44ccfacbe3a3d4b300f80d48651c77837a4b571e galt Tue Apr 26 11:12:02 2022 -0700 SQL INJECTION Prevention Version 2 - this improves our methods by making subclauses of SQL that get passed around be both easy and correct to use. The way that was achieved was by getting rid of the obscure and not well used functions sqlSafefFrag and sqlDyStringPrintfFrag and replacing them with the plain versions of those functions, since these are not needed anymore. The new version checks for NOSQLINJ in unquoted %-s which is used to include SQL clauses, and will give an error the NOSQLINJ clause is not present, and this will automatically require the correct behavior by developers. sqlDyStringPrint is a very useful function, however because it was not enforced, users could use various other dyString functions and they operated without any awareness or checking for SQL correct use. Now those dyString functions are prohibited and it will produce an error if you try to use a dyString function on a SQL string, which is simply detected by the presence of the NOSQLINJ prefix. diff --git src/hg/encode3/encodeDataWarehouse/lib/encodeDataWarehouse.c src/hg/encode3/encodeDataWarehouse/lib/encodeDataWarehouse.c index 0c860ee..46a8074 100644 --- src/hg/encode3/encodeDataWarehouse/lib/encodeDataWarehouse.c +++ src/hg/encode3/encodeDataWarehouse/lib/encodeDataWarehouse.c @@ -42,35 +42,35 @@ el = edwSettingsLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwSettingsSaveToDb(struct sqlConnection *conn, struct edwSettings *el, char *tableName, int updateSize) /* Save edwSettings as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,'%s','%s')", tableName, el->id, el->name, el->val); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwSettings *edwSettingsLoad(char **row) /* Load a edwSettings from row fetched with select * from edwSettings * from database. Dispose of this with edwSettingsFree(). */ { struct edwSettings *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->name = cloneString(row[1]); ret->val = cloneString(row[2]); return ret; } @@ -197,35 +197,35 @@ el = edwUserLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwUserSaveToDb(struct sqlConnection *conn, struct edwUser *el, char *tableName, int updateSize) /* Save edwUser as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,'%s','%s',%d)", tableName, el->id, el->email, el->uuid, el->isAdmin); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwUser *edwUserLoad(char **row) /* Load a edwUser from row fetched with select * from edwUser * from database. Dispose of this with edwUserFree(). */ { struct edwUser *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->email = cloneString(row[1]); safecpy(ret->uuid, sizeof(ret->uuid), row[2]); ret->isAdmin = sqlSigned(row[3]); return ret; } @@ -357,35 +357,35 @@ el = edwScriptRegistryLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwScriptRegistrySaveToDb(struct sqlConnection *conn, struct edwScriptRegistry *el, char *tableName, int updateSize) /* Save edwScriptRegistry as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,%u,'%s','%s','%s',%d)", tableName, el->id, el->userId, el->name, el->description, el->secretHash, el->submitCount); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwScriptRegistry *edwScriptRegistryLoad(char **row) /* Load a edwScriptRegistry from row fetched with select * from edwScriptRegistry * from database. Dispose of this with edwScriptRegistryFree(). */ { struct edwScriptRegistry *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->userId = sqlUnsigned(row[1]); ret->name = cloneString(row[2]); ret->description = cloneString(row[3]); ret->secretHash = cloneString(row[4]); ret->submitCount = sqlSigned(row[5]); @@ -533,35 +533,35 @@ el = edwHostLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwHostSaveToDb(struct sqlConnection *conn, struct edwHost *el, char *tableName, int updateSize) /* Save edwHost