Unsafe Checker does not work with accessing composite types

[RHeynsZa]

HAving a composite type called user_details, and wanting to select on that type does not work

V("(user_details).ssn") == identifier,

Results in

buildpg.components.UnsafeError: str contain unsafe (non word) characters: "(user_details).ssn"

Please check 8.16.3 at https://www.postgresql.org/docs/10/rowtypes.html

The unsafe should probably just disregard brackets

[samuelcolvin]

Thanks for bringing this up.

Off the top of my head this sounds reasonable, but I think we need to do some more thinking about whether it could introduce any vunerabilities.

I know in your case V("(user_details).ssn") is hard coded, but the same logic is used to check the string as would be used to check external inputs.

In your case you can probably use RawDangerous (so named just to avoid people using it without thinking) to get around the check.