual escaping (via the ESCAPE_STRING macro).  If escaping of literal values is not done in the initial driver, then this is a security issue, as remote SIP clients can send literal single quote characters into various fields.



/trunk/res/res_config_sqlite3.c
<https://reviewboard.asterisk.org/r/1408/#comment8257>

    In other drivers, this variable is called "first", which denotes whether or not this is the first time through the loop.  Another possible method that does not use a separate variable is to use ast_str_strlen(where_clause) to denote whether this is the first time through the loop or not.  This second method is also a simple lookup.


- Tilghman


On Sept. 2, 2011, 5:05 p.m., Terry Wilson wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/1408/
> -----------------------------------------------------------
> 
> (Updated Sept. 2, 2011, 5:05 p.m.)
> 
> 
> Review request for Asterisk Developers, Olle E Johansson and Tilghman Lesher.
> 
> 
> Summary
> -------
> 
> This patch adds an SQLite 3 realtime driver. It supports multiple databases, ast_realtime_require (warn, createclose, and createchar support including the ability to create missing tables), static realtime, and batching commits in transactions to increase write performance. It currently caches no table data, but I figure that premature optimization is bad anyway.
> 
> It, like other realtime drivers, doesn't escape data when building the SQL strings. I started out using parameter binding, but SQLite doesn't let you bind column names, so given how dynamic everything with realtime is, I just when with building the statements outright. I could manually escape the parameters, but the only thing in the SQLite 3 library I could find that does that dynamically allocates the string and that ends up being a lot of little allocs and frees. I suppose we could write our own using a single ast_str with some ast_str_reset calls between each one, but it is a bit of a pain. Until we want to open up the realtime api to things like AMI where user-generated input is going to be a problem, escaping isn't really necessary.
> 
> The impetus for writing this is that Asterisk now has a built-in SQLite 3 database which the astdb uses. The next step would be to convert the astdb to using the realtime calls, thus making it possible for it to be used with any realtime backend (but using the default SQLite 3 db unless configured otherwise). After that, we can start rewriting some things that use the astdb in very crude ways to start using realtime calls to the internal (or external, if configured that way) databases so that the data can be stored in more logical ways than a key/value store allows.
> 
> 
> Diffs
> -----
> 
>   /trunk/configs/res_config_sqlite3.conf.sample PRE-CREATION 
>   /trunk/res/res_config_sqlite3.c PRE-CREATION 
> 
> Diff: https://reviewboard.asterisk.org/r/1408/diff
> 
> 
> Testing
> -------
> 
> Verified that static realtime extensions.conf loads properly. Realtime CLI commands all behave as expected. Tested unload/load and reload scenarios making sure that they behaved as expected and that there were no ref/memory leaks. Made sure that batching worked.
> 
> Once we move the astdb to using realtime calls, the existing unit tests for that should give a workout to the realtime driver as well. I didn't write a new test pointing to the astdb because the astdb locks its database so it cannot be written to from another connection.
> 
> 
> Thanks,
> 
> Terry
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20110903/016e726a/attachment-0001.htm>


More information about the asterisk-dev mailing list