From 5f7129f4fd65afed952878f2910a61039bb4afa6 Mon Sep 17 00:00:00 2001
From: tom <thomash2505@pm.me>
Date: Mon, 12 Feb 2024 01:15:53 +0000
Subject: [PATCH] - Patch SQL injection exploits - Fix errors with pylint and
 importing `Adw` - Fixed iter return in queue

---
 src/ChatGPT.py     |  3 ++-
 src/FileView.py    |  8 ++------
 src/ImageInsert.py |  3 ++-
 src/NoteView.py    |  7 ++++---
 src/Queue.py       |  2 +-
 src/main.py        |  3 ++-
 src/sync.py        | 15 ++++++++-------
 src/ui.py          |  4 ++--
 8 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/src/ChatGPT.py b/src/ChatGPT.py
index 1eb930e..dcea952 100644
--- a/src/ChatGPT.py
+++ b/src/ChatGPT.py
@@ -1,6 +1,7 @@
 # Simple object which connects to the ChatGPT API
 import openai
-from gi.repository import Gtk, Adw
+from gi.repository import Gtk
+from gi.repository import Adw  # pylint: disable=no-name-in-module
 
 
 class AiGUI(Gtk.Window):
diff --git a/src/FileView.py b/src/FileView.py
index dba62ab..138f641 100644
--- a/src/FileView.py
+++ b/src/FileView.py
@@ -20,16 +20,12 @@ def __init__(self, path, colour_coding, verbose_mode):
         self.set_orientation(Gtk.Orientation.VERTICAL)
 
         # Search bar
-        self.search_entry = Gtk.SearchEntry()
+        self.search_entry = Gtk.SearchEntry(placeholder_text="Search Notes/Tasks",
+                                            search_delay=100)
         set_margins(self.search_entry, 2)
-        self.search_entry.set_placeholder_text("Search Notes/Tasks")
         self.search_entry.set_tooltip_text("Tip: You can search by the name of the colour")
-        # self.search_entry.set_tooltip_text("Search Notes/Tasks")
         self.search_entry.connect("search-changed", self.search)
 
-        # Decreasing reduces time to see results, increasing reduces no. of searches
-        self.search_entry.set_search_delay(100)
-
         self.file_viewer = FileViewer(path, self.colour_support)
 
         self.append(self.search_entry)
diff --git a/src/ImageInsert.py b/src/ImageInsert.py
index 13dcebc..b0fc170 100644
--- a/src/ImageInsert.py
+++ b/src/ImageInsert.py
@@ -1,4 +1,5 @@
-from gi.repository import Gtk, Adw
+from gi.repository import Gtk
+from gi.repository import Adw  # pylint: disable=no-name-in-module
 
 
 class ImageDialogue(Gtk.Window):
diff --git a/src/NoteView.py b/src/NoteView.py
index 473d2f1..47a8995 100644
--- a/src/NoteView.py
+++ b/src/NoteView.py
@@ -191,11 +191,11 @@ def __init__(self, data, config, ai_config, read_only):
                     self.container.append(self.main)
 
                 case "list":
-                    if config["list"]: self.main = List(self.data, read_only)
+                    if config["list"]: self.main = List(self.data)
                     self.container.append(self.main)
 
                 case "task":
-                    if config["task"]: self.main = Task(self.data, read_only)
+                    if config["task"]: self.main = Task(self.data)
                     self.container.append(self.main)
 
                 case _:
@@ -315,7 +315,8 @@ def get_image_from_url(self):
                                 hexpand=True)
             self.main.append(Gtk.Image(icon_name="auth-sim-missing-symbolic"))
             self.main.append(Gtk.Label(label="Unable to get image" + (" - No internet connection"
-                                                                      if isinstance(err, requests.exceptions.ConnectionError)
+                                                                      if isinstance(err,
+                                                                                    requests.exceptions.ConnectionError)
                                                                       else " - Invalid URL")))
         self.append(self.main)
 
diff --git a/src/Queue.py b/src/Queue.py
index 1b627b3..dcbb995 100644
--- a/src/Queue.py
+++ b/src/Queue.py
@@ -18,7 +18,7 @@ def __len__(self):
         return len(self._data)
 
     def __iter__(self):
-        return self._data
+        return iter(self._data)
 
     def en_queue(self, item):
         if self.size != len(self._data):
diff --git a/src/main.py b/src/main.py
index 4e11ab8..31f0db8 100644
--- a/src/main.py
+++ b/src/main.py
@@ -5,7 +5,8 @@
 gi.require_version('Gtk', '4.0')
 gi.require_version('Adw', '1')
 
