-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DB integration #781
DB integration #781
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall it looks clean. I've never used alembic before but it looks pretty straightforward. The migrations setup looks like it will develop nicely over time. I don't see any queries or migrations to create the database user(s). Maybe we should include that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good
end; | ||
$$ language plpgsql; | ||
""" # nosec | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
reported by reviewdog 🐶
[semgrep] sqlalchemy.text passes the constructed SQL statement to the database mostly unchanged. This means that the usual SQL injection protections are not applied and this function is vulnerable to SQL injection if user input can reach here. Use normal SQLAlchemy operators (such as or_, and_, etc.) to construct SQL.
Source: https://semgrep.dev/r/python.sqlalchemy.security.audit.avoid-sqlalchemy-text.avoid-sqlalchemy-text
Cc @thypon @bcaller
db/alembic/versions/2024_03_05_1334-ec0e245c0a9e_initialize_schema_and_pk_generation.py
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. Not sure if it exists somewhere already but it would be great to add to the README some generic information about the schema design, how and why we are using alembic, how migrations are managed.
db/README.md
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you 🙏
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Super helpful
[puLL-Merge] - brave/news-aggregator@781 Here is my review of the PR: DescriptionThis PR makes several major changes to integrate a PostgreSQL database using SQLAlchemy ORM to store publishers, feeds, articles, and related data. It adds database migrations using Alembic. The aggregator logic is updated to check the database for existing processed articles before re-processing them. Articles are inserted into the database after aggregation. ChangesChanges
Security Hotspots
Let me know if you would like me to elaborate on any part of the review! |
Infra PR: https://github.com/brave-intl/today-ops/pull/154, only enabled for US for now. |
Resolves: #762