-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathhooks.py
More file actions
64 lines (50 loc) · 2.28 KB
/
hooks.py
File metadata and controls
64 lines (50 loc) · 2.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# Part of OpenSPP. See LICENSE file for full copyright and licensing details.
import logging
import os
import re
_logger = logging.getLogger(__name__)
# Valid index name pattern (alphanumeric and underscore only)
INDEX_NAME_PATTERN = re.compile(r"^[a-z_][a-z0-9_]*$", re.IGNORECASE)
def post_init_hook(env):
"""Post-init hook to create database indexes for scalability."""
_logger.info("spp_event_data: Creating database indexes...")
# Read SQL file
module_path = os.path.dirname(os.path.abspath(__file__))
sql_file = os.path.join(module_path, "data", "event_data_indexes.sql")
if os.path.exists(sql_file):
with open(sql_file) as f:
sql = f.read()
# Execute SQL from static file (no user input involved)
env.cr.execute(sql) # nosemgrep: odoo-sql-injection-string-format
# SQL comes from static module file data/event_data_indexes.sql, not from user input.
_logger.info("spp_event_data: Database indexes created successfully")
else:
_logger.warning("spp_event_data: Index SQL file not found: %s", sql_file)
def uninstall_hook(env):
"""Cleanup hook on module uninstall."""
_logger.info("spp_event_data: Cleaning up database indexes...")
# Drop custom indexes
indexes = [
"idx_spp_event_data_active_by_type",
"idx_spp_event_data_collection_date",
"idx_spp_event_data_expiry",
"idx_spp_event_data_source_ref",
"idx_spp_event_data_state",
"idx_spp_event_type_source",
]
for index in indexes:
# Validate index name to prevent SQL injection
if not INDEX_NAME_PATTERN.match(index):
_logger.warning("Invalid index name pattern, skipping: %s", index)
continue
try:
# Use psycopg2's sql module for safe identifier handling
from psycopg2 import sql
env.cr.execute( # nosemgrep: odoo-sql-injection-string-format
# Index name is validated by regex and passed as psycopg2 Identifier,
# not string interpolation.
sql.SQL("DROP INDEX IF EXISTS {}").format(sql.Identifier(index))
)
except Exception as e:
_logger.warning("Failed to drop index %s: %s", index, e)
_logger.info("spp_event_data: Cleanup completed")