-from gi.repository import Gtk, Adw
+from gi.repository import Gtk
+from gi.repository import Adw  # pylint: disable=no-name-in-module
 
 from ui import UI
 from sync import Sync
diff --git a/src/sync.py b/src/sync.py
index 1fa2fcf..db57973 100644
--- a/src/sync.py
+++ b/src/sync.py
@@ -44,7 +44,7 @@ def convert_to_blob(self, filename):
         return blob_data
 
     def compare_files(self, file):
-        self.cursor.execute(f"SELECT hash FROM test WHERE filename = '{file}'")
+        self.cursor.execute(f"SELECT hash FROM test WHERE filename = %s", (file,))
         db_hash = self.cursor.fetchall()[0][0]
         local_hash = self.hash_file(file)
         self.log("=" * 20 + file + "=" * 20)
@@ -56,7 +56,7 @@ def compare_files(self, file):
             self.skipped += 1
         else:
             self.log("Hashes don't match, checking timestamps")
-            self.cursor.execute(f"SELECT modified FROM test WHERE filename = '{file}'")
+            self.cursor.execute(f"SELECT modified FROM test WHERE filename = %s", (file,))
             db_timestamp = int(self.cursor.fetchall()[0][0])
             local_timestamp = round(os.path.getctime(file))
             self.log(f"Local timestamp: {local_timestamp}")
@@ -78,8 +78,8 @@ def update_file(self, file, time, hash):
         try:
             # Purpose: Update file in db if local is newer
             self.cursor.execute(
-                f"UPDATE test SET modified = {time}, hash = '{hash}', content = %s WHERE filename = '{file}'",
-                (mysql.connector.Binary(self.convert_to_blob(file)),))
+                "UPDATE test SET modified = %s, hash = %s, content = %s WHERE filename = %s",
+                (time, hash, mysql.connector.Binary(self.convert_to_blob(file)), file,))
             self.connection.commit()
             self.uploaded += 1
         except mysql.connector.errors.DataError:
@@ -111,7 +111,7 @@ def scan_files(self, path):
 
     def download_file(self, file):
         # Purpose: Download file from db if db is newer
-        self.cursor.execute(f"SELECT content FROM test WHERE filename = '{file}'")
+        self.cursor.execute("SELECT content FROM test WHERE filename = %s", (file,))
         content = self.cursor.fetchall()[0][0]
         self.create_file(file, content)
         self.downloaded += 1
@@ -119,8 +119,8 @@ def download_file(self, file):
     def upload_file(self, file):
         try:
             self.cursor.execute(
-                f"INSERT INTO test value('{file}', '{round(os.path.getctime(file))}', '{self.hash_file(file)}', %s)",
-                (mysql.connector.Binary(self.convert_to_blob(file)),))
+                "INSERT INTO test value(%s, %s, %s, %s)",
+                (file, round(os.path.getctime(file)), self.hash_file(file), mysql.connector.Binary(self.convert_to_blob(file)),))
             self.connection.commit()
             self.uploaded += 1
         except mysql.connector.errors.DataError:
@@ -178,3 +178,4 @@ def close(self):
         if not self.disabled:
             print("Closing sync connection...")
             self.connection.close()
+
diff --git a/src/ui.py b/src/ui.py
index 5e3a608..e9a8042 100644
--- a/src/ui.py
+++ b/src/ui.py
@@ -1,4 +1,5 @@
-from gi.repository import Gdk, Adw
+from gi.repository import Gtk, Gdk
+from gi.repository import Adw  # pylint: disable=no-name-in-module
 
 from FileView import FileWindow
 from ImageInsert import ImageDialogue
@@ -16,7 +17,6 @@ def __init__(self, window, config, debug):
         global verbose
         verbose = debug
         self.config = config
-        del config
         log("Building UI...")
 
         # Custom CSS