pytds icon indicating copy to clipboard operation
pytds copied to clipboard

Published 20 hours ago verified publisher icon denisenkom

Issue with zip_import

Open sfc-gh-mrojas opened this issue 5 months ago • 1 comments

Hi. I found two issues really.

I am trying to use this package to read/write to AzureSQL in snowpark. When using version 1.14 I get this error:

RuntimeError: begin_response was called before previous response was fully consumed in function CONNECT_SQLSERVER with handler connect_sqlserver

I found another issue that says that going back to version 1.13 works the problem is that in vrsion 1.13 you have this code: version = utils.package_version("python-tds")

which fails for me because I am doing a zipimport.

This is the code I am using:

import certifi
with pytds.connect('xxxx.database.windows.net', 'database', 'user', 'password',cafile=certifi.where(),validate_host=False) as conn:
        with conn.cursor() as cur:
            cur.execute("select 1")
            cur.fetchall()
            cur.execute("insert into mytest_table(col1,col2) values('hola', 3200)")
            cur.execute("commit")
            return "done"

I patched the 1.13 version and got it running but I wanted to let you know so maybe both things get fixed on a newer version

sfc-gh-mrojas avatar Jan 18 '24 23:01 sfc-gh-mrojas

Hi, thank you for reporting! First issue is fixed in https://github.com/denisenkom/pytds/commit/14b0284024f32befbc1a0e17e225e83e2200403e. I will look at second issue.

I noticed that you use validate_host=False, this makes you vulnerable to MitM attack since an attacker can easily obtain a valid certificate, e.g. via LetsEncrypt, which would pass validation if validate_host is set to False.

denisenkom avatar Jan 22 '24 01:01 denisenkom