as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,'%s',%lld,%lld,%lld,'%s',%lld,%lld,%lld,%d)", tableName, el->id, el->name, el->lastOkTime, el->lastNotOkTime, el->firstAdded, el->errorMessage, el->openSuccesses, el->openFails, el->historyBits, el->paraFetchStreams); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwHost *edwHostLoad(char **row) /* Load a edwHost from row fetched with select * from edwHost * from database. Dispose of this with edwHostFree(). */ { struct edwHost *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->name = cloneString(row[1]); ret->lastOkTime = sqlLongLong(row[2]); ret->lastNotOkTime = sqlLongLong(row[3]); ret->firstAdded = sqlLongLong(row[4]); ret->errorMessage = cloneString(row[5]); @@ -722,35 +722,35 @@ el = edwSubmitDirLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwSubmitDirSaveToDb(struct sqlConnection *conn, struct edwSubmitDir *el, char *tableName, int updateSize) /* Save edwSubmitDir as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,'%s',%u,%lld,%lld,%lld,'%s',%lld,%lld,%lld)", tableName, el->id, el->url, el->hostId, el->lastOkTime, el->lastNotOkTime, el->firstAdded, el->errorMessage, el->openSuccesses, el->openFails, el->historyBits); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwSubmitDir *edwSubmitDirLoad(char **row) /* Load a edwSubmitDir from row fetched with select * from edwSubmitDir * from database. Dispose of this with edwSubmitDirFree(). */ { struct edwSubmitDir *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->url = cloneString(row[1]); ret->hostId = sqlUnsigned(row[2]); ret->lastOkTime = sqlLongLong(row[3]); ret->lastNotOkTime = sqlLongLong(row[4]); ret->firstAdded = sqlLongLong(row[5]); @@ -915,35 +915,35 @@ el = edwFileLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwFileSaveToDb(struct sqlConnection *conn, struct edwFile *el, char *tableName, int updateSize) /* Save edwFile as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,%u,%u,'%s','%s',%lld,%lld,%lld,%lld,'%s','%s','%s','%s',%u)", tableName, el->id, el->submitId, el->submitDirId, el->submitFileName, el->edwFileName, el->startUploadTime, el->endUploadTime, el->updateTime, el->size, el->md5, el->tags, el->errorMessage, el->deprecated, el->replacedBy); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwFile *edwFileLoad(char **row) /* Load a edwFile from row fetched with select * from edwFile * from database. Dispose of this with edwFileFree(). */ { struct edwFile *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->submitId = sqlUnsigned(row[1]); ret->submitDirId = sqlUnsigned(row[2]); ret->submitFileName = cloneString(row[3]); ret->edwFileName = cloneString(row[4]); ret->startUploadTime = sqlLongLong(row[5]); @@ -1137,35 +1137,35 @@ el = edwSubmitLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwSubmitSaveToDb(struct sqlConnection *conn, struct edwSubmit *el, char *tableName, int updateSize) /* Save edwSubmit as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,'%s',%lld,%lld,%u,%u,%u,%u,%u,%u,%lld,%lld,%lld,'%s',%u,%u)", tableName, el->id, el->url, el->startUploadTime, el->endUploadTime, el->userId, el->submitFileId, el->submitDirId, el->fileCount, el->oldFiles, el->newFiles, el->byteCount, el->oldBytes, el->newBytes, el->errorMessage, el->fileIdInTransit, el->metaChangeCount); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwSubmit *edwSubmitLoad(char **row) /* Load a edwSubmit from row fetched with select * from edwSubmit * from database. Dispose of this with edwSubmitFree(). */ { struct edwSubmit *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->url = cloneString(row[1]); ret->startUploadTime = sqlLongLong(row[2]); ret->endUploadTime = sqlLongLong(row[3]); ret->userId = sqlUnsigned(row[4]); ret->submitFileId = sqlUnsigned(row[5]); @@ -1347,35 +1347,35 @@ el = edwSubscriberLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwSubscriberSaveToDb(struct sqlConnection *conn, struct edwSubscriber *el, char *tableName, int updateSize) /* Save edwSubscriber as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,'%s',%g,'%s','%s','%s','%s')", tableName, el->id, el->name, el->runOrder, el->filePattern, el->dirPattern, el->tagPattern, el->onFileEndUpload); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwSubscriber *edwSubscriberLoad(char **row) /* Load a edwSubscriber from row fetched with select * from edwSubscriber * from database. Dispose of this with edwSubscriberFree(). */ { struct edwSubscriber *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->name = cloneString(row[1]); ret->runOrder = sqlDouble(row[2]); ret->filePattern = cloneString(row[3]); ret->dirPattern = cloneString(row[4]); ret->tagPattern = cloneString(row[5]); @@ -1531,35 +1531,35 @@ el = edwAssemblyLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwAssemblySaveToDb(struct sqlConnection *conn, struct edwAssembly *el, char *tableName, int updateSize) /* Save edwAssembly as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,%u,'%s','%s',%u,%lld,%lld,%u)", tableName, el->id, el->taxon, el->name, el->ucscDb, el->twoBitId, el->baseCount, el->realBaseCount, el->seqCount); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwAssembly *edwAssemblyLoad(char **row) /* Load a edwAssembly from row fetched with select * from edwAssembly * from database. Dispose of this with edwAssemblyFree(). */ { struct edwAssembly *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->taxon = sqlUnsigned(row[1]); ret->name = cloneString(row[2]); ret->ucscDb = cloneString(row[3]); ret->twoBitId = sqlUnsigned(row[4]); ret->baseCount = sqlLongLong(row[5]); @@ -1706,35 +1706,35 @@ el = edwBiosampleLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwBiosampleSaveToDb(struct sqlConnection *conn, struct edwBiosample *el, char *tableName, int updateSize) /* Save edwBiosample as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,'%s',%u,'%s')", tableName, el->id, el->term, el->taxon, el->sex); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwBiosample *edwBiosampleLoad(char **row) /* Load a edwBiosample from row fetched with select * from edwBiosample * from database. Dispose of this with edwBiosampleFree(). */ { struct edwBiosample *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->term = cloneString(row[1]); ret->taxon = sqlUnsigned(row[2]); ret->sex = cloneString(row[3]); return ret; } @@ -1869,35 +1869,35 @@ el = edwExperimentLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwExperimentSaveToDb(struct sqlConnection *conn, struct edwExperiment *el, char *tableName, int updateSize) /* Save edwExperiment as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( '%s','%s','%s','%s','%s','%s','%s','%s')", tableName, el->accession, el->dataType, el->lab, el->biosample, el->rfa, el->assayType, el->ipTarget, el->control); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwExperiment *edwExperimentLoad(char **row) /* Load a edwExperiment from row fetched with select * from edwExperiment * from database. Dispose of this with edwExperimentFree(). */ { struct edwExperiment *ret; AllocVar(ret); safecpy(ret->accession, sizeof(ret->accession), row[0]); ret->dataType = cloneString(row[1]); ret->lab = cloneString(row[2]); ret->biosample = cloneString(row[3]); ret->rfa = cloneString(row[4]); ret->assayType = cloneString(row[5]); @@ -2081,35 +2081,35 @@ el = edwValidFileLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwValidFileSaveToDb(struct sqlConnection *conn, struct edwValidFile *el, char *tableName, int updateSize) /* Save edwValidFile as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,'%s',%u,'%s','%s','%s','%s','%s','%s','%s',%lld,%lld,%lld,%lld,'%s',%g,%g,%g,%d,%d,'%s','%s',%d,%g)", tableName, el->id, el->licensePlate, el->fileId, el->format, el->outputType, el->experiment, el->replicate, el->validKey, el->enrichedIn, el->ucscDb, el->itemCount, el->basesInItems, el->sampleCount, el->basesInSample, el->sampleBed, el->mapRatio, el->sampleCoverage, el->depth, el->singleQaStatus, el->replicateQaStatus, el->technicalReplicate, el->pairedEnd, el->qaVersion, el->uniqueMapRatio); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwValidFile *edwValidFileLoad(char **row) /* Load a edwValidFile from row fetched with select * from edwValidFile * from database. Dispose of this with edwValidFileFree(). */ { struct edwValidFile *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); safecpy(ret->licensePlate, sizeof(ret->licensePlate), row[1]); ret->fileId = sqlUnsigned(row[2]); ret->format = cloneString(row[3]); ret->outputType = cloneString(row[4]); ret->experiment = cloneString(row[5]); @@ -2335,42 +2335,42 @@ el = edwFastqFileLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwFastqFileSaveToDb(struct sqlConnection *conn, struct edwFastqFile *el, char *tableName, int updateSize) /* Save edwFastqFile as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); char *qualPosArray, *aAtPosArray, *cAtPosArray, *gAtPosArray, *tAtPosArray, *nAtPosArray; qualPosArray = sqlDoubleArrayToString(el->qualPos, el->readSizeMax); aAtPosArray = sqlDoubleArrayToString(el->aAtPos, el->readSizeMax); cAtPosArray = sqlDoubleArrayToString(el->cAtPos, el->readSizeMax); gAtPosArray = sqlDoubleArrayToString(el->gAtPos, el->readSizeMax); tAtPosArray = sqlDoubleArrayToString(el->tAtPos, el->readSizeMax); nAtPosArray = sqlDoubleArrayToString(el->nAtPos, el->readSizeMax); sqlDyStringPrintf(update, "insert into %s values ( %u,%u,%lld,%lld,'%s',%lld,%lld,%g,%g,%d,%d,%g,%g,%g,%g,'%s',%d,%g,%g,%g,%g,%g,%g,'%s','%s','%s','%s','%s','%s')", tableName, el->id, el->fileId, el->sampleCount, el->basesInSample, el->sampleFileName, el->readCount, el->baseCount, el->readSizeMean, el->readSizeStd, el->readSizeMin, el->readSizeMax, el->qualMean, el->qualStd, el->qualMin, el->qualMax, el->qualType, el->qualZero, el->atRatio, el->aRatio, el->cRatio, el->gRatio, el->tRatio, el->nRatio, qualPosArray , aAtPosArray , cAtPosArray , gAtPosArray , tAtPosArray , nAtPosArray ); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); freez(&qualPosArray); freez(&aAtPosArray); freez(&cAtPosArray); freez(&gAtPosArray); freez(&tAtPosArray); freez(&nAtPosArray); } struct edwFastqFile *edwFastqFileLoad(char **row) /* Load a edwFastqFile from row fetched with select * from edwFastqFile * from database. Dispose of this with edwFastqFileFree(). */ { struct edwFastqFile *ret; AllocVar(ret); @@ -2764,35 +2764,35 @@ el = edwBamFileLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwBamFileSaveToDb(struct sqlConnection *conn, struct edwBamFile *el, char *tableName, int updateSize) /* Save edwBamFile as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,%u,%d,%d,%lld,%lld,%lld,%lld,%g,%g,%d,%d,%d,%d,%g,%lld,%u)", tableName, el->id, el->fileId, el->isPaired, el->isSortedByTarget, el->readCount, el->readBaseCount, el->mappedCount, el->uniqueMappedCount, el->readSizeMean, el->readSizeStd, el->readSizeMin, el->readSizeMax, el->u4mReadCount, el->u4mUniquePos, el->u4mUniqueRatio, el->targetBaseCount, el->targetSeqCount); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwBamFile *edwBamFileLoad(char **row) /* Load a edwBamFile from row fetched with select * from edwBamFile * from database. Dispose of this with edwBamFileFree(). */ { struct edwBamFile *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->fileId = sqlUnsigned(row[1]); ret->isPaired = sqlSigned(row[2]); ret->isSortedByTarget = sqlSigned(row[3]); ret->readCount = sqlLongLong(row[4]); ret->readBaseCount = sqlLongLong(row[5]); @@ -2969,35 +2969,35 @@ el = edwQaFailLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwQaFailSaveToDb(struct sqlConnection *conn, struct edwQaFail *el, char *tableName, int updateSize) /* Save edwQaFail as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,%u,%u,'%s')", tableName, el->id, el->fileId, el->qaVersion, el->reason); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwQaFail *edwQaFailLoad(char **row) /* Load a edwQaFail from row fetched with select * from edwQaFail * from database. Dispose of this with edwQaFailFree(). */ { struct edwQaFail *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->fileId = sqlUnsigned(row[1]); ret->qaVersion = sqlUnsigned(row[2]); ret->reason = cloneString(row[3]); return ret; } @@ -3126,35 +3126,35 @@ el = edwQaEnrichTargetLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwQaEnrichTargetSaveToDb(struct sqlConnection *conn, struct edwQaEnrichTarget *el, char *tableName, int updateSize) /* Save edwQaEnrichTarget as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,%u,'%s',%u,%lld)", tableName, el->id, el->assemblyId, el->name, el->fileId, el->targetSize); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwQaEnrichTarget *edwQaEnrichTargetLoad(char **row) /* Load a edwQaEnrichTarget from row fetched with select * from edwQaEnrichTarget * from database. Dispose of this with edwQaEnrichTargetFree(). */ { struct edwQaEnrichTarget *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->assemblyId = sqlUnsigned(row[1]); ret->name = cloneString(row[2]); ret->fileId = sqlUnsigned(row[3]); ret->targetSize = sqlLongLong(row[4]); return ret; @@ -3290,35 +3290,35 @@ el = edwQaEnrichLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwQaEnrichSaveToDb(struct sqlConnection *conn, struct edwQaEnrich *el, char *tableName, int updateSize) /* Save edwQaEnrich as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,%u,%u,%lld,%lld,%g,%g,%g)", tableName, el->id, el->fileId, el->qaEnrichTargetId, el->targetBaseHits, el->targetUniqHits, el->coverage, el->enrichment, el->uniqEnrich); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwQaEnrich *edwQaEnrichLoad(char **row) /* Load a edwQaEnrich from row fetched with select * from edwQaEnrich * from database. Dispose of this with edwQaEnrichFree(). */ { struct edwQaEnrich *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->fileId = sqlUnsigned(row[1]); ret->qaEnrichTargetId = sqlUnsigned(row[2]); ret->targetBaseHits = sqlLongLong(row[3]); ret->targetUniqHits = sqlLongLong(row[4]); ret->coverage = sqlDouble(row[5]); @@ -3457,35 +3457,35 @@ el = edwQaContamTargetLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwQaContamTargetSaveToDb(struct sqlConnection *conn, struct edwQaContamTarget *el, char *tableName, int updateSize) /* Save edwQaContamTarget as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,%u)", tableName, el->id, el->assemblyId); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwQaContamTarget *edwQaContamTargetLoad(char **row) /* Load a edwQaContamTarget from row fetched with select * from edwQaContamTarget * from database. Dispose of this with edwQaContamTargetFree(). */ { struct edwQaContamTarget *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->assemblyId = sqlUnsigned(row[1]); return ret; } struct edwQaContamTarget *edwQaContamTargetLoadAll(char *fileName) @@ -3602,35 +3602,35 @@ el = edwQaContamLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwQaContamSaveToDb(struct sqlConnection *conn, struct edwQaContam *el, char *tableName, int updateSize) /* Save edwQaContam as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,%u,%u,%g)", tableName, el->id, el->fileId, el->qaContamTargetId, el->mapRatio); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwQaContam *edwQaContamLoad(char **row) /* Load a edwQaContam from row fetched with select * from edwQaContam * from database. Dispose of this with edwQaContamFree(). */ { struct edwQaContam *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->fileId = sqlUnsigned(row[1]); ret->qaContamTargetId = sqlUnsigned(row[2]); ret->mapRatio = sqlDouble(row[3]); return ret; } @@ -3755,35 +3755,35 @@ el = edwQaRepeatLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwQaRepeatSaveToDb(struct sqlConnection *conn, struct edwQaRepeat *el, char *tableName, int updateSize) /* Save edwQaRepeat as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,%u,'%s',%g)", tableName, el->id, el->fileId, el->repeatClass, el->mapRatio); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwQaRepeat *edwQaRepeatLoad(char **row) /* Load a edwQaRepeat from row fetched with select * from edwQaRepeat * from database. Dispose of this with edwQaRepeatFree(). */ { struct edwQaRepeat *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->fileId = sqlUnsigned(row[1]); ret->repeatClass = cloneString(row[2]); ret->mapRatio = sqlDouble(row[3]); return ret; } @@ -3914,35 +3914,35 @@ el = edwQaPairSampleOverlapLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwQaPairSampleOverlapSaveToDb(struct sqlConnection *conn, struct edwQaPairSampleOverlap *el, char *tableName, int updateSize) /* Save edwQaPairSampleOverlap as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,%u,%u,%lld,%lld,%lld,%g)", tableName, el->id, el->elderFileId, el->youngerFileId, el->elderSampleBases, el->youngerSampleBases, el->sampleOverlapBases, el->sampleSampleEnrichment); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwQaPairSampleOverlap *edwQaPairSampleOverlapLoad(char **row) /* Load a edwQaPairSampleOverlap from row fetched with select * from edwQaPairSampleOverlap * from database. Dispose of this with edwQaPairSampleOverlapFree(). */ { struct edwQaPairSampleOverlap *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->elderFileId = sqlUnsigned(row[1]); ret->youngerFileId = sqlUnsigned(row[2]); ret->elderSampleBases = sqlLongLong(row[3]); ret->youngerSampleBases = sqlLongLong(row[4]); ret->sampleOverlapBases = sqlLongLong(row[5]); @@ -4081,35 +4081,35 @@ el = edwQaPairCorrelationLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwQaPairCorrelationSaveToDb(struct sqlConnection *conn, struct edwQaPairCorrelation *el, char *tableName, int updateSize) /* Save edwQaPairCorrelation as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,%u,%u,%g,%g,%g)", tableName, el->id, el->elderFileId, el->youngerFileId, el->pearsonInEnriched, el->pearsonOverall, el->pearsonClipped); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwQaPairCorrelation *edwQaPairCorrelationLoad(char **row) /* Load a edwQaPairCorrelation from row fetched with select * from edwQaPairCorrelation * from database. Dispose of this with edwQaPairCorrelationFree(). */ { struct edwQaPairCorrelation *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->elderFileId = sqlUnsigned(row[1]); ret->youngerFileId = sqlUnsigned(row[2]); ret->pearsonInEnriched = sqlDouble(row[3]); ret->pearsonOverall = sqlDouble(row[4]); ret->pearsonClipped = sqlDouble(row[5]); @@ -4247,35 +4247,35 @@ el = edwQaPairedEndFastqLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwQaPairedEndFastqSaveToDb(struct sqlConnection *conn, struct edwQaPairedEndFastq *el, char *tableName, int updateSize) /* Save edwQaPairedEndFastq as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,%u,%u,%g,%g,%g,%g,%g,%d)", tableName, el->id, el->fileId1, el->fileId2, el->concordance, el->distanceMean, el->distanceStd, el->distanceMin, el->distanceMax, el->recordComplete); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwQaPairedEndFastq *edwQaPairedEndFastqLoad(char **row) /* Load a edwQaPairedEndFastq from row fetched with select * from edwQaPairedEndFastq * from database. Dispose of this with edwQaPairedEndFastqFree(). */ { struct edwQaPairedEndFastq *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->fileId1 = sqlUnsigned(row[1]); ret->fileId2 = sqlUnsigned(row[2]); ret->concordance = sqlDouble(row[3]); ret->distanceMean = sqlDouble(row[4]); ret->distanceStd = sqlDouble(row[5]); @@ -4425,35 +4425,35 @@ el = edwQaWigSpotLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwQaWigSpotSaveToDb(struct sqlConnection *conn, struct edwQaWigSpot *el, char *tableName, int updateSize) /* Save edwQaWigSpot as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,%u,%u,%g,%g,%lld,%lld,%g,%g)", tableName, el->id, el->wigId, el->spotId, el->spotRatio, el->enrichment, el->basesInGenome, el->basesInSpots, el->sumSignal, el->spotSumSignal); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwQaWigSpot *edwQaWigSpotLoad(char **row) /* Load a edwQaWigSpot from row fetched with select * from edwQaWigSpot * from database. Dispose of this with edwQaWigSpotFree(). */ { struct edwQaWigSpot *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->wigId = sqlUnsigned(row[1]); ret->spotId = sqlUnsigned(row[2]); ret->spotRatio = sqlDouble(row[3]); ret->enrichment = sqlDouble(row[4]); ret->basesInGenome = sqlLongLong(row[5]); @@ -4612,35 +4612,35 @@ el = edwQaDnaseSingleStats5mLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwQaDnaseSingleStats5mSaveToDb(struct sqlConnection *conn, struct edwQaDnaseSingleStats5m *el, char *tableName, int updateSize) /* Save edwQaDnaseSingleStats5m as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,%u,%u,%g,%g,%lld,%lld,%g,%g,'%s','%s',%d,%g,%d,%g,%g,%g,%d)", tableName, el->id, el->fileId, el->sampleReads, el->spotRatio, el->enrichment, el->basesInGenome, el->basesInSpots, el->sumSignal, el->spotSumSignal, el->estFragLength, el->corrEstFragLen, el->phantomPeak, el->corrPhantomPeak, el->argMinCorr, el->minCorr, el->nsc, el->rsc, el->rscQualityTag); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwQaDnaseSingleStats5m *edwQaDnaseSingleStats5mLoad(char **row) /* Load a edwQaDnaseSingleStats5m from row fetched with select * from edwQaDnaseSingleStats5m * from database. Dispose of this with edwQaDnaseSingleStats5mFree(). */ { struct edwQaDnaseSingleStats5m *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->fileId = sqlUnsigned(row[1]); ret->sampleReads = sqlUnsigned(row[2]); ret->spotRatio = sqlDouble(row[3]); ret->enrichment = sqlDouble(row[4]); ret->basesInGenome = sqlLongLong(row[5]); @@ -4830,35 +4830,35 @@ el = edwJobLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwJobSaveToDb(struct sqlConnection *conn, struct edwJob *el, char *tableName, int updateSize) /* Save edwJob as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,'%s',%lld,%lld,'%s',%d,%d)", tableName, el->id, el->commandLine, el->startTime, el->endTime, el->stderr, el->returnCode, el->pid); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwJob *edwJobLoad(char **row) /* Load a edwJob from row fetched with select * from edwJob * from database. Dispose of this with edwJobFree(). */ { struct edwJob *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->commandLine = cloneString(row[1]); ret->startTime = sqlLongLong(row[2]); ret->endTime = sqlLongLong(row[3]); ret->stderr = cloneString(row[4]); ret->returnCode = sqlSigned(row[5]); @@ -5004,35 +5004,35 @@ el = edwSubmitJobLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } void edwSubmitJobSaveToDb(struct sqlConnection *conn, struct edwSubmitJob *el, char *tableName, int updateSize) /* Save edwSubmitJob as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { -struct dyString *update = newDyString(updateSize); +struct dyString *update = dyStringNew(updateSize); sqlDyStringPrintf(update, "insert into %s values ( %u,'%s',%lld,%lld,'%s',%d,%d)", tableName, el->id, el->commandLine, el->startTime, el->endTime, el->stderr, el->returnCode, el->pid); sqlUpdate(conn, update->string); -freeDyString(&update); +dyStringFree(&update); } struct edwSubmitJob *edwSubmitJobLoad(char **row) /* Load a edwSubmitJob from row fetched with select * from edwSubmitJob * from database. Dispose of this with edwSubmitJobFree(). */ { struct edwSubmitJob *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->commandLine = cloneString(row[1]); ret->startTime = sqlLongLong(row[2]); ret->endTime = sqlLongLong(row[3]); ret->stderr = cloneString(row[4]); ret->returnCode = sqlSigned(row[5]);